Re: [Django] #16494: HttpResponse should raise an error if given a non-string object without `__iter__`

2011-10-09 Thread Django 
#16494: HttpResponse should raise an error if given a non-string object without
`__iter__`
---+
 Reporter:  matt@… |Owner:  PaulM
 Type:  Bug|   Status:  closed
Component:  HTTP handling  |  Version:  1.3
 Severity:  Normal |   Resolution:  fixed
 Keywords: | Triage Stage:  Accepted
Has patch:  1  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+

Comment (by loewis):

 In [16950]:
 {{{
 #!CommitTicketReference repository="" revision="16950"
 Merged revisions
 
16743,16745,16747-16750,16752-16754,16756-16760,16770,16773-16800,16802-16804,16806,16808,16811,16813,16815,16817-16826,16829-16833,16835-16836,16838-16843,16845-16858,16860-16866,16868,16871-16877,16882-16890,16893-16947
 via svnmerge from
 https://code.djangoproject.com/svn/django/trunk

 
   r16743 | gabrielhurley | 2011-09-09 23:36:58 +0200 (Fr, 09 Sep 2011) | 2
 lines

   Fixed #16791 -- Updated a broken URL in the README file. Thanks to
 paulcwatts for the report and patch.
 
   r16745 | Alex | 2011-09-09 23:45:58 +0200 (Fr, 09 Sep 2011) | 1 line

   Switch to using explicit new-style division behavior, rather than
 relying on teh classic behavior.
 
   r16747 | SmileyChris | 2011-09-10 00:32:38 +0200 (Sa, 10 Sep 2011) | 1
 line

   Fix and test for cleaning a non-string value in a URLField
 
   r16748 | gabrielhurley | 2011-09-10 00:33:28 +0200 (Sa, 10 Sep 2011) | 2
 lines

   Fixed #16786 -- Minor cleanups in the memcached section of the caching
 topic guide. Thanks to jamesp for the report and patch.
 
   r16749 | jbronn | 2011-09-10 00:34:23 +0200 (Sa, 10 Sep 2011) | 1 line

   Fixed #16408 -- Fixed conversion of dates, and other problems with the
 SpatiaLite backend.
 
   r16750 | jbronn | 2011-09-10 00:47:18 +0200 (Sa, 10 Sep 2011) | 1 line

   Removed extra call to `syncdb` that slipped in with r16749.
 
   r16752 | SmileyChris | 2011-09-10 00:57:12 +0200 (Sa, 10 Sep 2011) | 1
 line

   Fixes #16664 -- URLField's to_python method fails with ValueError on
 some urls on python 2.7. Based on patch by zigzag.
 
   r16753 | russellm | 2011-09-10 01:02:33 +0200 (Sa, 10 Sep 2011) | 1 line

   Added two pointless query repeats to work around a known issue with
 MySQL that was causing failures in our test suite.
 
   r16754 | gabrielhurley | 2011-09-10 01:25:48 +0200 (Sa, 10 Sep 2011) | 2
 lines

   Fixed #16782 -- Corrected a broken cross-reference to the database
 engine setting in the tutorial. Thanks to mjumbewu for the report and
 patch.
 
   r16756 | kmtracey | 2011-09-10 02:05:48 +0200 (Sa, 10 Sep 2011) | 2
 lines

   Fixed #15722: ensure formsets evaluate to True even if they have no
 forms. Thanks mlavin.
 
   r16757 | jbronn | 2011-09-10 02:29:34 +0200 (Sa, 10 Sep 2011) | 1 line

   Fixed #13670 -- Comparisons with the spatial adapter won't blow up in
 some corner cases.  Thanks, milosu for the bug report and jpaulett for the
 patch.
 
   r16758 | russellm | 2011-09-10 02:46:38 +0200 (Sa, 10 Sep 2011) | 1 line

   Added protection against spoofing of X_FORWARDED_HOST headers. A
 security announcement will be made shortly.
 
   r16759 | russellm | 2011-09-10 02:46:48 +0200 (Sa, 10 Sep 2011) | 1 line

   Corrected an issue which could allow attackers to manipulate session
 data using the cache. A security announcement will be made shortly.
 
