Re: Session framework improvements - ticket 3304
I uploaded a new patch, with implementation to Python 2.3-2.5 (based on cephelo patch) and 2.6. I tested it with 2.5 and all is ok. -- Rodolfo On 6/12/09, Michael Radziej wrote: > > On Wed, Jun 10, Alex Gaynor wrote: > >> No, as I've stated Django *never* degrades functionality due to Python >> version. >> This would be a massive aberration from that policy. This is >> clearly stated in the documentation for users: >> http://docs.djangoproject.com/en/dev/faq/install/#do-i-lose-anything-by-using-python-2-3-versus-newer-python-versions-such-as-python-2-5 > > No, it says that the Django *core* does not degrade. > > Well, session is part of contrib, not of the core. Other contrib.gis > requires 2.4. And it's not that it loses functionality, it just does not > activate a particular precaution that is not available with earlier python > versions. Nevertheless, it's surely better if we can support 'http-only' > also for older python versions. I see only one way to achieve this: > > Include the 2.6 version of the cookie library with django and load > that for python 2.3-2.5 > > I think django already does this for a different library. > > Is that the way to go? > > > Michael > > -- > noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg - > Tel +49-911-9352-0 - Fax +49-911-9352-100 > http://www.noris.de - The IT-Outsourcing Company > > Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Hansjochen Klenk - > Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689 > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: Session framework improvements - ticket 3304
If useful, is possible put warning about it in python 2.3-2.5. On
command line (manage.py runserver), it's show a message in screen.
With apache, in a error_log:
import warnings
warnings.warn('httponly is supported in python > 2.6')
If is a good idea, i submit a new patch.
Rodolfo
On 6/9/09, Michael Radziej wrote:
>
> On Tue, Jun 09, Alex Gaynor wrote:
>
>> A patch that only works on Python 2.6 will, unequivocally, not be
>> accepted.
>> Django maintains identaical levels of functionality from Python 2.3 to
>> 2.6.
>
> Nah, the patch works with 2.3 to 2.6. But the "http-only" flag will be set
> only with python2.6 since the older versions don't support that flag. For
> 2.3-2.5, the flag is therefore ignored.
>
>
> Michael
>
> --
> noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg -
> Tel +49-911-9352-0 - Fax +49-911-9352-100
> http://www.noris.de - The IT-Outsourcing Company
>
> Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Hansjochen Klenk -
> Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689
>
> >
>
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---
Re: Session framework improvements - ticket 3304
Ok, but SimpleCookie in Python 2.6 supports it, then a Python patch is unnecessary. On 6/9/09, Russell Keith-Magee wrote: > > On Tue, Jun 9, 2009 at 8:56 PM, Rodolfo wrote: >> >> About session in Django: >> http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions >> >> Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"? >> All propounded patches are bad? This can protect from session hijack >> (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site >> Scripting). > > The discussion on the ticket explains the current situation - in > particular, comment 11 from Jacob: > > http://code.djangoproject.com/ticket/3304#comment:11 > > Yours, > Russ Magee %-) > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Session framework improvements - ticket 3304
About session in Django: http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"? All propounded patches are bad? This can protect from session hijack (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site Scripting). Tks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: FormPreview documentation typos
Thanks! I've done that and it worked nicely. Rodolfo On 31 ago, 00:46, "Karen Tracey" <[EMAIL PROTECTED]> wrote: > On Sat, Aug 30, 2008 at 11:33 PM, Rodolfo <[EMAIL PROTECTED]> wrote: > > > I tried creating a new ticket on Trac, but it didn't like me, and I > > didn't like the idea of creating "just another login account" just for > > that. > > You don't have to create a login account. If you just fill in something for > settings here: > > http://code.djangoproject.com/settings > > your submission likely won't be rejected as spam. No password to remember > or anything. > > Karen --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
FormPreview documentation typos
I tried creating a new ticket on Trac, but it didn't like me, and I
didn't like the idea of creating "just another login account" just for
that.
Here is what I caught reading the docs on
http://www.djangoproject.com/documentation/form_preview/
---
On "How to use FormPreview", 3rd step, the code snippet imports
"'''SomeModel'''", and then mistakenly refers to
"SomeModelFormPreview('''SomeModelForm'''))".
