Django Security issue

[deepak gupta]

Hi All,

When ever we are opening a public IP on our server (CentOS and our
application developed on Django 1.9.7, Angular 1.5).
Inbound port is enabled on 8080, there is no port configuration for
outbound traffic.
We found once we enable public IP, it start generating huge outbound
HTTP traffic, event though nobody access the server.

do anyone has idea about any similar security issues/fix. what could be the
possible cause and how to trace the issue?

Thanks,
Deepak

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAP%3DkbM3jPjgZbL7nUJRdbD7sLFmh9fPnfRewAAZn%3DP74h9xcJw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django Migration Error in Heroku, but migrate correctly in heroku local

[zhangdb7]

But I have run makemigrations in the server, How to repair now? Should I 
delete all migrations files?

On Sunday, December 4, 2016 at 12:54:53 AM UTC+8, Vijay Khemlani wrote:
>
> If you are versioning your migration files (most liketly) then you don't 
> have to run makemigrations in the server again.
>
> On Fri, Dec 2, 2016 at 11:55 PM, zhangdb7 
> > wrote:
>
>> Python 3.5, Django 1.10.3, Sqlite
>> I have deployed a django app in heroku.It ran without errors before. One 
>> day I make some change in models.py. I first do
>> python manage.py collectstatic,
>> python manage.py makemigrations,
>> python manage.py migrate,
>> heroku local web -f Procfile.windows,
>> the app run correctly in local. Then I push my codes to heroku. I ran:
>> git push heroku master
>> heroku run bash
>> $python manage.py makemigrations
>> $python manage.py migrate
>> heroku ps:scale web=1
>> But server returned:
>>
>> ProgrammingError at /twitter/blog/
>> column twitter_article.enable_comments does not exist
>> LINE 1: ...article"."content", "twitter_article"."pub_date", "twitter_a.
>>
>> Here is my key model:
>>
>> from django.db import models
>> from fluent_comments.moderation import moderate_model,comments_are_open, 
>> comments_are_moderated
>> from fluent_comments.models import get_comments_for_model, 
>> CommentsRelation
>>
>> class Article(models.Model) :
>> title = models.CharField(max_length = 100)
>> category = models.CharField(max_length = 50, blank = True)
>> pub_date = models.DateTimeField(auto_now_add = True)
>> content = models.TextField(blank = True, null = True)
>> pub_date = models.DateTimeField("pub_date")
>> enable_comments = models.BooleanField("Enable comments", default=True)
>>
>> def __str__(self) :
>> return self.title
>>
>> class Meta:
>> ordering = ['-pub_date']
>>
>> # Optional, give direct access to moderation info via the model:
>> comments = property(get_comments_for_model)
>> comments_are_open = property(comments_are_open)
>> comments_are_moderated = property(comments_are_moderated)
>>
>> # Give the generic app support for moderation by django-fluent-comments:
>> moderate_model(Article,
>> publication_date_field='pub_date',
>> enable_comments_field='enable_comments',
>> )
>>
>> If I drop my database and build a new database. Server won't report 
>> error. Why? I'm using sqlite.
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-users...@googlegroups.com .
>> To post to this group, send email to django...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-users/014a79e8-57d4-45e2-88ff-eabbefd67153%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/4ba51783-4545-4adb-8ba8-5c89b193ee02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django Migration Error in Heroku, but migrate correctly in heroku local

[zhangdb7]

But I have run makemigrations in the server, How to repair now? Should I 
delete all migrations files?

