Merge branch '0.8-maintenance' of github.com:mitsuhiko/werkzeug into …

…0.8-maintenance

CHANGES

@@ -13,6 +13,10 @@ Version 0.8.4
   context local objects on a stack with context preservation
   on errors.
 - Fixed an issue with scolling up in the debugger.
+- Fixed a problem with proxies not forwarding some rarely
+  used special methods properly.
+- Added a workaround to prevent the XSS protection from Chrome
+  breaking the debugger.
 
 Version 0.8.3
 -------------
@@ -28,14 +32,15 @@ Version 0.8.3
   (affects bool caching).
 - Fixed an XSS problem with redirect targets coming from
   untrusted sources.
+- Redis cache backend now supports password authentication.
 
 Version 0.8.2
 -------------
 
 (bugfix release, released on December 16th 2011)
 
 - Fixed a problem with request handling of the builtin server
-  not repsonding to socket errors properly.
+  not responding to socket errors properly.
 - The routing request redirect exception's code attribute is now
   used properly.
 - Fixed a bug with shutdowns on Windows.
@@ -80,7 +85,7 @@ Released on September 29th 2011, codename Lötkolben
   with missing nc and nonce params.
 - Proxy fix now also updates wsgi.url_scheme based on X-Forwarded-Proto.
 - Added support for key prefixes to the redis cache.
-- Added the ability to supress some auto corrections in the wrappers
+- Added the ability to suppress some auto corrections in the wrappers
   that are now controlled via `autocorrect_location_header` and
   `automatically_set_content_length` on the response objects.
 - Werkzeug now uses a new method to check that the length of incoming
@@ -139,7 +144,7 @@ Released on July 24th 2011, codename Schraubschlüssel
   generated component contains a colon.
 - :func:`werkzeug.import_string` now works with partially set up
   packages properly.
-- Disabled automatic socket swiching for IPv6 on the development
+- Disabled automatic socket switching for IPv6 on the development
   server due to problems it caused.
 - Werkzeug no longer overrides the Date header when creating a
   conditional HTTP response.
@@ -155,7 +160,7 @@ Released on July 24th 2011, codename Schraubschlüssel
 - Fixed a problem with external URL generation discarding the port.
 - Added support for pylibmc to the Werkzeug cache abstraction layer.
 - Fixed an issue with the new multipart parser that happened when
-  a linebreak happend to be on the chunk limit.
+  a linebreak happened to be on the chunk limit.
 - Cookies are now set properly if ports are in use.  A runtime error
   is raised if one tries to set a cookie for a domain without a dot.
 - Fixed an issue with Template.from_file not working for file
@@ -179,7 +184,7 @@ Released on July 24th 2011, codename Schraubschlüssel
   the Python 3 version will later change in that it will always
   operate on latin1 values.
 - Fixed a bug in the form parser that caused the last character to
-  be dropped off if certain values in multipart data is used.
+  be dropped off if certain values in multipart data are used.
 - Multipart parser now looks at the part-individual content type
   header to override the global charset.
 - Introduced mimetype and mimetype_params attribute for the file
@@ -216,7 +221,7 @@ Released on July 24th 2011, codename Schraubschlüssel
 - Added support for parsing of the `Range` header
   (:func:`werkzeug.http.parse_range_header` and
   :class:`werkzeug.datastructures.Range`).
-- Added support for parsing of the `Content-Range` header of respones
+- Added support for parsing of the `Content-Range` header of responses
   and provided an accessor object for it
   (:func:`werkzeug.http.parse_content_range_header` and
   :class:`werkzeug.datastructures.ContentRange`).
@@ -243,7 +248,7 @@ Version 0.6.1
   if no method is provided.
 - added proper IPv6 support for the builtin server.
 - windows specific filesystem session store fixes.
-  (should no be more stable under high concurrency)
+  (should now be more stable under high concurrency)
 - fixed a `NameError` in the session system.
 - fixed a bug with empty arguments in the werkzeug.script system.
 - fixed a bug where log lines will be duplicated if an application uses
@@ -341,7 +346,7 @@ Version 0.5.1
 - file upload streams no longer have to provide a truncate()
   method.
 - implemented :meth:`BaseRequest._form_parsing_failed`.
-- fixed #394 
+- fixed #394
 - :meth:`ImmutableDict.copy`, :meth:`ImmutableMultiDict.copy` and
   :meth:`ImmutableTypeConversionDict.copy` return mutable shallow
   copies.
@@ -415,7 +420,7 @@ Released on April 24th, codename Schlagbohrer.
 - added :mod:`werkzeug.contrib.lint`
 - added `passthrough_errors` to `run_simple`.
 - added `secure_filename`
-- added :func:`make_line_iter` 
+- added :func:`make_line_iter`
 - :class:`MultiDict` copies now instead of revealing internal
   lists to the caller for `getlist` and iteration functions that
   return lists.

