- Add support for Python 3.11.
Revamp handling of query string and form decoding in
The previous approach was to tell underlying libraries to decode inputs using ISO-8859-1, then re-encode as ISO-8859-1 and decode using an encoding deduced from the
Accept-Charsetrequest header. However, this didn’t make much conceptual sense (since
Accept-Charsetdefines the preferred response encoding), and it made it impossible to handle cases where the encoding was specified as something other than ISO-8859-1 in the request (which might even be on a per-item basis, in the case of
We now only perform the dubious
Accept-Charsetguessing for query strings; in other cases we let
multipartdetermine the encoding, defaulting to UTF-8 as per the HTML specification. For cases where applications need to specify some other default form encoding,
BrowserRequestsubclasses can now set
See issue 65.
Add support for Python 3.10.
- Avoid traceback reference cycle in
- Handle empty Content-Type environment variable gracefully.
- Fix test compatibility with zope.interface 5.4.
- Port form data parsing to
multipart, which is a new dependency. See issue 39. Note that as a result
FileUploadobjects no longer have a
nameattribute couldn’t be used in portable code in any case, and the usual methods on open files should be used instead.
- Add support for Python 3.9.
- Fix text/bytes handling on Python 3 for some response edge cases. See pull request 51.
- Add support for Python 3.8.
- Ensure all objects have a consistent interface resolution order. See issue 49.
- Drop support for the deprecated
python setup.py testcommand.
- Avoid using
urllib.parse.splitport()which was deprecated in Python 3.8. See issue 38
- Fix a
- Backwards incompatible change: Remove
zope.publisher.tests.httprequest. It is not used inside this package and was never ported to Python 3. Fixes https://github.com/zopefoundation/zope.publisher/issues/4.
- Add support for Python 3.7 and PyPy3.
- Drop support for Python 3.3.
XMLRPCResponsehaving a str body (instead of a bytes body) which could lead to
TypeErroron Python 3. See issue 26.
- Fix instances of
BrowserRequest) being unexpectedly
Falseon Python 3 by defining
__bool__. Such instances were always
Trueon Python 2. See issue 18.
Add support for Python 3.6.
Accept both new and old locations for
zope.publisher.publisher.unwrapMethod. This restores compatibility with Products.PythonScripts, where parameters were not extracted. [maurits, thet, MatthewWilkes]
Fix file uploads on python 3.4 and up. cgi.FieldStorage explicitly closes files when it is garbage collected. For details, see:
We now keep a reference to the FieldStorage till we are finished processing the request.
Fix POST with large values on Python 3. Related to cgi.FieldStorage doing the decoding in Python 3. See pull 16.
- Add support for Python 3.5.
- Drop support for Python 2.6 and 3.2.
- Emit HTTP response headers in a deterministic order (GH #8).
- Add support for Python 3.2.
- Add support for PyPy and PyPy3.
- Add support for Python 3.4.
- Enable testing on Travis.
response.redirect()to ease debugging untrusted redirects.
- Support UTF-8-encoding application/json responses returned as Unicode.
- Add YAML for travis-ci.
- Return bytes from
PrincipalLogging.getLogMessageinstead of unicode.
- Use BytesIO in
zope.component.adaptsusage with equivalent
zope.interface.implementsusage with equivalent
Drop support for Python 2.4, 2.5 and pypy.
Add support for Python 3.3.
with interaction()in try/finally.
Don’t guess the content type with 304 responses which MUST NOT / SHOULD NOT include it according to: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.5
Unfortunately, the content type will still be guessed if the result is set before the status.
- Fix error when no charset matches form data and HTTP_ACCEPT_CHARSET contains a
- Add test convenience helper
- Upload a non-CRLF version to pypi.
- Rename the
- Add a test for our own configure.zcml.
- Use UTF-8 as the charset if the browser does not set a header, per W3C spec.
- LP #131460: Make principal logging unicode safe.
