date:20090609

Re: Session framework improvements - ticket 3304

2009-06-09 Thread Michael Radziej


On Tue, Jun 09, Alex Gaynor wrote:

> A patch that only works on Python 2.6 will, unequivocally, not be accepted.
> Django maintains identaical levels of functionality from Python 2.3 to 2.6.

Nah, the patch works with 2.3 to 2.6. But the "http-only" flag will be set
only with python2.6 since the older versions don't support that flag. For
2.3-2.5, the flag is therefore ignored.


Michael

-- 
noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg -
Tel +49-911-9352-0 - Fax +49-911-9352-100
http://www.noris.de - The IT-Outsourcing Company
 
Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Hansjochen Klenk - 
Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

Re: Session framework improvements - ticket 3304

2009-06-09 Thread Alex Gaynor

On Tue, Jun 9, 2009 at 10:52 AM, Michael Radziej  wrote:

>
> On Tue, Jun 09, Russell Keith-Magee wrote:
>
> >
> > On Tue, Jun 9, 2009 at 8:56 PM, Rodolfo wrote:
> > >
> > > About session in Django:
> http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions
> > >
> > > Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"?
> > > All propounded patches are bad? This can protect from session hijack
> > > (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site
> > > Scripting).
> >
> > The discussion on the ticket explains the current situation - in
> > particular, comment 11 from Jacob:
> >
> > http://code.djangoproject.com/ticket/3304#comment:11
>
> Hmm, the comment is out of date since there's now a newer patch that does
> not require ugly hacks. On the backside, it means that the http-only
> settings is only effective with python2.6.
>
> Michael
>
> --
> noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg -
> Tel +49-911-9352-0 - Fax +49-911-9352-100
> http://www.noris.de - The IT-Outsourcing Company
>
> Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Hansjochen Klenk -
> Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689
>
> >
>
A patch that only works on Python 2.6 will, unequivocally, not be accepted.
Django maintains identaical levels of functionality from Python 2.3 to 2.6.

Alex

-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." --Voltaire
"The people's good is the highest law."--Cicero

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

Re: Session framework improvements - ticket 3304

2009-06-09 Thread Michael Radziej


On Tue, Jun 09, Russell Keith-Magee wrote:

> 
> On Tue, Jun 9, 2009 at 8:56 PM, Rodolfo wrote:
> >
> > About session in Django: 
> > http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions
> >
> > Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"?
> > All propounded patches are bad? This can protect from session hijack
> > (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site
> > Scripting).
> 
> The discussion on the ticket explains the current situation - in
> particular, comment 11 from Jacob:
> 
> http://code.djangoproject.com/ticket/3304#comment:11

Hmm, the comment is out of date since there's now a newer patch that does
not require ugly hacks. On the backside, it means that the http-only
settings is only effective with python2.6.

Michael

-- 
noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg -
Tel +49-911-9352-0 - Fax +49-911-9352-100
http://www.noris.de - The IT-Outsourcing Company
 
Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Hansjochen Klenk - 
Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

Re: Session framework improvements - ticket 3304

2009-06-09 Thread Rodolfo Stangherlin


Ok, but SimpleCookie in Python 2.6 supports it, then a Python patch is
unnecessary.


On 6/9/09, Russell Keith-Magee  wrote:
>
> On Tue, Jun 9, 2009 at 8:56 PM, Rodolfo wrote:
>>
>> About session in Django:
>> http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions
>>
>> Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"?
>> All propounded patches are bad? This can protect from session hijack
>> (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site
>> Scripting).
>
> The discussion on the ticket explains the current situation - in
> particular, comment 11 from Jacob:
>
> http://code.djangoproject.com/ticket/3304#comment:11
>
> Yours,
> Russ Magee %-)
>
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

Re: Session framework improvements - ticket 3304

2009-06-09 Thread Russell Keith-Magee


On Tue, Jun 9, 2009 at 8:56 PM, Rodolfo wrote:
>
> About session in Django: 
> http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions
>
> Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"?
> All propounded patches are bad? This can protect from session hijack
> (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site
> Scripting).

