Re: Session framework improvements - ticket 3304
I uploaded a new patch, with implementation to Python 2.3-2.5 (based on cephelo patch) and 2.6. I tested it with 2.5 and all is ok. -- Rodolfo On 6/12/09, Michael Radziej wrote: > > On Wed, Jun 10, Alex Gaynor wrote: > >> No, as I've stated Django *never* degrades functionality due to Python >> version. >> This would be a massive aberration from that policy. This is >> clearly stated in the documentation for users: >> http://docs.djangoproject.com/en/dev/faq/install/#do-i-lose-anything-by-using-python-2-3-versus-newer-python-versions-such-as-python-2-5 > > No, it says that the Django *core* does not degrade. > > Well, session is part of contrib, not of the core. Other contrib.gis > requires 2.4. And it's not that it loses functionality, it just does not > activate a particular precaution that is not available with earlier python > versions. Nevertheless, it's surely better if we can support 'http-only' > also for older python versions. I see only one way to achieve this: > > Include the 2.6 version of the cookie library with django and load > that for python 2.3-2.5 > > I think django already does this for a different library. > > Is that the way to go? > > > Michael > > -- > noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg - > Tel +49-911-9352-0 - Fax +49-911-9352-100 > http://www.noris.de - The IT-Outsourcing Company > > Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Hansjochen Klenk - > Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689 > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: Session framework improvements - ticket 3304
If useful, is possible put warning about it in python 2.3-2.5. On command line (manage.py runserver), it's show a message in screen. With apache, in a error_log: import warnings warnings.warn('httponly is supported in python > 2.6') If is a good idea, i submit a new patch. Rodolfo On 6/9/09, Michael Radziej wrote: > > On Tue, Jun 09, Alex Gaynor wrote: > >> A patch that only works on Python 2.6 will, unequivocally, not be >> accepted. >> Django maintains identaical levels of functionality from Python 2.3 to >> 2.6. > > Nah, the patch works with 2.3 to 2.6. But the "http-only" flag will be set > only with python2.6 since the older versions don't support that flag. For > 2.3-2.5, the flag is therefore ignored. > > > Michael > > -- > noris network AG - Deutschherrnstraße 15-19 - D-90429 Nürnberg - > Tel +49-911-9352-0 - Fax +49-911-9352-100 > http://www.noris.de - The IT-Outsourcing Company > > Vorstand: Ingo Kraupa (Vorsitzender), Joachim Astel, Hansjochen Klenk - > Vorsitzender des Aufsichtsrats: Stefan Schnabel - AG Nürnberg HRB 17689 > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: Session framework improvements - ticket 3304
Ok, but SimpleCookie in Python 2.6 supports it, then a Python patch is unnecessary. On 6/9/09, Russell Keith-Magee wrote: > > On Tue, Jun 9, 2009 at 8:56 PM, Rodolfo wrote: >> >> About session in Django: >> http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions >> >> Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"? >> All propounded patches are bad? This can protect from session hijack >> (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site >> Scripting). > > The discussion on the ticket explains the current situation - in > particular, comment 11 from Jacob: > > http://code.djangoproject.com/ticket/3304#comment:11 > > Yours, > Russ Magee %-) > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Session framework improvements - ticket 3304
About session in Django: http://code.djangoproject.com/wiki/DjangoSpecifications/Contrib/Sessions Why ticket 3304 (http://code.djangoproject.com/ticket/3304) is "new"? All propounded patches are bad? This can protect from session hijack (http://en.wikipedia.org/wiki/Session_hijacking) using XSS (Cross Site Scripting). Tks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: FormPreview documentation typos