在 2016年12月4日星期日 UTC+8上午12:54:53，Vijay Khemlani写道：
>
> If you are versioning your migration files (most liketly) then you don't 
> have to run makemigrations in the server again.
>
> On Fri, Dec 2, 2016 at 11:55 PM, zhangdb7 
> > wrote:
>
>> Python 3.5, Django 1.10.3, Sqlite
>> I have deployed a django app in heroku.It ran without errors before. One 
>> day I make some change in models.py. I first do
>> python manage.py collectstatic,
>> python manage.py makemigrations,
>> python manage.py migrate,
>> heroku local web -f Procfile.windows,
>> the app run correctly in local. Then I push my codes to heroku. I ran:
>> git push heroku master
>> heroku run bash
>> $python manage.py makemigrations
>> $python manage.py migrate
>> heroku ps:scale web=1
>> But server returned:
>>
>> ProgrammingError at /twitter/blog/
>> column twitter_article.enable_comments does not exist
>> LINE 1: ...article"."content", "twitter_article"."pub_date", "twitter_a.
>>
>> Here is my key model:
>>
>> from django.db import models
>> from fluent_comments.moderation import moderate_model,comments_are_open, 
>> comments_are_moderated
>> from fluent_comments.models import get_comments_for_model, 
>> CommentsRelation
>>
>> class Article(models.Model) :
>> title = models.CharField(max_length = 100)
>> category = models.CharField(max_length = 50, blank = True)
>> pub_date = models.DateTimeField(auto_now_add = True)
>> content = models.TextField(blank = True, null = True)
>> pub_date = models.DateTimeField("pub_date")
>> enable_comments = models.BooleanField("Enable comments", default=True)
>>
>> def __str__(self) :
>> return self.title
>>
>> class Meta:
>> ordering = ['-pub_date']
>>
>> # Optional, give direct access to moderation info via the model:
>> comments = property(get_comments_for_model)
>> comments_are_open = property(comments_are_open)
>> comments_are_moderated = property(comments_are_moderated)
>>
>> # Give the generic app support for moderation by django-fluent-comments:
>> moderate_model(Article,
>> publication_date_field='pub_date',
>> enable_comments_field='enable_comments',
>> )
>>
>> If I drop my database and build a new database. Server won't report 
>> error. Why? I'm using sqlite.
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-users...@googlegroups.com .
>> To post to this group, send email to django...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-users/014a79e8-57d4-45e2-88ff-eabbefd67153%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
在 2016年12月4日星期日 UTC+8上午12:54:53，Vijay Khemlani写道：
>
> If you are versioning your migration files (most liketly) then you don't 
> have to run makemigrations in the server again.
>
> On Fri, Dec 2, 2016 at 11:55 PM, zhangdb7 
> > wrote:
>
>> Python 3.5, Django 1.10.3, Sqlite
>> I have deployed a django app in heroku.It ran without errors before. One 
>> day I make some change in models.py. I first do
>> python manage.py collectstatic,
>> python manage.py makemigrations,
>> python manage.py migrate,
>> heroku local web -f Procfile.windows,
>> the app run correctly in local. Then I push my codes to heroku. I ran:
>> git push heroku master
>> heroku run bash
>> $python manage.py makemigrations
>> $python manage.py migrate
>> heroku ps:scale web=1
>> But server returned:
>>
>> ProgrammingError at /twitter/blog/
>> column twitter_article.enable_comments does not exist
>> LINE 1: ...article"."content", "twitter_article"."pub_date", "twitter_a.
>>
>> Here is my key model:
>>
>> from django.db import models
>> from fluent_comments.moderation import moderate_model,comments_are_open, 
>> comments_are_moderated
>> from fluent_comments.models import get_comments_for_model, 
>> CommentsRelation
>>
>> class Article(models.Model) :
>> title = models.CharField(max_length = 100)
>> category = models.CharField(max_length = 50, blank = True)
>> pub_date = models.DateTimeField(auto_now_add = True)
>> content = models.TextField(blank = True, null = True)
>> pub_date = models.DateTimeField("pub_date")
>> enable_comments = models.BooleanField("Enable comments", default=True)
>>
>> def __str__(self) :
>> return self.title
>>
>> class Meta:
>> ordering = ['-pub_date']
>>
>> # Optional, give direct access to moderation info via the mode

Re: wsgiref - When does the complexity of question require posting to the Developers or other forums?

[Derek]

This may be "off topic" - so feel free to disregard! - but why "blogs on 
porting from 1.1 to 1.6"?  If you are in the process of upgrading, then why 
not keep going to at least 1.8, which is the oldest version still receiving 
patches and support?

Some blogs are:

* https://www.caktusgroup.com/blog/2014/07/07/tips-upgrading-django/
* 
http://blog.truantibexes.com/2016/01/19/2-5-years-5-developers-1-django-upgrade/
* 
https://www.seedinvest.com/labs/backend/upgrading-from-django-1-4-to-django-1-7
* http://andrewsforge.com/presentation/upgrading-django-to-17/ (Massive  4 
part series ... assume you want to keep going beyond 1.6)

