Week ending August 25, 2018
Triaged
---
https://code.djangoproject.com/ticket/29697 - Complex query crashes with
"missing FROM-clause entry for table" (accepted)
https://code.djangoproject.com/ticket/29701 - has_add_permission in
admin.TabularInline gives KeyError exception
On Sat, 25 Aug 2018 11:56:02 -0400
Michael Manfre wrote:
> Anyone who uses it after reading the warning would likely still use
> it if it were in another package. A separate package is another "Are
> you sure?" step that they would likely ignore.
I disagree -- a separate package means that the
Hi there!
I do need some feedback on the best public API to implement multi file
support to Django forms.
Context:
Up until now Django forms do not support multi file upload. You will need
to write your own view to handle the files as described here:
I don’t have much to add other than it’s pretty common for pentests to flag
autocomplete being enabled on sensitive fields (email/password) and
recommend disabling it (autocomplete=off). While I’m not sure if I agree
with that recommendation in some situations you have little choice but to
follow
I have no strong opinion about keeping it verse moving it. The docs already
provide a sufficient warning about the risks of using it. Anyone who uses
it after reading the warning would likely still use it if it were in
another package. A separate package is another "Are you sure?" step that
they
Browser support looks somewhat limited, so I wanted to ask if there are any
concerns or drawbacks with adding
autocomplete=username/email/current-password/new-password to contrib.auth's
forms?
Pull request: https://github.com/django/django/pull/9921
>From the ticket
Alex proposed:
---
Pickle serializer has long been known to be dangerous. This is mitigated by
requiring MAC on pickle in cookies, but nevertheless, RCEs continue to
happen:
https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/
To further discourage it's use, we
Hi Claude,
Thanks for your feedback, it's a great idea to make modelform a callable
registry instance or something.
In some project we're going to try to acheive this kind of coupling and
work with Python components instead of templates for example:
status =
Hello Nils,
> On 23 Aug 2018, at 19:33, Nils Fredrik Gjerull wrote:
>
> How can we move forward on supporting XML serialization of HTML5 (XHTML5)?
>
> When I created the pull-request I did not think it would be very
> controversial. After all, the XML style of writing HTML has been used
> for
Le vendredi 24 août 2018 11:35:43 UTC+2, Jamesie Pic a écrit :
>
> Thank for your feedback.
>
> It's the eternal misunderstanding of django's pattern, confusion between
> table, and model, model is de factores what couples table and form, I've
> posted articles about it already. I call this the
10 matches
Mail list logo
