Is it safe to keep Django template strings inside a TextField of a Django
model and allow users with staff privileges to edit them?
I'm asking because I'm unsure how safe/dangerous this could be. Would it be
possible to abuse a built-in templatetag to execute arbitrary code on the
server?
What
ngle file.
More details here:
https://github.com/jrief/django-filer/blob/serialize-payload/docs/dump_payload.rst
and here: https://github.com/stefanfoulis/django-filer/pull/335
Stefan Foulis, the maintainer of *django-filer* considered: "But I'd really
prefer a solution that works wi
Have a look at https://www.django-cms.org/en/e-commerce/
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to th
in your admin class, add
class MyModelAdmin(ModelAdmin):
def has_add_permission(self, request):
return False
def has_change_permission(self, request):
return False
etc.
--
You received this message because you are subscribed to the Google Groups
"Django users
Internally a price is always handled and stored as 0.00. Thats the way
software and databases work.
What you can do is to change the representation of your Decimal in your
frontend and backend. In Django, changing this in the frontend its easy,
just add USE_L10N = True to your settings.py and a
OK, now I got it.
Coming from C++ I was stuck too much in static inheritance thinking. The
diagram in http://fuhm.net/super-harmful/ helped me to understand this
issue.
Thank you very much for your help!
--
You received this message because you are subscribed to the Google Groups
"Django users
Thank You, Roland, this was a good point to start with. I now found an
elegant solution:
I added a base DetailView class for this project:
from django.views.generic import DetailView
class PluggableDetailView(DetailView):
def get_context_data(self, **kwargs):
context = super(Plugga
But the mixin plugins are not derived from django.views.generic.DetailView,
otherwise the main app's DetailView would obtain a diamond shaped
inheritance.
And django.views.generic.detail.BaseDetailView.get calls get_context_dataonly
once, so I don't see how the plugins shall "deliver" their con
Hi,
currently I am writing a Django applications built up from loosely coupled
plug-ins. Each of these plug-ins shall offer a class based view to handle
get and post requests. For get requests the context shall be populated with
plug-in specific data. For post requests, the plug-in specific post
Hi,
as a workaround, I added an additional column (aka CharField) to store the
hash of that JSON string. Then only the hashes have to be compared. Sure,
this is not an elegant solution, as it adds redundant data to your database.
If I would write SQL by hand, I could compare the JSON-string usin
Eclipse + PyDev
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit
Hi,
I have i weird problem when using model fields JSONField and
PickledObjectField together with the filter function.
from jsonfield.fields import JSONField
from picklefield.fields import PickledObjectField
class Item(models.Model):
picklefield = PickledObjectField(null=True, blank=True)
12 matches
Mail list logo