   r16760 | russellm | 2011-09-10 02:47:00 +0200 (Sa, 10 Sep 2011) | 1 line

   Altered the behavior of URLField to avoid a potential DOS vector, and to
 avoid potential leakage of local filesystem data. A security announcement
 will be made shortly.
 
   r16770 | Alex | 2011-09-10 03:53:56 +0200 (Sa, 10 Sep 2011) | 1 line

   Make ``Formset.__getitem__`` O(1), rather than O(n).  If you override
 ``__iter__`` you now need to also override ``__getitem__`` for consistant
 behavior.  Thanks to Carl and Russ for the review.
 
   r16773 | Alex | 2011-09-10 04:42:05 +0200 (Sa, 10 Sep 2011) | 1 line

   Fixed #11404.  Added ``FormSet.has_changed``, for consistancy with
 ``Form.has_changed``. Thanks to michelts for the patch.
 
   r16774 | Alex | 2011-09-10 04:52:37 +0200 (Sa, 10 Sep 2011) | 1 line

   Fixed #16793. Added more cross referencing to the load tag's
 documentation.  Thanks to bluejeansummer for the patch.
 
   r16775 | jbronn | 2011-09-10 05:04:30 +0200 (Sa, 10 Sep 2011) | 1 line

   Fixed #16790 -- Modified the geographic admin to work after r16594.
 Thanks, jdiego, for the bug report and patch.
 
   r16776 | carljm | 2011-09-10 05:26:13 +0200 (Sa, 10

Re: [Django] #16494: HttpResponse should raise an error if given a non-string object without `__iter__`

2011-09-14 Thread Django 
#16494: HttpResponse should raise an error if given a non-string object without
`__iter__`
+---
   Reporter:  matt@…|  Owner:  PaulM
   Type:  Bug   | Status:  closed
  Milestone:|  Component:  HTTP handling
Version:  1.3   |   Severity:  Normal
 Resolution:  fixed |   Keywords:
   Triage Stage:  Accepted  |  Has patch:  1
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+---
Changes (by PaulM):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 In [16829]:
 {{{
 #!CommitTicketReference repository="" revision="16829"
 Fixed #16494 by normalizing HttpResponse behavior with non-string input.
 HttpResponse now always converts content to string on output, regardless
 of input type.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16494: HttpResponse should raise an error if given a non-string object without `__iter__`

2011-08-19 Thread Django 
#16494: HttpResponse should raise an error if given a non-string object without
`__iter__`
+---
   Reporter:  matt@…|  Owner:  PaulM
   Type:  Bug   | Status:  new
  Milestone:|  Component:  HTTP handling
Version:  1.3   |   Severity:  Normal
 Resolution:|   Keywords:
   Triage Stage:  Accepted  |  Has patch:  1
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+---

Comment (by PaulM):

 As you say, the normal case is to iterate the `HttpResponse` object. This
 is why it is inappropriate to turn it into a string in `_set_content()`.
 Accessing `content` directly is only the correct thing to do if you're
 consuming the content once and for all, or the original content is not an
 iterator. #7581 is the issue you describe as multiple consuming the
 iterator and has been outstanding for a long time. This patch fixes a
 different issue (though I'm sure the patch for that ticket will need to be
 updated once we commit this).

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16494: HttpResponse should raise an error if given a non-string object without `__iter__`

2011-08-19 Thread Django 
#16494: HttpResponse should raise an error if given a non-string object without
`__iter__`
+---
   Reporter:  matt@…|  Owner:  PaulM
   Type:  Bug   | Status:  new
  Milestone:|  Component:  HTTP handling
Version:  1.3   |   Severity:  Normal
 Resolution:|   Keywords:
   Triage Stage:  Accepted  |  Has patch:  1
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+---
Changes (by akaariai):

 * cc: anssi.kaariainen@… (added)
 * needs_better_patch:  1 => 0


Comment:

 Forget about the string copying. It just doesn't matter performance wise,
 the _get_content isn't called when generating pages.

 If I understand this correctly, which I hope is now the case, the normal
 (as in when running under Apache) path just iterates the response object,
 so that is the case which should be optimized, not the access to .content.