- Remove use of string exceptions in tests, http://bugs.debian.org/585343
StartRequestEventfor use in
zope.app.publication(matching up with
EndRequestEvent). Includes refactoring to produce one definition of ‘event with a request’ - IRequestEvent.
- LP #209440: Don’t obscure original exception when handling retries
handleErrors == False. This change makes debugging such exception in unit tests easier. Thanks to James Henstridge for the patch.
- LP #98395: allow unicode output of XML content whose mimetype does not
text/, per RFC 3023 as well as for content types ending in
+xmlsuch as Mozilla XUL’s
application/vnd+xml. Thanks to Justin Ryan for the patch.
- Remove use of
zope.testing.doctestunitin favor of stdlib’s
- Fix bug where xml-rpc requests would hang when served using
- Ensure that
BaseRequest.traversedoes not call traversal hooks on elements previously traversed but wrapped in a security proxy.
- Revert change done in 3.6.2, removing the
zope.authenticationdependency again. Move the
FTPAuthadapters to the new
- Declare minimum dependency on
zope.contenttype3.5 (omitted in 3.10).
- Move the implementation of
zope.contenttype.parse, leaving BBB imports and moving tests along.
zope.contenttypeis a new but light-weight dependency of this package.
- Support Python 2.6 by keeping QUERY_STRING out of request.form if the method is a POST. The original QUERY_STRING is still available if further processing is needed.
- Better support the zcml
defaultSkindirective’s behavior (registering an interface as a default skin) in the
- Fix the check for untrusted redirects introduced in 3.9.0 so it works with virtual hosting.
- Make redirect validation works without HTTP_HOST variable.
- Add DoNotReRaiseException adapter that can be registered
for exceptions to flag that they should not be re-raised by
handle_errorsparameter of the
publishmethod is False.
- Convert a location, passed to a redirect method of HTTPRequest to string before checking for trusted host redirection, because a location object may be some non-string convertable to string, like URLGetter.
Move some parts of
zope.app.publisherinto this package during
IModifiableUserPreferredLanguagesadapter for requests
IXMLRPCViewand like interfaces
- security ZCML declarations for some of
IReRaiseExceptioninterface. If during publishing an exception occurs and for this exception an adapter is available that returns
Falseon being called, the exception won’t be reraised by the publisher. This happens only if
handle_errorsparameter of the
publish()method is set to
False. Fixes problems when acting in a WSGI pipeline with a debugger middleware enabled.
See https://bugs.launchpad.net/grok/+bug/332061 for details.
Fix #98471: Restrict redirects to current host. This causes a ValueError to be raised in the case of redirecting to a different host. If this is intentional, the parameter
trustedcan be given.
Move dependency on
Add a fix for Internet Explorer versions which upload files with full filesystem paths as filenames.
zope.app.http, fixing dependency cycles involving
- Move the
DefaultViewNameAPI here from
zope.app.publisher.browser, making it accessible to other packages that need it.
zope.browser.interfaces, leaving BBB imports.
- Add some BBB code to setDefaultSkin to allow IBrowserRequest’s to continue to work without configuring any special adapter for IDefaultSkin.
getDefaultSkinto the skinnable module next to the
setDefaultSkinmethod, leaving a BBB import in place. Mark
IBrowserSkinTypein code instead of relying on the ZCML to be loaded.
- Mark HTTPRequest as IAttributeAnnotatable if
zope.annotationis available, this was previously done by
IUserPreferredCharsetsadapter in ZCML configuration. This was also previously done by
Add an adapter from
zope.publisher.interfaces.logginginfo.ILoggingInfo. It was moved from
zope.app.securityas a part of refactoring process.
Add adapters from HTTP and FTP request to
zope.authentication.ILoginPasswordinterface. They are moved from
zope.app.securityas a part of refactoring process. This change adds a dependency on the
zope.authenticationpackage, but it’s okay, since it’s a tiny contract definition-only package.
See http://mail.zope.org/pipermail/zope-dev/2009-March/035325.html for reasoning.
