Merge remote-tracking branch 'origin/stable'

davidism · davidism · commit 22c48a738b5f · 2024-11-13T08:43:48.000-08:00
diff --git a/docs/tutorial/database.rst b/docs/tutorial/database.rst
@@ -37,6 +37,7 @@ response is sent.
     :caption: ``flaskr/db.py``
 
     import sqlite3
+    from datetime import datetime
 
     import click
     from flask import current_app, g
@@ -132,6 +133,11 @@ Add the Python functions that will run these SQL commands to the
         init_db()
         click.echo('Initialized the database.')
 
+
+    sqlite3.register_converter(
+        "timestamp", lambda v: datetime.fromisoformat(v.decode())
+    )
+
 :meth:`open_resource() <Flask.open_resource>` opens a file relative to
 the ``flaskr`` package, which is useful since you won't necessarily know
 where that location is when deploying the application later. ``get_db``
@@ -142,6 +148,10 @@ read from the file.
 that calls the ``init_db`` function and shows a success message to the
 user. You can read :doc:`/cli` to learn more about writing commands.
 
+The call to :func:`sqlite3.register_converter` tells Python how to
+interpret timestamp values in the database. We convert the value to a
+:class:`datetime.datetime`.
+
 
 Register with the Application
 -----------------------------
diff --git a/examples/celery/pyproject.toml b/examples/celery/pyproject.toml
@@ -3,8 +3,8 @@ name = "flask-example-celery"
 version = "1.0.0"
 description = "Example Flask application with Celery background tasks."
 readme = "README.md"
-requires-python = ">=3.8"
-dependencies = ["flask>=2.2.2", "celery[redis]>=5.2.7"]
+classifiers = ["Private :: Do Not Upload"]
+dependencies = ["flask", "celery[redis]"]
 
 [build-system]
 requires = ["flit_core<4"]
diff --git a/examples/javascript/LICENSE.txt b/examples/javascript/LICENSE.txt
diff --git a/examples/javascript/pyproject.toml b/examples/javascript/pyproject.toml
@@ -3,8 +3,9 @@ name = "js_example"
 version = "1.1.0"
 description = "Demonstrates making AJAX requests to Flask."
 readme = "README.rst"
-license = {file = "LICENSE.rst"}
+license = {file = "LICENSE.txt"}
 maintainers = [{name = "Pallets", email = "contact@palletsprojects.com"}]
+classifiers = ["Private :: Do Not Upload"]
 dependencies = ["flask"]
 
 [project.urls]
diff --git a/examples/javascript/tests/test_js_example.py b/examples/javascript/tests/test_js_example.py
@@ -5,7 +5,7 @@
 @pytest.mark.parametrize(
     ("path", "template_name"),
     (
-        ("/", "xhr.html"),
+        ("/", "fetch.html"),
         ("/plain", "xhr.html"),
         ("/fetch", "fetch.html"),
         ("/jquery", "jquery.html"),
diff --git a/examples/tutorial/LICENSE.txt b/examples/tutorial/LICENSE.txt
diff --git a/examples/tutorial/flaskr/db.py b/examples/tutorial/flaskr/db.py
@@ -1,4 +1,5 @@
 import sqlite3
+from datetime import datetime
 
 import click
 from flask import current_app
@@ -44,6 +45,9 @@ def init_db_command():
     click.echo("Initialized the database.")
 
 
+sqlite3.register_converter("timestamp", lambda v: datetime.fromisoformat(v.decode()))
+
+
 def init_app(app):
     """Register database functions with the Flask app. This is called by
     the application factory.
diff --git a/examples/tutorial/pyproject.toml b/examples/tutorial/pyproject.toml
@@ -3,8 +3,9 @@ name = "flaskr"
 version = "1.0.0"
 description = "The basic blog app built in the Flask tutorial."
 readme = "README.rst"
-license = {text = "BSD-3-Clause"}
+license = {file = "LICENSE.txt"}
 maintainers = [{name = "Pallets", email = "contact@palletsprojects.com"}]
+classifiers = ["Private :: Do Not Upload"]
 dependencies = [
     "flask",
 ]
diff --git a/src/flask/helpers.py b/src/flask/helpers.py
@@ -547,7 +547,8 @@ def download_file(name):
     raises a 404 :exc:`~werkzeug.exceptions.NotFound` error.
 
     :param directory: The directory that ``path`` must be located under,
-        relative to the current application's root path.
+        relative to the current application's root path. This *must not*
+        be a value provided by the client, otherwise it becomes insecure.
     :param path: The path to the file to send, relative to
         ``directory``.
     :param kwargs: Arguments to pass to :func:`send_file`.

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`@pytest.mark.parametrize(`
`6`	`6`	`("path", "template_name"),`
`7`	`7`	`(`
`8`		`- ("/", "xhr.html"),`
	`8`	`+ ("/", "fetch.html"),`
`9`	`9`	`("/plain", "xhr.html"),`
`10`	`10`	`("/fetch", "fetch.html"),`
`11`	`11`	`("/jquery", "jquery.html"),`