Thanks! I've done that and it worked nicely. Rodolfo On 31 ago, 00:46, "Karen Tracey" <[EMAIL PROTECTED]> wrote: > On Sat, Aug 30, 2008 at 11:33 PM, Rodolfo <[EMAIL PROTECTED]> wrote: > > > I tried creating a new ticket on Trac, but it didn't like me, and I > > didn't like the idea of creating "just another login account" just for > > that. > > You don't have to create a login account. If you just fill in something for > settings here: > > http://code.djangoproject.com/settings > > your submission likely won't be rejected as spam. No password to remember > or anything. > > Karen --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
FormPreview documentation typos
I tried creating a new ticket on Trac, but it didn't like me, and I didn't like the idea of creating "just another login account" just for that. Here is what I caught reading the docs on http://www.djangoproject.com/documentation/form_preview/ --- On "How to use FormPreview", 3rd step, the code snippet imports "'''SomeModel'''", and then mistakenly refers to "SomeModelFormPreview('''SomeModelForm'''))". Here is the current text in the documentation: {{{ 3. Change your URLconf to point to an instance of your FormPreview subclass: from myapp.preview import SomeModelFormPreview from myapp.models import SomeModel from django import forms …and add the following line to the appropriate model in your URLconf: (r'^post/$', SomeModelFormPreview(SomeModelForm)), where SomeModelForm is a Form or ModelForm class for the model. }}} Also, on "FormPreview templates", a template is referenced using slash- notation and then using dot-notation. Probably should be slash for both. {{{ By default, the form is rendered via the template formtools/form.html, and the preview page is rendered via the template formtools.preview.html. }}} --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
empty list on "for" template tag
I'm new, so I don't know how to submit a patch. This patch allow a tag "else" in a "for" loop. When the list is empty, it is called (as well "else" on a "if"). {% for i in items %} {{ i }} {% else %} no items {% endfor %} This is useful? The patch: Index: django/template/defaulttags.py === --- django/template/defaulttags.py (revisão 5625) +++ django/template/defaulttags.py (cópia de trabalho) @@ -69,10 +69,11 @@ return u'' class ForNode(Node): -def __init__(self, loopvars, sequence, reversed, nodelist_loop): +def __init__(self, loopvars, sequence, reversed, nodelist_loop, nodelist_loop_empty): self.loopvars, self.sequence = loopvars, sequence self.reversed = reversed self.nodelist_loop = nodelist_loop +self.nodelist_loop_empty = nodelist_loop_empty def __repr__(self): if self.reversed: @@ -109,36 +110,33 @@ if not hasattr(values, '__len__'): values = list(values) len_values = len(values) -if self.reversed: -values = reversed(values) -unpack = len(self.loopvars) > 1 -for i, item in enumerate(values): -context['forloop'] = { -# shortcuts for current loop iteration number -'counter0': i, -'counter': i+1, -# reverse counter iteration numbers -'revcounter': len_values - i, -'revcounter0': len_values - i - 1, -# boolean values designating first and last times through loop -'first': (i == 0), -'last': (i == len_values - 1), -'parentloop': parentloop, -} -if unpack: -# If there are multiple loop variables, unpack the item into them. -context.update(dict(zip(self.loopvars, item))) -else: -context[self.loopvars[0]] = item -for node in self.nodelist_loop: -nodelist.append(node.render(context)) -if unpack: -# The loop variables were pushed on to the context so pop them -# off again. This is necessary because the tag lets the length -# of loopvars differ to the length of each set of items and we -# don't want to leave any vars from the previous loop on the -# context. -context.pop() +if len_values: +if self.reversed: +values = reversed(values) +unpack = len(self.loopvars) > 1 +for i, item in enumerate(values): +context['forloop'] = { +# shortcuts for current loop iteration number +'counter0': i, +'counter': i+1, +# reverse counter iteration numbers +'revcounter': len_values - i, +'revcounter0': len_values - i - 1, +# boolean values designating first and last times through loop +'first': (i == 0), +'last': (i == len_values - 1), +'parentloop': parentloop, +} +if unpack: +# If there are multiple loop variables, unpack the item into them. +context.update(dict(zip(self.loopvars, item))) +else: +context[self.loopvars[0]] = item +for node in self.nodelist_loop: +nodelist.append(node.render(context)) +else: +for node in self.nodelist_loop_empty: + nodelist.append(node.render(context)) context.pop() return