Changes ======= Version 1.2.1 ------------- Released 2023-10-02 - Fix a bug introduced with :pr:`556` where file validators were editing the file fields content. :pr:`578` Version 1.2.0 ------------- Released 2023-10-01 - Add field ``MultipleFileField``. ``FileRequired``, ``FileAllowed``, ``FileSize`` now can be used to validate multiple files :pr:`556` :issue:`338` Version 1.1.2 ------------- Released 2023-09-29 - Fixed Flask 2.3 deprecations of ``werkzeug.urls.url_encode`` and ``flask.Markup`` :pr:`565` :issue:`561` - Stop support for python 3.7 :pr:`574` - Use `pyproject.toml` instead of `setup.cfg` :pr:`576` - Fixed nested blueprint CSRF exemption :pr:`572` Version 1.1.1 ------------- Released 2023-01-17 - Fixed `validate` `extra_validators` parameter. :pr:`548` Version 1.1.0 ------------- Released 2023-01-15 - Drop support for Python 3.6. - ``validate_on_submit`` takes a ``extra_validators`` parameters :pr:`479` - Stop supporting Flask-Babelex :pr:`540` - Support for python 3.11 :pr:`542` - Remove unused call to `JSONEncoder` :pr:`536` Version 1.0.1 ------------- Released 2022-03-31 - Update compatibility with the latest Werkzeug release. :issue:`511` Version 1.0.0 -------------- Released 2021-11-07 - Deprecated items removal :pr:`484` - Support for alternatives captcha services :pr:`425` :pr:`342` :pr:`387` :issue:`384` Version 0.15.1 -------------- Released 2021-05-25 - Add ``python_requires`` metadata to avoid installing on unsupported Python versions. :pr:`442` Version 0.15.0 -------------- Released 2021-05-24 - Drop support for Python < 3.6. :pr:`416` - ``FileSize`` validator. :pr:`307, 365` - Extra requirement ``email`` installs the ``email_validator`` package. :pr:`423` - Fixed Flask 2.0 warnings. :pr:`434` - Various documentation fixes. :pr:`315, 321, 335, 344, 386, 400`, :pr:`404, 420, 437` - Various CI fixes. :pr:`405, 438` Version 0.14.3 -------------- Released 2020-02-06 - Fix deprecated imports from ``werkzeug`` and ``collections``. Version 0.14.2 -------------- Released 2017-01-10 - Fix bug where ``FlaskForm`` assumed ``meta`` argument was not ``None`` if it was passed. :issue:`278` Version 0.14.1 -------------- Released 2017-01-10 - Fix bug where the file validators would incorrectly identify an empty file as valid data. :issue:`276`, :pr:`277` - ``FileField`` is no longer deprecated. The data is checked during processing and only set if it's a valid file. - ``has_file`` *is* deprecated; it's now equivalent to ``bool(field.data)``. - ``FileRequired`` and ``FileAllowed`` work with both the Flask-WTF and WTForms ``FileField`` classes. - The ``Optional`` validator now works with ``FileField``. Version 0.14 ------------ Released 2017-01-06 - Use ItsDangerous to sign CSRF tokens and check expiration instead of doing it ourselves. :issue:`264` - All tokens are URL safe, removing the ``url_safe`` parameter from ``generate_csrf``. :issue:`206` - All tokens store a timestamp, which is checked in ``validate_csrf``. The ``time_limit`` parameter of ``generate_csrf`` is removed. - Remove the ``app`` attribute from ``CsrfProtect``, use ``current_app``. :issue:`264` - ``CsrfProtect`` protects the ``DELETE`` method by default. :issue:`264` - The same CSRF token is generated for the lifetime of a request. It is exposed as ``g.csrf_token`` for use during testing. :issue:`227, 264` - ``CsrfProtect.error_handler`` is deprecated. :issue:`264` - Handlers that return a response work in addition to those that raise an error. The behavior was not clear in previous docs. - :issue:`200, 209, 243, 252` - Use ``Form.Meta`` instead of deprecated ``SecureForm`` for CSRF (and everything else). :issue:`216, 271` - ``csrf_enabled`` parameter is still recognized but deprecated. All other attributes and methods from ``SecureForm`` are removed. :issue:`271` - Provide ``WTF_CSRF_FIELD_NAME`` to configure the name of the CSRF token. :issue:`271` - ``validate_csrf`` raises ``wtforms.ValidationError`` with specific messages instead of returning ``True`` or ``False``. This breaks anything that was calling the method directly. :issue:`239, 271` - CSRF errors are logged as well as raised. :issue:`239` - ``CsrfProtect`` is