Here is the current text in the documentation:
{{{
3. Change your URLconf to point to an instance of your FormPreview
subclass:
from myapp.preview import SomeModelFormPreview
from myapp.models import SomeModel
from django import forms
…and add the following line to the appropriate model in your URLconf:
(r'^post/$', SomeModelFormPreview(SomeModelForm)),
where SomeModelForm is a Form or ModelForm class for the model.
}}}
Also, on "FormPreview templates", a template is referenced using slash-
notation and then using dot-notation. Probably should be slash for
both.
{{{
By default, the form is rendered via the template formtools/form.html,
and the preview page is rendered via the template
formtools.preview.html.
}}}
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---
empty list on "for" template tag
I'm new, so I don't know how to submit a patch.
This patch allow a tag "else" in a "for" loop. When the list is empty,
it is called (as well "else" on a "if").
{% for i in items %}
{{ i }}
{% else %}
no items
{% endfor %}
This is useful?
The patch:
Index: django/template/defaulttags.py
===
--- django/template/defaulttags.py (revisão 5625)
+++ django/template/defaulttags.py (cópia de trabalho)
@@ -69,10 +69,11 @@
return u''
class ForNode(Node):
-def __init__(self, loopvars, sequence, reversed, nodelist_loop):
+def __init__(self, loopvars, sequence, reversed, nodelist_loop,
nodelist_loop_empty):
self.loopvars, self.sequence = loopvars, sequence
self.reversed = reversed
self.nodelist_loop = nodelist_loop
+self.nodelist_loop_empty = nodelist_loop_empty
def __repr__(self):
if self.reversed:
@@ -109,36 +110,33 @@
if not hasattr(values, '__len__'):
values = list(values)
len_values = len(values)
-if self.reversed:
-values = reversed(values)
-unpack = len(self.loopvars) > 1
-for i, item in enumerate(values):
-context['forloop'] = {
-# shortcuts for current loop iteration number
-'counter0': i,
-'counter': i+1,
-# reverse counter iteration numbers
-'revcounter': len_values - i,
-'revcounter0': len_values - i - 1,
-# boolean values designating first and last times
through loop
-'first': (i == 0),
-'last': (i == len_values - 1),
-'parentloop': parentloop,
-}
-if unpack:
-# If there are multiple loop variables, unpack the
item into them.
-context.update(dict(zip(self.loopvars, item)))
-else:
-context[self.loopvars[0]] = item
-for node in self.nodelist_loop:
-nodelist.append(node.render(context))
-if unpack:
-# The loop variables were pushed on to the context so
pop them
-# off again. This is necessary because the tag lets
the length
-# of loopvars differ to the length of each set of
items and we
-# don't want to leave any vars from the previous loop
on the
-# context.
-context.pop()
+if len_values:
+if self.reversed:
+values = reversed(values)
+unpack = len(self.loopvars) > 1
+for i, item in enumerate(values):
+context['forloop'] = {
+# shortcuts for current loop iteration number
+'counter0': i,
+'counter': i+1,
+# reverse counter iteration numbers
+'revcounter': len_values - i,
+'revcounter0': len_values - i - 1,
+# boolean values designating first and last times
through loop
+'first': (i == 0),
+'last': (i == len_values - 1),
+'parentloop': parentloop,
+}
+if unpack:
+# If there are multiple loop variables, unpack
the item into them.
+context.update(dict(zip(self.loopvars, item)))
+else:
+context[self.loopvars[0]] = item
+for node in self.nodelist_loop:
+nodelist.append(node.render(context))
+else:
+for node in self.nodelist_loop_empty:
+ nodelist.append(node.render(context))
context.pop()
return nodelist.render(context)
@@ -583,9 +581,14 @@
raise TemplateSyntaxError, "'for' tag received an invalid
argument: %s" % token.contents
sequence = parser.compile_filter(bits[in_index+1])
-nodelist_loop = parser.parse(('endfor',))
+nodelist_loop = parser.parse(('else', 'endfor',))
+token = parser.next_token()
+if token.contents == 'else':
+nodelist_loop_false = parser.parse(('endfor',)) #ALTERADO
+else:
+nodelist_loop_false = NodeList()
parser.delete_first_token()
-return ForNode(loopvars, sequence, reversed, nodelist_loop)
+return ForNode(loopvars, sequence, reversed, nodelist_loop,
nodelist_loop_false)
do_for = register.tag("for", do_for)
def do_ifequal(parser, token, negate):
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~--~~~~
empty list on "for" template tag
I'm new, so I don't know how to submit a patch.