The discussion on the ticket explains the current situation - in
particular, comment 11 from Jacob:

http://code.djangoproject.com/ticket/3304#comment:11

Yours,
Russ Magee %-)

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

Session framework improvements - ticket 3304

2009-06-09 Thread Rodolfo


About session in Django: 
http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions

Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"?
All propounded patches are bad? This can protect from session hijack
(http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site
Scripting).

Tks!
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

Ticket #11286: model.objects instead of model._default_manager

2009-06-09 Thread Marc Remolt


Hi all,

it seems I've stumbled over one more tiny bug in trunk. As I read the 
official documentation, the Django core should always use the 
model._default_manager attribute instead of the hard coded model.objects.

If that is the case, then we've missed one in the dumpdata management 
command. I have created a ticket (#11286) for this and I'd even consider 
it a blocker for 1.1 (fixing only requires changing a word anyway).

Keep up the good work, 1.1 is really looking great!
Marc

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

Re: [GSoC admin-ui] Focusing on inlines this week

2009-06-09 Thread Renato Garcia Pedigoni

Great!
I agree with you that selector inline should not replace stacked
inlines. Keep up the good work!

On Tue, Jun 9, 2009 at 8:51 AM, Philip Roberts wrote:

> Hi Zain,
>
> Great project you've got there, looking forward to seeing more of what you
> get up to.
>
> Phil
>
>
> >
>


-- 
Atenciosamente,
Renato Garcia Pedigoni

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

Re: [GSoC admin-ui] Focusing on inlines this week

2009-06-09 Thread Philip Roberts

Hi Zain,

Great project you've got there, looking forward to seeing more of what you
get up to.

Phil

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

Re: Focusing on inlines this week

2009-06-09 Thread andybak


Looking good. I'm so looking forward to this. I'll be able to dump a
fair bit of my less attractive code when this gets merged.

As you are knee deep in the code for inlines - how feasible is it ever
going to be to have inlines within inlines? I can imagine the UI
issues along would be thorny but I'd be interested to know whether a
lot of refactoring would be neccesary.

And while you are tampering with the templates - can we have lots of
juicy blocks to override? The current templates are a little bit
stingy in that regard!

cheers,

Andy
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

[GSoC admin-ui] Focusing on inlines this week

2009-06-09 Thread Zain Memon

This week, I checked in support for selector inlines, and I've made progress
on implementing a link to add and remove extra inlines dynamically.

Selector inlines are the implementation of a mockup[1] Wilson Miner created
with the intention of replacing stacked inlines. The basic idea is that
clicking on a row selects it, and the fields on the right are populated with
the information for the currently selected inline object. I decided to make
selector inlines a separate option instead of replacing stacked inlines.

I'm also working on dynamically adding and removing extra inline objects
using an "Add another " link at the bottom of the object list. There
is a mockup[2] for this too. It isn't entirely functional yet (I got stuck
trying to make the new extras actually work) but thanks to some help from
Brian Rosner and Alex Gaynor, I have a good idea of how to finish it up. So,
watch for that to drop in the next couple days.

Also, thanks for all the feedback on foreign key autocomplete. I've put that
feature on the back burner in the interest of tackling inlines first, but
I'll revisit it a little bit later this summer.

Until next week,
Zain


[1] Selector Inlines:
http://media.wilsonminer.com/images/django/related-objects-stacked.gif
[2] Stacked Inlines with "add" link:
http://media.wilsonminer.com/images/django/related-objects-mock.gif

---
My GSoC proposal:
http://inzain.net/blog/2009/05/django-gsoc-09-admin-ui-improvements/

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

Re: Session framework improvements - ticket 3304

Re: Session framework improvements - ticket 3304

Re: Session framework improvements - ticket 3304

Re: Session framework improvements - ticket 3304

Re: Session framework improvements - ticket 3304

Session framework improvements - ticket 3304

Ticket #11286: model.objects instead of model._default_manager

Re: [GSoC admin-ui] Focusing on inlines this week

Re: [GSoC admin-ui] Focusing on inlines this week

Re: Focusing on inlines this week

[GSoC admin-ui] Focusing on inlines this week

11 matches

Site Navigation

Mail list logo

Footer information