 The multiple consuming of the iterator would be nice to fix, though. But
 even that should not be a blocker for this ticket. The problem exists
 already, and can be fixed separately. So, I removed the patch needs
 improvement flag.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16494: HttpResponse should raise an error if given a non-string object without `__iter__`

2011-08-19 Thread Django 
#16494: HttpResponse should raise an error if given a non-string object without
`__iter__`
+---
   Reporter:  matt@…|  Owner:  PaulM
   Type:  Bug   | Status:  new
  Milestone:|  Component:  HTTP handling
Version:  1.3   |   Severity:  Normal
 Resolution:|   Keywords:
   Triage Stage:  Accepted  |  Has patch:  1
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  1 |  Easy pickings:  0
  UI/UX:  0 |
+---
Changes (by akaariai):

 * needs_better_patch:  0 => 1


Comment:

 I haven't actually tested the patch, but according to my reading of it, I
 think there is one big problem and one smaller problem. Both are present
 already in current code.
  - The big one: If the given content is iter(['a', 'b']), isn't it so that
 on first call of reponse.content you will get 'ab' and on second call ''.
 That is, the iter is consumed on first call and on the second one it is
 already consumed.
  - The smaller one: If the content is already a string, doesn't the
 ''.join(self._container) create a new copy of the string? That seems to be
 non-necessary. The content can be large and there is no point of copying
 it.

 Try the following (should "fail" on both old and new version of
 get_content).
 {{{
 from django.core.management import setup_environ
 import settings
 setup_environ(settings)
 from django.http import HttpResponse
 h = HttpResponse(iter(['a', 'b']))
 print h.content
 print h.content
 }}}

 I think the best approach is to turn the given iterable to a string in
 set_content, store it in self._raw_content. Turn it into correctly encoded
 string when content is asked. Test and make sure there will be as little
 copying of the content as possible, including the conversion to the
 correct encoding. UTF-8 should be the expected result, so maybe
 ._raw_content could be in UTF-8?

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16494: HttpResponse should raise an error if given a non-string object without `__iter__`

2011-08-18 Thread Django 
#16494: HttpResponse should raise an error if given a non-string object without
`__iter__`
+---
   Reporter:  matt@…|  Owner:  PaulM
   Type:  Bug   | Status:  new
  Milestone:|  Component:  HTTP handling
Version:  1.3   |   Severity:  Normal
 Resolution:|   Keywords:
   Triage Stage:  Accepted  |  Has patch:  1
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+---

Comment (by gabrielhurley):

 I'm not overwhelmingly familiar with this chunk of the codebase, but from
 a cursory glance it appears that the provided patch offers a more
 consistent approach to handling the content of `HttpResponse`. The tests
 and docs look reasonable, but I'd like another set of eyes on the code
 itself prior to marking it RFC.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16494: HttpResponse should raise an error if given a non-string object without `__iter__`

2011-08-01 Thread Django 
#16494: HttpResponse should raise an error if given a non-string object without
`__iter__`
+---
   Reporter:  matt@…|  Owner:  PaulM
   Type:  Bug   | Status:  new
  Milestone:|  Component:  HTTP handling
Version:  1.3   |   Severity:  Normal
 Resolution:|   Keywords:
   Triage Stage:  Accepted  |  Has patch:  1
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+---
Changes (by PaulM):

 * has_patch:  0 => 1


Comment:

 I've added a patch that converts everything to strings just before output.
 It cleans up the logic and fixes the original edge-case logic error. It
 also adds tests since this component was relatively under-tested.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16494: HttpResponse should raise an error if given a non-string object without `__iter__`

2011-07-26 Thread Django 
#16494: HttpResponse should raise an error if given a non-string object without
`__iter__`
+---
   Reporter:  matt@…|  Owner:  PaulM
   Type:  Bug   | Status:  new
  Milestone:|  Component:  HTTP handling
Version:  1.3   |   Severity:  Normal
 Resolution:|   Keywords:
   Triage Stage:  Accepted  |  Has patch:  0
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+---

Comment (by PaulM):

 I put together an initial draft of a patch, which adds tests and raises an
 exception on non-string, non-iterator input:
 
https://github.com/PaulMcMillan/django/commit/75052eb95d4648e63def203eb1e2a42e1b261a85

