date:20170603

Fellow Report - June 3, 2017

2017-06-03 Thread Tim Graham

Triaged

---

https://code.djangoproject.com/ticket/28172 - Prevent nonexistent template
filter arguments from raising VariableDoesNotExist (maybe)

https://code.djangoproject.com/ticket/28217 - nested calls to functions
decorated with sensitive_post_parameters produces unexpected results which
parameters are considered sensitive (accepted)

https://code.djangoproject.com/ticket/28255 - URLValidator rejects hostname
only URLs (duplicate)

https://code.djangoproject.com/ticket/28259 - Make bool(AnonymousUser)
evaluate to false (wontfix)

https://code.djangoproject.com/ticket/28241 - module_has_submodule()
doesn't work correctly if the module_name argument is a dotted path
(accepted)

https://code.djangoproject.com/ticket/28262 - ModelAdmin.lookup_allowed()
incorrectly raises DisallowedModelAdminLookup lookup with reverse relation
to origin model (accepted)

https://code.djangoproject.com/ticket/28264 - forms.FilePathField does not
return sorted subdirectories in formfield (accepted)

https://code.djangoproject.com/ticket/28271 - Debug view's AJAX response
doesn't have the proper charset (accepted)

Authored

https://github.com/django/django/pull/8572 - Fixed #28199 -- Fixed Subquery
generating unnecessary/invalid CAST.

Reviewed/committed

https://github.com/django/django/pull/8055 - Fixed #26682 -- Added support
for Oracle identity columns.

https://github.com/django/django/pull/8557 - Fixed #26823 -- Prevented
update_last_login signal receiver from crashing if User model doesn't have
last_login field.

https://github.com/django/django/pull/8566 - DRY'd startapp and
startproject management commands.

https://github.com/django/djangoproject.com/pull/760 - Fixed #759 -- Fixed
problems when using bitcoin donations.

https://github.com/django/django/pull/8509 - Fixed #28209 -- Made
date-based generic views return a 404 rather than crash when given an out
of range date.

https://github.com/django/django/pull/8534 - Fixed #28212 -- Allowed
customizing the port that LiveServerTestCase uses.

https://github.com/django/django/pull/8486 - Fixed #28170 -- Fixed
file_move_safe() crash when moving files to a CIFS mount.

https://github.com/django/django/pull/8060 - Fixed #22550 -- Prohibited
QuerySet.last()/reverse() after slicing.

https://github.com/django/django/pull/8565 - Fixed #28242 -- Moved
ImageField file extension validation to the form field.

https://github.com/django/django/pull/7836 - Fixed #27639 -- Added
chunk_size argument to QuerySet.iterator()

https://github.com/django/django/pull/8584 - Fixed #28265 -- Prevented
renderer warning on Widget.render() with **kwargs.

https://github.com/django/django/pull/8581 - Fixed #28260 -- Allowed
customizing the test tablespace initial and autoextend size on Oracle.

https://github.com/django/django/pull/6720 - Fixed #26028 -- Added
overriding templates howto.

https://github.com/django/django/pull/8202 - Completed test coverage for
RedirectFallbackMiddleware.

https://github.com/django/django/pull/8483 - Fixed #28190 -- Clarified how
include/extends treat template names.

https://github.com/django/django/pull/8490 - Fixed #28192 -- Required
passing optional form field args as keyword args.

--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/76659eb6-7db7-4c1b-a368-365f790af543%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: should nonexistent template filter arguments resolve to string_if_invalid rather than raise VariableDoesNotExist?

2017-06-03 Thread Shai Berger

On Friday 02 June 2017 18:38:47 Vlastimil Zíma wrote:
> 
> Shai: Values are sometimes turned into an empty string in case of
> UnicodeDecodeError, see
> https://github.com/django/django/blob/master/django/template/base.py#L994-L
> 998
> 

That code is within a render() method -- a place where the value is already 
going to be turned into a string.

> IMO invalid variable should behave the same way regardless of whether it's
> printed or used as an filter argument.
> 

My point was that rendering makes a difference because it already implies a 
possible type change.

I stand by my earlier position: Changing a filter argument to a string is odd 
and unexpected and we shouldn't do this. We should either keep raising an 
exception, or replace the whole filter expression (rather than just the 
argument) with string_if_invalid. My preference is towards the exception, but 
I also see the value of failing silently here.

Shai.

Re: Value of tightening URLValidator/EmailValidator regular expressions?

2017-06-03 Thread Aymeric Augustin

Hello Tim,

I got confused and didn't realize Claude was arguing against moving to the HTML 
validation rules. Oops.

I'm still +0 on copying HTML validation rules strictly so that  and EmailField behave identically by default. (+0 rather than +1 
because I'm mostly care about ending this debate.)

The part I found really interesting in Claude's proposal is the ability to 
customize validation rules. It looks like we have a reasonable plan. Once 
that's done I don't care very much about the default rules; they'll be good 
enough and their definition was already well into bikeshedding territory before 
I started contributing to Django.

Best regards,

-- 
Aymeric.



> On 2 Jun 2017, at 17:19, Tim Graham  wrote:
> 
> Aymeric, did anything specific change your mind from your March 2016 mail:
> 
> "Indeed, for some reason, the URL and email validators get anywhere from 2 to 
> 8 changes in every Django version, and there’s no end in sight. (I 
> contributed to this. Sorry.) Like James, I’m in favor of making the 
> validation much more simple and documenting it. This seems better than 
> perpetually modifying it at the risk of introducing regressions."
> 
> How should we make a determination about future Email/URLValidator changes? 
> Put a halt to them completely? I've closed a few tickets about EmailValidator 
> (e.g. [1]) as wontfix under the assumption that the regex will be simplified.
> 
> [1] https://code.djangoproject.com/ticket/25452
> 
> On Thursday, June 1, 2017 at 5:27:10 PM UTC-4, Aymeric Augustin wrote:
> I agree with Claude.
> 
> -- 
> Aymeric.
> 
> 
> 
>> On 1 Jun 2017, at 09:50, Claude Paroz > 
>> wrote:
>> 
>> As for me, I still think the current validator is valid for 99% of use 
>> cases. And 99% of the time, an email address with dot-less domain is a user 
>> input error.
>> 
>> So I would prefer fixing #25594 (validator propagation from db field to form 
>> field), adding a "looser" validator in validators.py and better documenting 
>> usage of alternate validators for EmailFields.
>> But I won't block the boat if I'm in the minority!
>> 
>> Claude
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-develop...@googlegroups.com .
>> To post to this group, send email to django-d...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-developers 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-developers/c3138fc8-fb78-4ff3-898d-2ed92433b13e%40googlegroups.com
>>  
>> .
>> For more options, visit https://groups.google.com/d/optout 
>> .
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-developers+unsubscr...@googlegroups.com 
> .
> To post to this group, send email to django-developers@googlegroups.com 
> .
> Visit this group at https://groups.google.com/group/django-developers 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-developers/d9cb4c7c-c3ae-4e33-921e-552c49f33626%40googlegroups.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/ECBD2763-C8D9-4973-A4E5-4F983A103FF6%40polytechnique.org.
For more options, visit https://groups.google.com/d/optout.

Fellow Report - June 3, 2017

Re: should nonexistent template filter arguments resolve to string_if_invalid rather than raise VariableDoesNotExist?

Re: Value of tightening URLValidator/EmailValidator regular expressions?

3 matches

Site Navigation

Mail list logo

Footer information