Re: wake of the RoR sql injection vulnerability
Don't let me start posting all the Java vulnerabilities that have surfaced over the last month. Just wednesday there was a new one for the jvm http://www.infoworld.com/d/security/java-zero-day-vulnerability-actively-exploited-attackers-210612 . Has nothing to do with interpreted languages. On Thursday, January 10, 2013 2:49:35 AM UTC-6, malthe wrote: On 10 January 2013 05:31, Wyatt Baldwin wyatt.le...@gmail.comjavascript: wrote: What does this have to do with interpreted languages? Can't this type of thing happen with any language? Seems like it has more to do with the framework rather than compiled vs interpreted or static vs dynamic. It can happen with any language, but it happens more often with an interpreted language, probably because it's arguably easier to pull it off (if by mistake). \malthe -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/GSQjiiFio2UJ. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
I can't do i18n work.
Hi all,
I'm working on a project with i18n and localization, but when I want to use
the translations that simple doesn't work. I have done an example project,
may I'm forgetting something I just create the project using the
official documentation:
*
http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/narr/project.html
using
pcreate -s starter MyProject
*
http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/narr/i18n.html
*This is the step by step:*
* pcreate -s starter MyProject
* Modified *setup.py* to:
requires = [
'pyramid',
'pyramid_debugtoolbar',
'waitress',
*'Babel',*
*'lingua',*
]
setup(name='MyProject',
version='0.0',
description='MyProject',
.
entry_points = \
[paste.app_factory]
main = myproject:main
,
* message_extractors = { '.': [*
*('**.py', 'lingua_python', None ),*
*('**.pt', 'lingua_xml', None ),*
* ]},*
)
* Changed *development.ini* to add:
[app:main]
use = egg:MyProject
pyramid.reload_templates = true
pyramid.debug_authorization = false
pyramid.debug_notfound = false
pyramid.debug_routematch = false
pyramid.default_locale_name = en
pyramid.includes =
pyramid_debugtoolbar
*available_languages = en es*
* Added to *myproject/__init__.py*
def main(global_config, **settings):
This function returns a Pyramid WSGI application.
config = Configurator(settings=settings)
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/')
config.scan()
*config.add_translation_dirs('locale/')*
return config.make_wsgi_app()
* Added to *myproject/views.py*
*
*from pyramid.view import view_config*
from pyramid.i18n import TranslationString as _
*
@view_config(route_name='home', renderer='templates/mytemplate.pt')
def my_view(request):
*hello = _('Hi')*
return {'project':'MyProject',
*'hello':hello,*}
Added to *myproject/templates/mytemplate.pt*:
p class=app-welcome
* ${hello}* Welcome to span class=app-name${project}/span,
an application generated bybr/
the Pyramid web application development framework.
/p
* Run python setup.py extract_messages
* Run python setup.py init_catalog -l en
* Run python setup.py init_catalog -l es
* Modified *myproject/locale/en/LC_MESSAGES/MyProject.po:*
*
*
*#: myproject/views.py:6*
*msgid Hi*
*msgstr English Hi*
*
*
* Modified *myproject/locale/es/LC_MESSAGES/MyProject.po:*
*#: myproject/views.py:6*
*msgid Hi*
*msgstr Spanish Hi*
* Run python setup.py compile_catalog
* Start the server
* Go to http://127.0.0.1:6543?_LOCALE_=enhttp://127.0.0.1:6543/?_LOCALE_=en
and
doesn't work at all!
Yo may see the example project at
https://bitbucket.org/aguirrel/translation_test/src
I have done a lot of test, but nothing work. So I preffer if you may check
this clear project.
Thanks a lot in advance,
Best regards,
Luis
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To view this discussion on the web visit
https://groups.google.com/d/msg/pylons-discuss/-/6Z_dB27TTXsJ.
To post to this group, send email to pylons-discuss@googlegroups.com.
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
Re: I can't do i18n work.
On Jan 11, 2013, at 4:09 AM, Luis Aguirre wrote: * Go to http://127.0.0.1:6543?_LOCALE_=en and doesn't work at all! What happens? -- Philip Jenvey -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Help with setting content-type to application/json (Pylons 1.0)
Hi Joel,
Try passing the Content-Type header to FileApp like this:
@restrict('GET')
@h.authenticate
def retrieve(self, id):
Return the file data (binary stream) for the file in files/ with
name=id or an error message if the file does not exist or the user is
not authorized to access it.
file = Session.query(File).filter(File.name==id).first()
if file:
unrestrictedUsers = h.getUnrestrictedUsers()
if h.userIsAuthorizedToAccessModel(session['user'], file,
unrestrictedUsers):
filePath = os.path.join(config['app_conf']['permanent_store'],
id)
headers = [('Content-Type', 'application/json')]
result = forward(FileApp(filePath, headers=headers))
else:
response.status_int = 403
result = h.unauthorizedJSONMsg
else:
response.status_int = 404
result = json.dumps({'error': 'There is no file with name %s' % id})
return result
See http://pythonpaste.org/modules/fileapp.html
Hope this helps,
--
Ronan Amicel
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com.
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
Re: Help with setting content-type to application/json (Pylons 1.0)
Hey Ronan,
Thanks. However, the FileApp stuff is a bit of a red herring. FileApp
correctly sets the content type (i.e., to the MIMEtype of the file being
served) without any interference on my part.
The problem is that I can't get my JSON responses to have the correct
content type header. I'm returning JSON in nearly every controller action
and no matter what I do I get text/html; charset=utf-8 as the content type
...
