Re: Session framework improvements - ticket 3304
On Tue, Jun 09, Alex Gaynor wrote: > A patch that only works on Python 2.6 will, unequivocally, not be accepted. > Django maintains identaical levels of functionality from Python 2.3 to 2.6. Nah, the patch works with 2.3 to 2.6. But the "http-only" flag will be set only with python2.6 since the older versions don't support that flag. For 2.3-2.5, the flag is therefore ignored. Michael -- noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg - Tel +49-911-9352-0 - Fax +49-911-9352-100 http://www.noris.de - The IT-Outsourcing Company Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Hansjochen Klenk - Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: Session framework improvements - ticket 3304
On Tue, Jun 9, 2009 at 10:52 AM, Michael Radziejwrote: > > On Tue, Jun 09, Russell Keith-Magee wrote: > > > > > On Tue, Jun 9, 2009 at 8:56 PM, Rodolfo wrote: > > > > > > About session in Django: > http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions > > > > > > Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"? > > > All propounded patches are bad? This can protect from session hijack > > > (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site > > > Scripting). > > > > The discussion on the ticket explains the current situation - in > > particular, comment 11 from Jacob: > > > > http://code.djangoproject.com/ticket/3304#comment:11 > > Hmm, the comment is out of date since there's now a newer patch that does > not require ugly hacks. On the backside, it means that the http-only > settings is only effective with python2.6. > > Michael > > -- > noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg - > Tel +49-911-9352-0 - Fax +49-911-9352-100 > http://www.noris.de - The IT-Outsourcing Company > > Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Hansjochen Klenk - > Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689 > > > > A patch that only works on Python 2.6 will, unequivocally, not be accepted. Django maintains identaical levels of functionality from Python 2.3 to 2.6. Alex -- "I disapprove of what you say, but I will defend to the death your right to say it." --Voltaire "The people's good is the highest law."--Cicero --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: Session framework improvements - ticket 3304
On Tue, Jun 09, Russell Keith-Magee wrote: > > On Tue, Jun 9, 2009 at 8:56 PM, Rodolfowrote: > > > > About session in Django: > > http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions > > > > Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"? > > All propounded patches are bad? This can protect from session hijack > > (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site > > Scripting). > > The discussion on the ticket explains the current situation - in > particular, comment 11 from Jacob: > > http://code.djangoproject.com/ticket/3304#comment:11 Hmm, the comment is out of date since there's now a newer patch that does not require ugly hacks. On the backside, it means that the http-only settings is only effective with python2.6. Michael -- noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg - Tel +49-911-9352-0 - Fax +49-911-9352-100 http://www.noris.de - The IT-Outsourcing Company Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Hansjochen Klenk - Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: Session framework improvements - ticket 3304
Ok, but SimpleCookie in Python 2.6 supports it, then a Python patch is unnecessary. On 6/9/09, Russell Keith-Mageewrote: > > On Tue, Jun 9, 2009 at 8:56 PM, Rodolfo wrote: >> >> About session in Django: >> http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions >> >> Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"? >> All propounded patches are bad? This can protect from session hijack >> (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site >> Scripting). > > The discussion on the ticket explains the current situation - in > particular, comment 11 from Jacob: > > http://code.djangoproject.com/ticket/3304#comment:11 > > Yours, > Russ Magee %-) > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: Session framework improvements - ticket 3304
On Tue, Jun 9, 2009 at 8:56 PM, Rodolfowrote: > > About session in Django: > http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions > > Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"? > All propounded patches are bad? This can protect from session hijack > (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site > Scripting). The discussion on the ticket explains the current situation - in particular, comment 11 from Jacob: http://code.djangoproject.com/ticket/3304#comment:11 Yours, Russ Magee %-) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Session framework improvements - ticket 3304
About session in Django: http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"? All propounded patches are bad? This can protect from session hijack (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site Scripting). Tks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Ticket #11286: model.objects instead of model._default_manager
Hi all, it seems I've stumbled over one more tiny bug in trunk. As I read the official documentation, the Django core should always use the model._default_manager attribute instead of the hard coded model.objects. If that is the case, then we've missed one in the dumpdata management command. I have created a ticket (#11286) for this and I'd even consider it a blocker for 1.1 (fixing only requires changing a word anyway). Keep up the good work, 1.1 is really looking great! Marc --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: [GSoC admin-ui] Focusing on inlines this week
Great! I agree with you that selector inline should not replace stacked inlines. Keep up the good work! On Tue, Jun 9, 2009 at 8:51 AM, Philip Robertswrote: > Hi Zain, > > Great project you've got there, looking forward to seeing more of what you > get up to. > > Phil > > > > > -- Atenciosamente, Renato Garcia Pedigoni --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: [GSoC admin-ui] Focusing on inlines this week
Hi Zain, Great project you've got there, looking forward to seeing more of what you get up to. Phil --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: Focusing on inlines this week
Looking good. I'm so looking forward to this. I'll be able to dump a fair bit of my less attractive code when this gets merged. As you are knee deep in the code for inlines - how feasible is it ever going to be to have inlines within inlines? I can imagine the UI issues along would be thorny but I'd be interested to know whether a lot of refactoring would be neccesary. And while you are tampering with the templates - can we have lots of juicy blocks to override? The current templates are a little bit stingy in that regard! cheers, Andy --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
[GSoC admin-ui] Focusing on inlines this week
This week, I checked in support for selector inlines, and I've made progress on implementing a link to add and remove extra inlines dynamically. Selector inlines are the implementation of a mockup[1] Wilson Miner created with the intention of replacing stacked inlines. The basic idea is that clicking on a row selects it, and the fields on the right are populated with the information for the currently selected inline object. I decided to make selector inlines a separate option instead of replacing stacked inlines. I'm also working on dynamically adding and removing extra inline objects using an "Add another " link at the bottom of the object list. There is a mockup[2] for this too. It isn't entirely functional yet (I got stuck trying to make the new extras actually work) but thanks to some help from Brian Rosner and Alex Gaynor, I have a good idea of how to finish it up. So, watch for that to drop in the next couple days. Also, thanks for all the feedback on foreign key autocomplete. I've put that feature on the back burner in the interest of tackling inlines first, but I'll revisit it a little bit later this summer. Until next week, Zain [1] Selector Inlines: http://media.wilsonminer.com/images/django/related-objects-stacked.gif [2] Stacked Inlines with "add" link: http://media.wilsonminer.com/images/django/related-objects-mock.gif --- My GSoC proposal: http://inzain.net/blog/2009/05/django-gsoc-09-admin-ui-improvements/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---