On Friday, 2 December 2016 19:40:28 UTC+2, NoviceSortOf wrote:
>
> ...Thanks everyone for the above discussion -- some progress today has 
> been noted...
>
> To answer Matt's question...
>
> The variable at the root of the error appears to be -- response.
> as found in /usr/lib/python2.7/site-packages/django/core/handlers/base.py 
> line 89
>
> response is assigned as "None" in the code, before being passed to the 
> middleware method.
>
> The patch I found on github recommended adding these lines to base.py at 
> line 94.
> #response = response.render()
> #response_is_rendered = True
> Now mysteriously enough when commenting those lines out.
> and loading devel server URL via port 8000...
> I get a TemplateDoesNotExist at / index.html.
>
> NOW ! -- That is an issue I can far more easily debug. 
>
> Also I've found out in the last half hour with the development server 
> issuing...
>
> # python -Wall manage.py runserver 0.0.0.0:8000
>
> provides more granular details regarding depreciated components, a big 
> help.
>
> Thanks Matt & Daniel, 
>
> While I'm not completely out of the woods yet with this port/upgrade at 
> least I'm moving towards someplace 
> where traceback is pointing more and more to 'my' code, which if I coded 
> it I can more easily update/mod/fix.
>
> Otherwise if anyone can point me to information, guides, blogs on porting 
> from 1.1 to 1.6 please let me know. I've already reviewed the depreciation 
> memos on the Django site from 1.1 to 1.6, and made note of relevant 
> changes, but further materials could help.
>
> Thanks 
>
>
> On Friday, December 2, 2016 at 6:05:52 PM UTC+1, Matthew Pava wrote:
>>
>> For what it’s worth, I do get this error sometimes when I am running the 
>> development server, even in Python 3.5 and Django 1.10.  But because it’s 
>> the development server, I simply disregard it.
>>
>> I typically only get this message when I am running several AJAX calls 
>> very close together.  (e.g. When I am filling out an autocomplete that 
>> queries the server after every key press.)
>>
>>  
>>
>> Seeing the error message, though, I wonder if it would be so hard to 
>> simply check if self.status is None before executing the command.
>>
>>  
>>
>>
>> 
>>
>>   File "/usr/lib64/python2.7/wsgiref/simple_server.py", line 33, in close
>>
>>self.status.split(' ',1)[0], self.bytes_sent
>>
>>AttributeError: 'NoneType' object has no attribute 'split'
>>
>>
>> 
>>
>>  
>>
>>  
>>
>>  
>>
>>  
>>
>> *From:* django...@googlegroups.com [mailto:django...@googlegroups.com] *On 
>> Behalf Of *NoviceSortOf
>> *Sent:* Friday, December 2, 2016 10:58 AM
>> *To:* Django users
>> *Subject:* Re: wsgiref - When does the complexity of question require 
>> posting to the Developers or other forums?
>>
>>  
>>
>> Thanks for the reply.
>>
>> I agree the probability of this being a bug in Django is improbable still 
>> I found git hub django 
>>
>> bug descriptions/discussions which URLs are listed in previous posts. 
>> Both of those URLs
>>
>> listed patches to fix the situation, not directly in Django but in the 
>> WsgiRef component. 
>>
>> https://github.com/django/django/commit/2f615b10e6330d27dccbd770a4628200044acf70
>>
>> https://github.com/django/django/commit/742ea51413b3aab07c6afbfd1d52c1908ffcb510
>>
>> I naturally referred to them being as could not find after search of the 
>> internet or this forum any further info.
>>
>>
>> It would be better if traceback pointed to my code but instead Traceback 
>> now points to 
>>
>> /usr/lib/python2.7/site-packages/django/core/handlers/base.py
>>
>> with the same attribute error. 'NoneType' object has no attribute 
>> 'render'.
>> (SEE Traceback below)
>>
>> With so much of this troubleshooting being in finding the right question. 
>>
>> * Would issue perhaps be limited to Django’s built-in development server?
>>
>> * Would using a difference Web Interface Gateway solution solve the 
>> problem?
>>
>> Details follow...
>>
>> Please advise  
>>
>>
>> I type on the Linux server command line
>> # python manage.py runserver 0.0.0.0:8000
>>
>> then point my browser to...
>> http://[MyDevelopmentServerIP]:8000/
>>
>> And get

Accessing to objects of a dynamic way in django template

[Bernardo Garcia]

I have the following class based view in which I perform to queryset:

class PatientDetail(LoginRequiredMixin, DetailView): 

   model = PatientProfile 

   template_name = 'patient_detail.html' 

   context_object_name = 'patientdetail' 

   

   def get_context_data(self, **kwargs): 

   context=super(PatientDetail, self).get_context_data(**kwargs) 
   *queryset= 
RehabilitationSession.objects.filter(patient__slug=self.kwargs['slug']) 
*
* context.update({'patient_session_data': queryset,}) *
return context

When I acces the value of patient_session_data key sent, in my template:

{% extends "base.html" %} 

{% block content %} 

{{patient_session_data}} 
{% endblock content %}

I get this three QuerySet objects

, 
, ]>


I want access to specific attibute named upper_extremity of my 
RehabilitationSession model, then I make this:


{% for upperlimb in patient_session_data %} 

{{upperlimb.upper_extremity}} 

{%endfor%}

And I get this in my template:

Izquierda Izquierda Izquierda

This mean, three times the value, because my queryset return me three 
objects. This is logic.