On Friday, January 11, 2013 10:43:50 AM UTC-8, ronan wrote:
Hi Joel,
Try passing the Content-Type header to FileApp like this:
@restrict('GET')
@h.authenticate
def retrieve(self, id):
Return the file data (binary stream) for the file in files/ with
name=id or an error message if the file does not exist or the user is
not authorized to access it.
file = Session.query(File).filter(File.name==id).first()
if file:
unrestrictedUsers = h.getUnrestrictedUsers()
if h.userIsAuthorizedToAccessModel(session['user'], file,
unrestrictedUsers):
filePath = os.path.join(config['app_conf']['permanent_store'],
id)
headers = [('Content-Type', 'application/json')]
result = forward(FileApp(filePath, headers=headers))
else:
response.status_int = 403
result = h.unauthorizedJSONMsg
else:
response.status_int = 404
result = json.dumps({'error': 'There is no file with name %s' %
id})
return result
See http://pythonpaste.org/modules/fileapp.html
Hope this helps,
--
Ronan Amicel
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To view this discussion on the web visit
https://groups.google.com/d/msg/pylons-discuss/-/Zxo2qWgfAEMJ.
To post to this group, send email to pylons-discuss@googlegroups.com.
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
Re: Help with setting content-type to application/json (Pylons 1.0)
Does it work if you use the jsonify decorator?
On Sat, Jan 12, 2013 at 12:14 AM, Joel jrwdun...@gmail.com wrote:
Hey Ronan,
Thanks. However, the FileApp stuff is a bit of a red herring. FileApp
correctly sets the content type (i.e., to the MIMEtype of the file being
served) without any interference on my part.
The problem is that I can't get my JSON responses to have the correct
content type header. I'm returning JSON in nearly every controller action
and no matter what I do I get text/html; charset=utf-8 as the content type
...
On Friday, January 11, 2013 10:43:50 AM UTC-8, ronan wrote:
Hi Joel,
Try passing the Content-Type header to FileApp like this:
@restrict('GET')
@h.authenticate
def retrieve(self, id):
Return the file data (binary stream) for the file in files/ with
name=id or an error message if the file does not exist or the user is
not authorized to access it.
file = Session.query(File).filter(**File.name==id).first()
if file:
unrestrictedUsers = h.getUnrestrictedUsers()
if h.**userIsAuthorizedToAccessModel(**session['user'], file,
unrestrictedUsers):
filePath = os.path.join(config['app_conf'**]['permanent_store'],
id)
headers = [('Content-Type', 'application/json')]
result = forward(FileApp(filePath, headers=headers))
else:
response.status_int = 403
result = h.unauthorizedJSONMsg
else:
response.status_int = 404
result = json.dumps({'error': 'There is no file with name %s' %
id})
return result
See
http://pythonpaste.org/**modules/fileapp.htmlhttp://pythonpaste.org/modules/fileapp.html
Hope this helps,
--
Ronan Amicel
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To view this discussion on the web visit
https://groups.google.com/d/msg/pylons-discuss/-/Zxo2qWgfAEMJ.
To post to this group, send email to pylons-discuss@googlegroups.com.
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com.
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
Re: Help with setting content-type to application/json (Pylons 1.0)
Yeah, the jsonify decorator works. But I need to be able to pass a custom
JSONEncoder subclass to json.dumps, e.g., return json.dumps(result,
cls=h.JSONOLDEncoder) so I think that rules out using @jsonify, right?
Also, I've looked at the jsonify code and it's not doing anything special
that I'm not doing ... I'm quite puzzled about why response.content_type =
'application/json' has no effect in my controller actions. I feel like I
must be missing something quite obvious ...
On Friday, January 11, 2013 3:26:12 PM UTC-8, ronan wrote:
Does it work if you use the jsonify decorator?
On Sat, Jan 12, 2013 at 12:14 AM, Joel jrwd...@gmail.com javascript:wrote:
Hey Ronan,
Thanks. However, the FileApp stuff is a bit of a red herring. FileApp
correctly sets the content type (i.e., to the MIMEtype of the file being
served) without any interference on my part.
The problem is that I can't get my JSON responses to have the correct
content type header. I'm returning JSON in nearly every controller action
and no matter what I do I get text/html; charset=utf-8 as the content type
...
On Friday, January 11, 2013 10:43:50 AM UTC-8, ronan wrote:
Hi Joel,
Try passing the Content-Type header to FileApp like this:
@restrict('GET')
@h.authenticate
def retrieve(self, id):
Return the file data (binary stream) for the file in files/ with
name=id or an error message if the file does not exist or the user is
not authorized to access it.
file = Session.query(File).filter(**File.name==id).first()
if file:
unrestrictedUsers = h.getUnrestrictedUsers()
if h.**userIsAuthorizedToAccessModel(**session['user'], file,
unrestrictedUsers):
filePath =
os.path.join(config['app_conf'**]['permanent_store'],
id)
headers = [('Content-Type', 'application/json')]
result = forward(FileApp(filePath, headers=headers))
else:
response.status_int = 403
result = h.unauthorizedJSONMsg
else:
response.status_int = 404
result = json.dumps({'error': 'There is no file with name %s' %
id})
return result
See
http://pythonpaste.org/**modules/fileapp.htmlhttp://pythonpaste.org/modules/fileapp.html
Hope this helps,
--
Ronan Amicel
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To view this discussion on the web visit
https://groups.google.com/d/msg/pylons-discuss/-/Zxo2qWgfAEMJ.
To post to this group, send email to pylons-...@googlegroups.comjavascript:
.
To unsubscribe from this group, send email to
pylons-discus...@googlegroups.com javascript:.
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
--
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To view this discussion on the web visit
https://groups.google.com/d/msg/pylons-discuss/-/7sE6FBrIzuYJ.
To post to this group, send email to pylons-discuss@googlegroups.com.
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