renamed to ``CSRFProtect``. A deprecation warning is issued when using the old name. ``CsrfError`` is renamed to ``CSRFError`` without deprecation. :issue:`271` - ``FileField`` is deprecated because it no longer provides functionality over the provided validators. Use ``wtforms.FileField`` directly. :issue:`272` Version 0.13.1 -------------- Released 2016-10-6 - Deprecation warning for ``Form`` is shown during ``__init__`` instead of immediately when subclassing. :issue:`262` - Don't use ``pkg_resources`` to get version, for compatibility with GAE. :issue:`261` Version 0.13 ------------ Released 2016-09-29 - ``Form`` is renamed to ``FlaskForm`` in order to avoid name collision with WTForms's base class. Using ``Form`` will show a deprecation warning. :issue:`250` - ``hidden_tag`` no longer wraps the hidden inputs in a hidden div. This is valid HTML5 and any modern HTML parser will behave correctly. :issue:`193, 217` - ``flask_wtf.html5`` is deprecated. Import directly from ``wtforms.fields.html5``. :issue:`251` - ``is_submitted`` is true for ``PATCH`` and ``DELETE`` in addition to ``POST`` and ``PUT``. :issue:`187` - ``generate_csrf`` takes a ``token_key`` parameter to specify the key stored in the session. :issue:`206` - ``generate_csrf`` takes a ``url_safe`` parameter to allow the token to be used in URLs. :issue:`206` - ``form.data`` can be accessed multiple times without raising an exception. :issue:`248` - File extension with multiple parts (``.tar.gz``) can be used in the ``FileAllowed`` validator. :issue:`201` Version 0.12 ------------ Released 2015-07-09 - Abstract ``protect_csrf()`` into a separate method. - Update reCAPTCHA configuration. - Fix reCAPTCHA error handle. Version 0.11 ------------ Released 2015-01-21 - Use the new reCAPTCHA API. :pr:`164` Version 0.10.3 -------------- Released 2014-11-16 - Add configuration: ``WTF_CSRF_HEADERS``. :pr:`159` - Support customize hidden tags. :pr:`150` - And many more bug fixes. Version 0.10.2 -------------- Released 2014-09-03 - Update translation for reCaptcha. :pr:`146` Version 0.10.1 -------------- Released 2014-08-26 - Update ``RECAPTCHA_API_SERVER_URL``. :pr:`145` - Update requirement Werkzeug >= 0.9.5. - Fix ``CsrfProtect`` exempt for blueprints. :pr:`143` Version 0.10.0 -------------- Released 2014-07-16 - Add configuration: ``WTF_CSRF_METHODS``. - Support WTForms 2.0 now. - Fix CSRF validation without time limit (``time_limit=False``). - ``csrf_exempt`` supports blueprint. :issue:`111` Version 0.9.5 ------------- Released 2014-03-21 - ``csrf_token`` for all template types. :pr:`112` - Make ``FileRequired`` a subclass of ``InputRequired``. :pr:`108` Version 0.9.4 ------------- Released 2013-12-20 - Bugfix for ``csrf`` module when form has a prefix. - Compatible support for WTForms 2. - Remove file API for ``FileField`` Version 0.9.3 ------------- Released 2013-10-02 - Fix validation of recaptcha when app in testing mode. :pr:`89` - Bugfix for ``csrf`` module. :pr:`91` Version 0.9.2 ------------- Released 2013-09-11 - Upgrade WTForms to 1.0.5. - No lazy string for i18n. :issue:`77` - No ``DateInput`` widget in HTML5. :issue:`81` - ``PUT`` and ``PATCH`` for CSRF. :issue:`86` Version 0.9.1 ------------- Released 2013-08-21 - Compatibility with Flask < 0.10. :issue:`82` Version 0.9.0 ------------- Released 2013-08-15 - Add i18n support. :issue:`65` - Use default HTML5 widgets and fields provided by WTForms. - Python 3.3+ support. - Redesign form, replace ``SessionSecureForm``. - CSRF protection solution. - Drop WTForms imports. - Fix recaptcha i18n support. - Fix recaptcha validator for Python 3. - More test cases, it's 90%+ coverage now. - Redesign documentation. Version 0.8.4 ------------- Released 2013-03-28 - Recaptcha Validator now returns provided message. :issue:`66` - Minor doc fixes. - Fixed issue with tests barking because of nose/multiprocessing issue. Version 0.8.3 ------------- Released 2013-03-13 - Update documentation to indicate pending deprecation of WTForms namespace facade. - PEP8 fixes. :issue:`64` - Fix Recaptcha widget. :issue:`49` Version 0.8.2 and prior ----------------------- Initial development by Dan Jacob and Ron Duplain.