This patch allow a tag "else" in a "for" loop. When the list is empty,
it is called (as well "else" on a "if").
{% for i in items %}
{{ i }}
{% else %}
no items
{% endfor %}
This is useful?
The patch:
Index: django/template/defaulttags.py
===
--- django/template/defaulttags.py (revisão 5625)
+++ django/template/defaulttags.py (cópia de trabalho)
@@ -69,10 +69,11 @@
return u''
class ForNode(Node):
-def __init__(self, loopvars, sequence, reversed, nodelist_loop):
+def __init__(self, loopvars, sequence, reversed, nodelist_loop,
nodelist_loop_empty):
self.loopvars, self.sequence = loopvars, sequence
self.reversed = reversed
self.nodelist_loop = nodelist_loop
+self.nodelist_loop_empty = nodelist_loop_empty
def __repr__(self):
if self.reversed:
@@ -109,36 +110,33 @@
if not hasattr(values, '__len__'):
values = list(values)
len_values = len(values)
-if self.reversed:
-values = reversed(values)
-unpack = len(self.loopvars) > 1
-for i, item in enumerate(values):
-context['forloop'] = {
-# shortcuts for current loop iteration number
-'counter0': i,
-'counter': i+1,
-# reverse counter iteration numbers
-'revcounter': len_values - i,
-'revcounter0': len_values - i - 1,
-# boolean values designating first and last times
through loop
-'first': (i == 0),
-'last': (i == len_values - 1),
-'parentloop': parentloop,
-}
-if unpack:
-# If there are multiple loop variables, unpack the
item into them.
-context.update(dict(zip(self.loopvars, item)))
-else:
-context[self.loopvars[0]] = item
-for node in self.nodelist_loop:
-nodelist.append(node.render(context))
-if unpack:
-# The loop variables were pushed on to the context so
pop them
-# off again. This is necessary because the tag lets
the length
-# of loopvars differ to the length of each set of
items and we
-# don't want to leave any vars from the previous loop
on the
-# context.
-context.pop()
+if len_values:
+if self.reversed:
+values = reversed(values)
+unpack = len(self.loopvars) > 1
+for i, item in enumerate(values):
+context['forloop'] = {
+# shortcuts for current loop iteration number
+'counter0': i,
+'counter': i+1,
+# reverse counter iteration numbers
+'revcounter': len_values - i,
+'revcounter0': len_values - i - 1,
+# boolean values designating first and last times
through loop
+'first': (i == 0),
+'last': (i == len_values - 1),
+'parentloop': parentloop,
+}
+if unpack:
+# If there are multiple loop variables, unpack
the item into them.
+context.update(dict(zip(self.loopvars, item)))
+else:
+context[self.loopvars[0]] = item
+for node in self.nodelist_loop:
+nodelist.append(node.render(context))
+else:
+for node in self.nodelist_loop_empty:
+ nodelist.append(node.render(context))
context.pop()
return nodelist.render(context)
@@ -583,9 +581,14 @@
raise TemplateSyntaxError, "'for' tag received an invalid
argument: %s" % token.contents
sequence = parser.compile_filter(bits[in_index+1])
-nodelist_loop = parser.parse(('endfor',))
+nodelist_loop = parser.parse(('else', 'endfor',))
+token = parser.next_token()
+if token.contents == 'else':
+nodelist_loop_false = parser.parse(('endfor',)) #ALTERADO
+else:
+nodelist_loop_false = NodeList()
parser.delete_first_token()
-return ForNode(loopvars, sequence, reversed, nodelist_loop)
+return ForNode(loopvars, sequence, reversed, nodelist_loop,
nodelist_loop_false)
do_for = register.tag("for", do_for)
def do_ifequal(parser, token, negate):
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~--~~~~