 After further consideration, I noticed that when the
 `HttpResponse.content` is accessed via iterator, it DOES convert to a
 string:
 
https://code.djangoproject.com/browser/django/trunk/django/http/__init__.py#L664

 Given this, the most consistent fix (in line with existing behavior) is to
 convert to string on output. I'm working on a comprehensive patch to both
 clean up the code and do this in a way that is backwards compatible.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16494: HttpResponse should raise an error if given a non-string object without `__iter__`

2011-07-25 Thread Django 
#16494: HttpResponse should raise an error if given a non-string object without
`__iter__`
+---
   Reporter:  matt@…|  Owner:  PaulM
   Type:  Bug   | Status:  new
  Milestone:|  Component:  HTTP handling
Version:  1.3   |   Severity:  Normal
 Resolution:|   Keywords:
   Triage Stage:  Accepted  |  Has patch:  0
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+---
Changes (by PaulM):

 * owner:  nobody => PaulM
 * status:  reopened => new


Comment:

 @anonymous I looked through the changelog and didn't see any recent
 changes in `django/http/__init__.py` that would have affected this. There
 may have been some elsewhere.

 Your post points out that we have this bug in the `_container` property as
 well. I'll work on a patch here - I don't see any good reason not to
 convert to a string when setting `HttpResponse._container`, since we go on
 to use it as a string.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16494: HttpResponse should raise an error if given a non-string object without `__iter__`

2011-07-25 Thread Django 
#16494: HttpResponse should raise an error if given a non-string object without
`__iter__`
+---
   Reporter:  matt@…|  Owner:  nobody
   Type:  Bug   | Status:  reopened
  Milestone:|  Component:  HTTP handling
Version:  1.3   |   Severity:  Normal
 Resolution:|   Keywords:
   Triage Stage:  Accepted  |  Has patch:  0
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+---

Comment (by anonymous):

 I just ran into this today. I was returning the pk of an object in the
 HttpResponse object like so:


 {{{
 return HttpResponse(obj.pk)
 }}}


 This caused the same error. One fix that I found floating around the
 internet was changing this:


 {{{
 def _get_content(self):
 if self.has_header('Content-Encoding'):
 return ''.join(self._container)
 return smart_str(''.join(self._container), self._charset)
 }}}


 to this:


 {{{
 def _get_content(self):
 if self.has_header('Content-Encoding'):
 return ''.join(self._container)
 return smart_str(''.join(map(str, self._container)),
 self._charset)
 }}}


 This would fix it as far as just forcing everything to a string. It worked
 for me when I tried it. However, in the interest of not modifying Django's
 libraries unnecessarily, I'll just be going through my code and fixing it
 there. It would be nice, though, if this were to make it into Django at
 some point. It seems unnecessary to have to call


 {{{
 HttpResponse(str(obj.pk))
 }}}

 Lastly, it seems likely that this appeared in Django 1.3. I upgraded not
 too long ago, and had no problems up until that point. This is the first
 time noticing this problem.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Re: [Django] #16494: HttpResponse should raise an error if given a non-string object without `__iter__` (was: django.http.HttpResponse __unicode__ raises TypeError during test)

2011-07-21 Thread Django 
#16494: HttpResponse should raise an error if given a non-string object without
`__iter__`
+---
   Reporter:  matt@…|  Owner:  nobody
   Type:  Bug   | Status:  reopened
  Milestone:|  Component:  HTTP handling
Version:  1.3   |   Severity:  Normal
 Resolution:|   Keywords:
   Triage Stage:  Accepted  |  Has patch:  0
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  0
  UI/UX:  0 |
+---
Changes (by PaulM):

 * has_patch:  1 => 0
 * stage:  Unreviewed => Accepted
 * easy:  1 => 0


Comment:

 The relevant code is here:
 
https://code.djangoproject.com/browser/django/trunk/django/http/__init__.py#L546

 Django currently assumes that everything that is an instance of the base
 string or has no `__iter__` property is a string.

 We should either be converting to a string on line 550, or raising an
 error if that object is not a string. I'm in favor of doing the string
 conversion.

 This looks like a legitimate bug to me, so I'm marking it as such and
 changing the title to reflect the real issue.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.