Re: CSRF gone haywire

2009-11-28 Thread rebus_
2009/11/27 Tim Valenta :
> Also, I've figured out just now while rereading the reply I got, that
> "AFAIK" must mean "as far as I know".  Please... can we not use
> ridiculous short forms for a language that works better when not
> profusely abbreviated?  That would have been a hundred times harder to
> figure out if I were a not a native speaker of English.  I can handle
> a few of those, like IMHO, but I can't say that I've come across
> "AFAIK" often enough to compute that in record time.
>

You must be joking :)

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.




Re: CSRF gone haywire

2009-11-27 Thread Tim Valenta
Okay... so here's the problem.

I've been using a template override for change_form.html to always
check the object-tools block and add things in there.  I tried to be
more modular about it, but it never seemed to work out quite right.
So I'm overriding the entire template on my own, and I must have
copied the template from admin-ui (where, as pointed out, and as I
knew already, admin-ui doesn't implement the CSRF system).
Consequently, my overridden template was working great, until I got
off of the admin-ui branch.  Everything started failing like crazy :)

Lesson to be learned: Don't accidentally copy a template from a
branch.


Also, I've figured out just now while rereading the reply I got, that
"AFAIK" must mean "as far as I know".  Please... can we not use
ridiculous short forms for a language that works better when not
profusely abbreviated?  That would have been a hundred times harder to
figure out if I were a not a native speaker of English.  I can handle
a few of those, like IMHO, but I can't say that I've come across
"AFAIK" often enough to compute that in record time.

Tim

On Nov 27, 10:22 am, Tim Valenta  wrote:
> > AFAIK admin uses CSRF by default in SVN version.
>
> I'm sorry, but I have no idea what that means.  What is "AFAIK"?
>
> I've read that page you've linked to, and I fail to see what I've done
> wrong (since I didn't explicitly *do* anything).
>
> Tim
>
> On Nov 27, 10:18 am, rebus_  wrote:
>
>
>
> > 2009/11/27 Tim Valenta :
>
> > > Has anybody else experienced a senseless failure of the dev trunk's
> > > CSRF verification?  Very suddenly this morning, Django won't let me
> > > change anything in my admin sites.  I didn't update my copy of the SVN
> > > trunk, but as soon as I took myself off of the admin-ui branch, it
> > > flipped out.
>
> > > Step by step, all I did was move my copy of the main trunk to
> > > "_django" instead of "django".  I then uncompressed the admin-ui
> > > branch to "django" as a replacement.  All was well.  There are some
> > > broken "Add new item" links in that branch, and I got sick of it not
> > > working.  So I moved my admin-ui trunk to "admin-ui" for safekeeping,
> > > and then put back my original copy of the main trunk.
>
> > > Everything seemed right and good in the world, but for some reason the
> > > changelist view wouldn't show any items in its list.  Every model
> > > suffered from the lack of display.  It was weird.  It showed a correct
> > > total number of items that *should* have been in the list, but no
> > > items were present.  The HTML was literally not there.
>
> > > And when I jump directly to a changeform page via the id I knew I was
> > > working with, the page would should up, but saving the model keeps
> > > triggering the CSRF error response.  I don't think the CSRF token is
> > > being rendered in the changeform.
>
> > > Has anybody else experienced this?  I seriously haven't touched my
> > > copy of the main trunk between my little adventure with the admin-ui
> > > branch.  For good measure, I updated the repository just now, and it
> > > didn't fix it.  I removed all of the .pyc files in the Django
> > > directory and my project home.
>
> > > I'm just totally at a loss for what happened.  I've dropped the
> > > database and rebuilt it... no luck.  I'm ready to swear that I didn't
> > > change anything at all, and I don't use the CSRF system explicitly, so
> > > it's not like I've got bad imports.
>
> > > Any help?
>
> > AFAIK admin uses CSRF by default in SVN version.
>
> >http://docs.djangoproject.com/en/dev/ref/contrib/csrf/

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.




Re: CSRF gone haywire

2009-11-27 Thread Tim Valenta
> AFAIK admin uses CSRF by default in SVN version.