For access to value of a separate way I make this in my template:

{{patient_session_data.0.upper_extremity}}

And I get:

Izquierda


*My goal*

I unknown the amount of querysets objects RehabilitationSession that will 
be returned by the queryset executed in my PatientDetail

 cbv, because the number is dynamic, may be any amount of objects returned.


I want read the value content of each patient_session_data upper_extremity and 
accord to the value make something in my template,

But I want read it of a dynamic way,without use {{
patient_session_data.<0-1-2-3>.upper_extremity}}


For example in a hypotetical case:


#if all objects returned have same value in upper_extremity 

{% if patient_session_data.upper_extremity == 'Izquierda' %} 

 

  Segmentos corporales a tratar

  Codo - mano - falange 

 

{%endif%}



I think that I have count the amount of objects and make with them some 
actions, because I don't have clear ... 


How to can I access of a individual way to the objects returned of a 
dynamic way without matter the objects number returned?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/c17e25b2-cbce-4401-8065-9704054648e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: ImageField always calling update_dimensions_fields

[ggilley]

What I see is that when I load my page, it calls update_dimension_fields 
for every image. The model is simple.


class Photo(models.Model):
width = models.PositiveIntegerField(blank=True, null=True, editable=False, 
default="0")
height = models.PositiveIntegerField(blank=True, null=True, editable=False, 
default="0")
image = ImageField(upload_to=upload_to, width_field='width', 
height_field='height')
user = models.ForeignKey(settings.AUTH_USER_MODEL, 
related_name="uploaded_photos")
title = models.CharField(max_length=255)
slug = extension_fields.AutoSlugField(populate_from='title', blank=True)
caption = models.CharField(max_length=255, blank=True)
date_added = models.DateTimeField(default=timezone.now)


class PhotoCollection(models.Model):
name = models.CharField('name', max_length=250)
slug = extension_fields.AutoSlugField(populate_from='name', blank=True)
description = models.TextField(blank=True)
user = models.ForeignKey(settings.AUTH_USER_MODEL, 
related_name="uploaded_collections")
date_added = models.DateTimeField(default=timezone.now)
photos = models.ManyToManyField('photos.Photo', related_name='collections', 
blank=True)


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/58bb16f7-c162-49da-8226-e388bce588ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Issue with manage.py runserver

[pradam programming]

Hi,
1.Check any other file in directory by same name.
2.check __init__.py file is their in Root Project folder..

On 4 Dec 2016 8:04 pm,  wrote:

> I started a new project in Django today (actually my first django
> project). Strangely when I run python manage.py runserver it does
> absolutely nothing. It just jumps to the next prompt. I'm using the most
> resent release which I installed using pip. It doesn't show anything when
> run. It doesn't show anything. NO error, No other messages, Nothing. And
> nothing happens too. I don't know if what I'm going to say next is useful
> or not. I initially had difficulty importing django, which I solved by
> adding a .pth file in the site-packages directory. Thanks in advance
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/ms
> gid/django-users/4a996171-5715-4f3c-8d0f-a89518f54183%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAGGVXBPCot14ntk4U0Y7sB5bdaJOqSWXXF1Q1Vpj%2BqoaVFm0iA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Issue with manage.py runserver

[ninosm12]

I started a new project in Django today (actually my first django project). 
Strangely when I run python manage.py runserver it does absolutely nothing. 
It just jumps to the next prompt. I'm using the most resent release which I 
installed using pip. It doesn't show anything when run. It doesn't show 
anything. NO error, No other messages, Nothing. And nothing happens too. I 
don't know if what I'm going to say next is useful or not. I initially had 
difficulty importing django, which I solved by adding a .pth file in the 
site-packages directory. Thanks in advance

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/4a996171-5715-4f3c-8d0f-a89518f54183%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: ImageField always calling update_dimensions_fields

[Daniel Roseman]

On Sunday, 4 December 2016 00:47:06 UTC, ggi...@gmail.com wrote:
>
>
> I needed to get to the width and height of an image. After discovering 
> that doing so on an ImageField loads the file, I added width_field and 
> height_field to my model.
>
> I did a migration and starting using the new model.
>
> However, it *always* seems to call update_dimension_fields every time the 
> model is loaded.
>
> I'm on 1.9.9 if that makes a difference.
>
> I see there was an old bug where this was addressed 
> https://code.djangoproject.com/ticket/11084
>
> It seems to be broken for me. Any ideas what is going on?
>
> Thanks,
>
>   Greg
>
>
You need to show your model code.
--
DR. 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/d4c6723a-cbd0-4d48-80d1-aa67116aa830%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.