On 3/30/07, topper <[EMAIL PROTECTED]> wrote: > > Hi, > > I've just (maybe stupidly on my behalf) spent an hour digging through > Django code to find out why Django thought the template at $HOME/web/ > my_site/templates/home_page.html doesn't exist. The answer is that I > in the TEMPLATE_DIRS tuple need to to use the 'full' full path, /users/ > topper/web/my_site/templates rather than $HOME/web/my_site/templates. > > Now, the comment clearly states that you have to use absolute paths, > but in my mind $HOME *is* an absolute path, but maybe that's wrong?
you are wrong, HOME is an environment variable that exists on unix environments, it can be altered by the user and is not secure. > I'm no unix expert and maybe there is a security issue involved in > allowing the use of environment variables, but if not, do you think it > could be a good idea to allow the use of $HOME? in settings.py? It > would make code somewhat more portable and help users not make > 'stupid' mistakes like the one I did. More portable? What about windows users? > > I'll open a ticket and perhaps write a patch too if you think this is > a good idea. Alternatively, a small warning in Template-loader > postmortem when users use $HOME would be a great idea, IMO. if someone uses a shell expression in a python file, he cannot expect a warning, that's just wrong. Would you expect a warning if you would use something like nl2br( "string with ".$var ) in your code? If you want to construct the path dynamically, use python. After all, that's one of the reasons settings.py is just a python file. I am personally using something like this import os os.path.dirname( __file__ ) + '/templates' in my settings, that way I can move everything around and not worry about a thing. > > regards Topper > > > > > -- Honza Kr�l E-Mail: [EMAIL PROTECTED] ICQ#: 107471613 Phone: +420 606 678585 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