nodelist.render(context) @@ -583,9 +581,14 @@ raise TemplateSyntaxError, "'for' tag received an invalid argument: %s" % token.contents sequence = parser.compile_filter(bits[in_index+1]) -nodelist_loop = parser.parse(('endfor',)) +nodelist_loop = parser.parse(('else', 'endfor',)) +token = parser.next_token() +if token.contents == 'else': +nodelist_loop_false = parser.parse(('endfor',)) #ALTERADO +else: +nodelist_loop_false = NodeList() parser.delete_first_token() -return ForNode(loopvars, sequence, reversed, nodelist_loop) +return ForNode(loopvars, sequence, reversed, nodelist_loop, nodelist_loop_false) do_for = register.tag("for", do_for) def do_ifequal(parser, token, negate): --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~
empty list on "for" template tag
I'm new, so I don't know how to submit a patch. This patch allow a tag "else" in a "for" loop. When the list is empty, it is called (as well "else" on a "if"). {% for i in items %} {{ i }} {% else %} no items {% endfor %} This is useful? The patch: Index: django/template/defaulttags.py === --- django/template/defaulttags.py (revisão 5625) +++ django/template/defaulttags.py (cópia de trabalho) @@ -69,10 +69,11 @@ return u'' class ForNode(Node): -def __init__(self, loopvars, sequence, reversed, nodelist_loop): +def __init__(self, loopvars, sequence, reversed, nodelist_loop, nodelist_loop_empty): self.loopvars, self.sequence = loopvars, sequence self.reversed = reversed self.nodelist_loop = nodelist_loop +self.nodelist_loop_empty = nodelist_loop_empty def __repr__(self): if self.reversed: @@ -109,36 +110,33 @@ if not hasattr(values, '__len__'): values = list(values) len_values = len(values) -if self.reversed: -values = reversed(values) -unpack = len(self.loopvars) > 1 -for i, item in enumerate(values): -context['forloop'] = { -# shortcuts for current loop iteration number -'counter0': i, -'counter': i+1, -# reverse counter iteration numbers -'revcounter': len_values - i, -'revcounter0': len_values - i - 1, -# boolean values designating first and last times through loop -'first': (i == 0), -'last': (i == len_values - 1), -'parentloop': parentloop, -} -if unpack: -# If there are multiple loop variables, unpack the item into them. -context.update(dict(zip(self.loopvars, item))) -else: -context[self.loopvars[0]] = item -for node in self.nodelist_loop: -nodelist.append(node.render(context)) -if unpack: -# The loop variables were pushed on to the context so pop them -# off again. This is necessary because the tag lets the length -# of loopvars differ to the length of each set of items and we -# don't want to leave any vars from the previous loop on the -# context. -context.pop() +if len_values: +if self.reversed: +values = reversed(values) +unpack = len(self.loopvars) > 1 +for i, item in enumerate(values): +context['forloop'] = { +# shortcuts for current loop iteration number +'counter0': i, +'counter': i+1, +# reverse counter iteration numbers +'revcounter': len_values - i, +'revcounter0': len_values - i - 1, +# boolean values designating first and last times through loop +'first': (i == 0), +'last': (i == len_values - 1), +'parentloop': parentloop, +} +if unpack: +# If there are multiple loop variables, unpack the item into them. +context.update(dict(zip(self.loopvars, item))) +else: +context[self.loopvars[0]] = item +for node in self.nodelist_loop: +nodelist.append(node.render(context)) +else: +for node in self.nodelist_loop_empty: + nodelist.append(node.render(context)) context.pop() return nodelist.render(context) @@ -583,9 +581,14 @@ raise TemplateSyntaxError, "'for' tag received an invalid argument: %s" % token.contents sequence = parser.compile_filter(bits[in_index+1]) -nodelist_loop = parser.parse(('endfor',)) +nodelist_loop = parser.parse(('else', 'endfor',)) +token = parser.next_token() +if token.contents == 'else': +nodelist_loop_false = parser.parse(('endfor',)) #ALTERADO +else: +nodelist_loop_false = NodeList() parser.delete_first_token() -return ForNode(loopvars, sequence, reversed, nodelist_loop) +return ForNode(loopvars, sequence, reversed, nodelist_loop, nodelist_loop_false) do_for = register.tag("for", do_for) def do_ifequal(parser, token, negate): --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~