Re: wake of the RoR sql injection vulnerability
Don't let me start posting all the Java vulnerabilities that have surfaced over the last month. Just wednesday there was a new one for the jvm http://www.infoworld.com/d/security/java-zero-day-vulnerability-actively-exploited-attackers-210612 . Has nothing to do with interpreted languages. On Thursday, January 10, 2013 2:49:35 AM UTC-6, malthe wrote: On 10 January 2013 05:31, Wyatt Baldwin wyatt.le...@gmail.comjavascript: wrote: What does this have to do with interpreted languages? Can't this type of thing happen with any language? Seems like it has more to do with the framework rather than compiled vs interpreted or static vs dynamic. It can happen with any language, but it happens more often with an interpreted language, probably because it's arguably easier to pull it off (if by mistake). \malthe -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/GSQjiiFio2UJ. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
I can't do i18n work.
Hi all, I'm working on a project with i18n and localization, but when I want to use the translations that simple doesn't work. I have done an example project, may I'm forgetting something I just create the project using the official documentation: * http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/narr/project.html using pcreate -s starter MyProject * http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/narr/i18n.html *This is the step by step:* * pcreate -s starter MyProject * Modified *setup.py* to: requires = [ 'pyramid', 'pyramid_debugtoolbar', 'waitress', *'Babel',* *'lingua',* ] setup(name='MyProject', version='0.0', description='MyProject', . entry_points = \ [paste.app_factory] main = myproject:main , * message_extractors = { '.': [* *('**.py', 'lingua_python', None ),* *('**.pt', 'lingua_xml', None ),* * ]},* ) * Changed *development.ini* to add: [app:main] use = egg:MyProject pyramid.reload_templates = true pyramid.debug_authorization = false pyramid.debug_notfound = false pyramid.debug_routematch = false pyramid.default_locale_name = en pyramid.includes = pyramid_debugtoolbar *available_languages = en es* * Added to *myproject/__init__.py* def main(global_config, **settings): This function returns a Pyramid WSGI application. config = Configurator(settings=settings) config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('home', '/') config.scan() *config.add_translation_dirs('locale/')* return config.make_wsgi_app() * Added to *myproject/views.py* * *from pyramid.view import view_config* from pyramid.i18n import TranslationString as _ * @view_config(route_name='home', renderer='templates/mytemplate.pt') def my_view(request): *hello = _('Hi')* return {'project':'MyProject', *'hello':hello,*} Added to *myproject/templates/mytemplate.pt*: p class=app-welcome * ${hello}* Welcome to span class=app-name${project}/span, an application generated bybr/ the Pyramid web application development framework. /p * Run python setup.py extract_messages * Run python setup.py init_catalog -l en * Run python setup.py init_catalog -l es * Modified *myproject/locale/en/LC_MESSAGES/MyProject.po:* * * *#: myproject/views.py:6* *msgid Hi* *msgstr English Hi* * * * Modified *myproject/locale/es/LC_MESSAGES/MyProject.po:* *#: myproject/views.py:6* *msgid Hi* *msgstr Spanish Hi* * Run python setup.py compile_catalog * Start the server * Go to http://127.0.0.1:6543?_LOCALE_=enhttp://127.0.0.1:6543/?_LOCALE_=en and doesn't work at all! Yo may see the example project at https://bitbucket.org/aguirrel/translation_test/src I have done a lot of test, but nothing work. So I preffer if you may check this clear project. Thanks a lot in advance, Best regards, Luis -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/6Z_dB27TTXsJ. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: I can't do i18n work.
On Jan 11, 2013, at 4:09 AM, Luis Aguirre wrote: * Go to http://127.0.0.1:6543?_LOCALE_=en and doesn't work at all! What happens? -- Philip Jenvey -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Help with setting content-type to application/json (Pylons 1.0)
Hi Joel, Try passing the Content-Type header to FileApp like this: @restrict('GET') @h.authenticate def retrieve(self, id): Return the file data (binary stream) for the file in files/ with name=id or an error message if the file does not exist or the user is not authorized to access it. file = Session.query(File).filter(File.name==id).first() if file: unrestrictedUsers = h.getUnrestrictedUsers() if h.userIsAuthorizedToAccessModel(session['user'], file, unrestrictedUsers): filePath = os.path.join(config['app_conf']['permanent_store'], id) headers = [('Content-Type', 'application/json')] result = forward(FileApp(filePath, headers=headers)) else: response.status_int = 403 result = h.unauthorizedJSONMsg else: response.status_int = 404 result = json.dumps({'error': 'There is no file with name %s' % id}) return result See http://pythonpaste.org/modules/fileapp.html Hope this helps, -- Ronan Amicel -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Help with setting content-type to application/json (Pylons 1.0)