docs/exceptions.rst

@@ -128,7 +128,7 @@ If you want to add an error yourself you can subclass :exc:`HTTPException`::
 
     from werkzeug.exceptions import HTTPException
 
-    class PaymentRequred(HTTPException):
+    class PaymentRequired(HTTPException):
         code = 402
         description = '<p>Payment required.</p>'
 

werkzeug/contrib/cache.py

@@ -463,9 +463,13 @@ class RedisCache(BaseCache):
     .. versionchanged:: 0.8
        This cache backend now properly serializes objects.
 
+    .. versionchanged:: 0.8.3
+       This cache backend now supports password authentication.
+
     :param host: address of the Redis server or an object which API is
                  compatible with the official Python Redis client (redis-py).
-    :param port: port number on which Redis server listens for connections
+    :param port: port number on which Redis server listens for connections.
+    :param password: password authentication for the Redis server.
     :param default_timeout: the default timeout that is used if no timeout is
                             specified on :meth:`~BaseCache.set`.
     :param key_prefix: A prefix that should be added to all keys.

werkzeug/debug/__init__.py

@@ -102,7 +102,10 @@ def debug_application(self, environ, start_response):
 
             try:
                 start_response('500 INTERNAL SERVER ERROR', [
-                    ('Content-Type', 'text/html; charset=utf-8')
+                    ('Content-Type', 'text/html; charset=utf-8'),
+                    # Disable Chrome's XSS protection, the debug
+                    # output can cause false-positives.
+                    ('X-XSS-Protection', '0'),
                 ])
             except Exception:
                 # if we end up here there has been output but an error

werkzeug/exceptions.py

@@ -424,6 +424,17 @@ class ImATeapot(HTTPException):
     description = (
         '<p>This server is a teapot, not a coffee machine'
     )
+
+class UnprocessableEntity(HTTPException):
+    """*422* `Unprocessable Entity`
+
+    Used if the request is well formed, but the instructions are otherwise
+    incorrect.
+    """
+    code = 422
+    description = (
+        '<p>The request was well-formed but was unable to be followed due to semantic errors.'
+    )    
 
 
 class InternalServerError(HTTPException):

werkzeug/local.py

@@ -389,6 +389,6 @@ def __delslice__(self, i, j):
     __oct__ = lambda x: oct(x._get_current_object())
     __hex__ = lambda x: hex(x._get_current_object())
     __index__ = lambda x: x._get_current_object().__index__()
-    __coerce__ = lambda x, o: x.__coerce__(x, o)
-    __enter__ = lambda x: x.__enter__()
-    __exit__ = lambda x, *a, **kw: x.__exit__(*a, **kw)
+    __coerce__ = lambda x, o: x._get_current_object().__coerce__(x, o)
+    __enter__ = lambda x: x._get_current_object().__enter__()
+    __exit__ = lambda x, *a, **kw: x._get_current_object().__exit__(*a, **kw)

werkzeug/testsuite/exceptions.py

@@ -48,6 +48,7 @@ def test_aborter(self):
         self.assert_raises(exceptions.RequestEntityTooLarge, abort, 413)
         self.assert_raises(exceptions.RequestURITooLarge, abort, 414)
         self.assert_raises(exceptions.UnsupportedMediaType, abort, 415)
+        self.assert_raises(exceptions.UnprocessableEntity, abort, 422)
         self.assert_raises(exceptions.InternalServerError, abort, 500)
         self.assert_raises(exceptions.NotImplemented, abort, 501)
         self.assert_raises(exceptions.BadGateway, abort, 502)