Merge pull request #2755 from rouge8/tab-switching-backport

Backport 7872d0acbffeea5f4420aae5627f8767c6418ba3 to 2.4.x
author: Xavier Ordoquy 2015-04-08 23:17:12 +0200
committer: Xavier Ordoquy 2015-04-08 23:17:12 +0200
commit: 58f9603f703138cbd6749c64dd7da2d41468fc99 (patch)
tree: 54d86b4212027658c0b21a2a399d26e822d7dbcb
parent: 67ae6b2552324ae25f31e71451ce6ff3cf2b79e4 (diff)
parent: 2a6f25c5f9d45cfe04e93e0421ff8982e29986f6 (diff)
download: django-rest-framework-58f9603f703138cbd6749c64dd7da2d41468fc99.tar.bz2
5 files changed, 15 insertions, 3 deletions
diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index 11d12ae3..9879c466 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -40,6 +40,12 @@ You can determine your currently installed version using `pip freeze`:
 
 ## 2.4.x series
 
+### 2.4.5
+
+**Date**: 24 March 2015
+
+* **Security fix**: Escape tab switching cookie name in browsable API. [Backported from 3.1.1](http://www.django-rest-framework.org/topics/release-notes/#311).
+
 ### 2.4.4
 
 **Date**: [3rd November 2014](https://github.com/tomchristie/django-rest-framework/issues?q=milestone%3A%222.4.4+Release%22+).
diff --git a/requirements-test.txt b/requirements-test.txt
index 411daeba..2880f5a9 100644
--- a/requirements-test.txt
+++ b/requirements-test.txt
@@ -2,7 +2,8 @@
 pytest-django==2.6
 pytest==2.5.2
 pytest-cov==1.6
-flake8==2.2.2
+pep8==1.5.7
+flake8==2.4.0
 
 # Optional packages
 markdown>=2.1.0
diff --git a/rest_framework/__init__.py b/rest_framework/__init__.py
index 15b12d9b..53019097 100644
--- a/rest_framework/__init__.py
+++ b/rest_framework/__init__.py
@@ -8,7 +8,7 @@ ______ _____ _____ _____    __
 """
 
 __title__ = 'Django REST framework'
-__version__ = '2.4.4'
+__version__ = '2.4.5'
 __author__ = 'Tom Christie'
 __license__ = 'BSD 2-Clause'
 __copyright__ = 'Copyright 2011-2014 Tom Christie'
diff --git a/rest_framework/static/rest_framework/js/default.js b/rest_framework/static/rest_framework/js/default.js
index bcb1964d..f04e5569 100644
--- a/rest_framework/static/rest_framework/js/default.js
+++ b/rest_framework/static/rest_framework/js/default.js
@@ -44,6 +44,10 @@ var selectedTab = null;
 var selectedTabName = getCookie('tabstyle');
 
 if (selectedTabName) {
+    selectedTabName = selectedTabName.replace(/[^a-z-]/g, '');
+}
+
+if (selectedTabName) {
     selectedTab = $('.form-switcher a[name=' + selectedTabName + ']');
 }
 
diff --git a/tox.ini b/tox.ini
index b3f53cce..0e17ca51 100644
--- a/tox.ini
+++ b/tox.ini
@@ -15,7 +15,8 @@ setenv =
 [testenv:flake8]
 basepython = python2.7
 deps = pytest==2.5.2
-       flake8==2.2.2
+       pep8==1.5.7
+       flake8==2.4.0
 commands = ./runtests.py --lintonly
 
 [testenv:py3.4-django1.7]
author	Xavier Ordoquy	2015-04-08 23:17:12 +0200
committer	Xavier Ordoquy	2015-04-08 23:17:12 +0200
commit	58f9603f703138cbd6749c64dd7da2d41468fc99 (patch)
tree	54d86b4212027658c0b21a2a399d26e822d7dbcb
parent	67ae6b2552324ae25f31e71451ce6ff3cf2b79e4 (diff)
parent	2a6f25c5f9d45cfe04e93e0421ff8982e29986f6 (diff)
download	django-rest-framework-58f9603f703138cbd6749c64dd7da2d41468fc99.tar.bz2