- Fix: remove IBrowserRequest dependency in http implementation based on condition for setDefaultSkin. Use ISkinnable instead of IBrowserRequest.
Clean-up: Move skin related code from zope.publisher.interfaces.browser and zope.publisher.browser to zope.publihser.interfaces and zope.publisher.skinnable and provide BBB imports. See skinnable.txt for more information.
Fix: ensure that we only apply skin interface in setDefaultSkin which also provide IBrowserSkinType. This will ensure that we find a skin if the applySkin method will lookup for a skin based on this type interface.
Fix: Make it possible to use adapters and not only interfaces as skins from the adapter registry. Right now the defaultSkin directive registers simple interfaces as skin adapters which will run into a TypeError if someone tries to adapter such a skin adapter. Probably we should change the defaultSkin directive and register real adapters instead of using the interfaces as fake adapters where we expect adapter factories.
Feature: allow use of
applySkinofwith different skin types using the optional
skinTypeargument, which is by default set to
Feature: implement the default skin pattern within adapters. This allows us to register default skins for other requests then only
ISkinTypeand the skin implementation should be moved out of the browser request modules. Packages like
z3c.jsonrpcdo not depend on
IBrowserRequestbut they are skinnable.
ISkinnableinterface which allows us to implement the apply skin pattern not only for
Fix: Don’t cause warnings on Python 2.6
zope.component.interfaces. Stop inheriting from deprecated (for years) interfaces defined in
Remove deprecated code.
zope.testingfrom extras to dependencies, per Zope Framework policy. Remove
zope.app.testingas a dependency: tests run fine without it.
- Fix an untested code path that incorrectly attempted to construct a
NotFound, adding a test.
- LP #322486:
setStatus()now allows any
int()-able status value.
- LP #98440: interfaces lost on retried request
- LP #273296: dealing more nicely with malformed HTTP_ACCEPT_LANGUAGE headers within getPreferredLanguages().
- LP #253362: dealing more nicely with malformed HTTP_ACCEPT_CHARSET headers within getPreferredCharsets().
- LP #98284: Pass the
sizeargument to readline, as the version of twisted used in zope.app.twisted supports it.
- Fix the LP #98284 fix: do not pass
sizeargument of None that causes cStringIO objects to barf with a TypeError.
- It turns out that some Web servers (Paste for example) do not send the EOF character after the data has been transmitted and the read() of the cached stream simply hangs if no expected content length has been specified.
A previous fix to handle posting of non-form data broke handling of form data with extra information in the content type, as in:
When posting non-form (and non-multipart) data, the request body was consumed and discarded. This makes it impossible to deal with other post types, like xml-rpc or json without resorting to overly complex “request factory” contortions.
zope.publisher.http.HTTPCharsetswas confused by the Zope 2 publisher, which gives misleading information about which headers it has.
- Added a PasteDeploy app_factory implementation. This should make it easier to integrate Zope 3 applications with PasteDeploy. It also makes it easier to control the publication used, giving far greater control over application policies (e.g. whether or not to use the ZODB).
- Made segmentation of URLs not strip (trailing) whitespace from path segments to allow URLs ending in %20 to be handled correctly. (#172742)
No changes since 3.4.1b2.
- Add support for Python 2.5.
- Fix a problem with
request.get()when the object that’s to be retrieved is the request itself.
- LP #122054:
HTTPInputStreamunderstands both the CONTENT_LENGTH and HTTP_CONTENT_LENGTH environment variables. It is also now tolerant of empty strings and will treat those as if the variable were absent.
- Fix caching issue. The input stream never got cached in a temp file
because of a wrong content-length header lookup. Added CONTENT_LENGTH
header check in addition to the previous used HTTP_CONTENT_LENGTH. The
HTTP_prefix is sometimes added by some CGI proxies, but CONTENT_LENGTH is the right header info for the size.
- LP #98413:
HTTPResponse.handleExceptionshould set the content type
Initial release as a separate project, corresponds to zope.publisher from Zope 3.4.0a1