Hey Ronan, Thanks. However, the FileApp stuff is a bit of a red herring. FileApp correctly sets the content type (i.e., to the MIMEtype of the file being served) without any interference on my part. The problem is that I can't get my JSON responses to have the correct content type header. I'm returning JSON in nearly every controller action and no matter what I do I get text/html; charset=utf-8 as the content type ... On Friday, January 11, 2013 10:43:50 AM UTC-8, ronan wrote: Hi Joel, Try passing the Content-Type header to FileApp like this: @restrict('GET') @h.authenticate def retrieve(self, id): Return the file data (binary stream) for the file in files/ with name=id or an error message if the file does not exist or the user is not authorized to access it. file = Session.query(File).filter(File.name==id).first() if file: unrestrictedUsers = h.getUnrestrictedUsers() if h.userIsAuthorizedToAccessModel(session['user'], file, unrestrictedUsers): filePath = os.path.join(config['app_conf']['permanent_store'], id) headers = [('Content-Type', 'application/json')] result = forward(FileApp(filePath, headers=headers)) else: response.status_int = 403 result = h.unauthorizedJSONMsg else: response.status_int = 404 result = json.dumps({'error': 'There is no file with name %s' % id}) return result See http://pythonpaste.org/modules/fileapp.html Hope this helps, -- Ronan Amicel -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/Zxo2qWgfAEMJ. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Help with setting content-type to application/json (Pylons 1.0)
Does it work if you use the jsonify decorator? On Sat, Jan 12, 2013 at 12:14 AM, Joel jrwdun...@gmail.com wrote: Hey Ronan, Thanks. However, the FileApp stuff is a bit of a red herring. FileApp correctly sets the content type (i.e., to the MIMEtype of the file being served) without any interference on my part. The problem is that I can't get my JSON responses to have the correct content type header. I'm returning JSON in nearly every controller action and no matter what I do I get text/html; charset=utf-8 as the content type ... On Friday, January 11, 2013 10:43:50 AM UTC-8, ronan wrote: Hi Joel, Try passing the Content-Type header to FileApp like this: @restrict('GET') @h.authenticate def retrieve(self, id): Return the file data (binary stream) for the file in files/ with name=id or an error message if the file does not exist or the user is not authorized to access it. file = Session.query(File).filter(**File.name==id).first() if file: unrestrictedUsers = h.getUnrestrictedUsers() if h.**userIsAuthorizedToAccessModel(**session['user'], file, unrestrictedUsers): filePath = os.path.join(config['app_conf'**]['permanent_store'], id) headers = [('Content-Type', 'application/json')] result = forward(FileApp(filePath, headers=headers)) else: response.status_int = 403 result = h.unauthorizedJSONMsg else: response.status_int = 404 result = json.dumps({'error': 'There is no file with name %s' % id}) return result See http://pythonpaste.org/**modules/fileapp.htmlhttp://pythonpaste.org/modules/fileapp.html Hope this helps, -- Ronan Amicel -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/Zxo2qWgfAEMJ. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
Re: Help with setting content-type to application/json (Pylons 1.0)
Yeah, the jsonify decorator works. But I need to be able to pass a custom JSONEncoder subclass to json.dumps, e.g., return json.dumps(result, cls=h.JSONOLDEncoder) so I think that rules out using @jsonify, right? Also, I've looked at the jsonify code and it's not doing anything special that I'm not doing ... I'm quite puzzled about why response.content_type = 'application/json' has no effect in my controller actions. I feel like I must be missing something quite obvious ... On Friday, January 11, 2013 3:26:12 PM UTC-8, ronan wrote: Does it work if you use the jsonify decorator? On Sat, Jan 12, 2013 at 12:14 AM, Joel jrwd...@gmail.com javascript:wrote: Hey Ronan, Thanks. However, the FileApp stuff is a bit of a red herring. FileApp correctly sets the content type (i.e., to the MIMEtype of the file being served) without any interference on my part. The problem is that I can't get my JSON responses to have the correct content type header. I'm returning JSON in nearly every controller action and no matter what I do I get text/html; charset=utf-8 as the content type ... On Friday, January 11, 2013 10:43:50 AM UTC-8, ronan wrote: Hi Joel, Try passing the Content-Type header to FileApp like this: @restrict('GET') @h.authenticate def retrieve(self, id): Return the file data (binary stream) for the file in files/ with name=id or an error message if the file does not exist or the user is not authorized to access it. file = Session.query(File).filter(**File.name==id).first() if file: unrestrictedUsers = h.getUnrestrictedUsers() if h.**userIsAuthorizedToAccessModel(**session['user'], file, unrestrictedUsers): filePath = os.path.join(config['app_conf'**]['permanent_store'], id) headers = [('Content-Type', 'application/json')] result = forward(FileApp(filePath, headers=headers)) else: response.status_int = 403 result = h.unauthorizedJSONMsg else: response.status_int = 404 result = json.dumps({'error': 'There is no file with name %s' % id}) return result See http://pythonpaste.org/**modules/fileapp.htmlhttp://pythonpaste.org/modules/fileapp.html Hope this helps, -- Ronan Amicel -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/Zxo2qWgfAEMJ. To post to this group, send email to pylons-...@googlegroups.comjavascript: . To unsubscribe from this group, send email to pylons-discus...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups pylons-discuss group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/7sE6FBrIzuYJ. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.