I'm sorry, but I have no idea what that means.  What is "AFAIK"?

I've read that page you've linked to, and I fail to see what I've done
wrong (since I didn't explicitly *do* anything).

Tim

On Nov 27, 10:18 am, rebus_  wrote:
> 2009/11/27 Tim Valenta :
>
>
>
>
>
> > Has anybody else experienced a senseless failure of the dev trunk's
> > CSRF verification?  Very suddenly this morning, Django won't let me
> > change anything in my admin sites.  I didn't update my copy of the SVN
> > trunk, but as soon as I took myself off of the admin-ui branch, it
> > flipped out.
>
> > Step by step, all I did was move my copy of the main trunk to
> > "_django" instead of "django".  I then uncompressed the admin-ui
> > branch to "django" as a replacement.  All was well.  There are some
> > broken "Add new item" links in that branch, and I got sick of it not
> > working.  So I moved my admin-ui trunk to "admin-ui" for safekeeping,
> > and then put back my original copy of the main trunk.
>
> > Everything seemed right and good in the world, but for some reason the
> > changelist view wouldn't show any items in its list.  Every model
> > suffered from the lack of display.  It was weird.  It showed a correct
> > total number of items that *should* have been in the list, but no
> > items were present.  The HTML was literally not there.
>
> > And when I jump directly to a changeform page via the id I knew I was
> > working with, the page would should up, but saving the model keeps
> > triggering the CSRF error response.  I don't think the CSRF token is
> > being rendered in the changeform.
>
> > Has anybody else experienced this?  I seriously haven't touched my
> > copy of the main trunk between my little adventure with the admin-ui
> > branch.  For good measure, I updated the repository just now, and it
> > didn't fix it.  I removed all of the .pyc files in the Django
> > directory and my project home.
>
> > I'm just totally at a loss for what happened.  I've dropped the
> > database and rebuilt it... no luck.  I'm ready to swear that I didn't
> > change anything at all, and I don't use the CSRF system explicitly, so
> > it's not like I've got bad imports.
>
> > Any help?
>
> AFAIK admin uses CSRF by default in SVN version.
>
> http://docs.djangoproject.com/en/dev/ref/contrib/csrf/

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.




Re: CSRF gone haywire

2009-11-27 Thread rebus_
2009/11/27 Tim Valenta :
> Has anybody else experienced a senseless failure of the dev trunk's
> CSRF verification?  Very suddenly this morning, Django won't let me
> change anything in my admin sites.  I didn't update my copy of the SVN
> trunk, but as soon as I took myself off of the admin-ui branch, it
> flipped out.
>
> Step by step, all I did was move my copy of the main trunk to
> "_django" instead of "django".  I then uncompressed the admin-ui
> branch to "django" as a replacement.  All was well.  There are some
> broken "Add new item" links in that branch, and I got sick of it not
> working.  So I moved my admin-ui trunk to "admin-ui" for safekeeping,
> and then put back my original copy of the main trunk.
>
> Everything seemed right and good in the world, but for some reason the
> changelist view wouldn't show any items in its list.  Every model
> suffered from the lack of display.  It was weird.  It showed a correct
> total number of items that *should* have been in the list, but no
> items were present.  The HTML was literally not there.
>
> And when I jump directly to a changeform page via the id I knew I was
> working with, the page would should up, but saving the model keeps
> triggering the CSRF error response.  I don't think the CSRF token is
> being rendered in the changeform.
>
> Has anybody else experienced this?  I seriously haven't touched my
> copy of the main trunk between my little adventure with the admin-ui
> branch.  For good measure, I updated the repository just now, and it
> didn't fix it.  I removed all of the .pyc files in the Django
> directory and my project home.
>
> I'm just totally at a loss for what happened.  I've dropped the
> database and rebuilt it... no luck.  I'm ready to swear that I didn't
> change anything at all, and I don't use the CSRF system explicitly, so
> it's not like I've got bad imports.
>
> Any help?
>

AFAIK admin uses CSRF by default in SVN version.

http://docs.djangoproject.com/en/dev/ref/contrib/csrf/

--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.