date:20100829

sir, i am very new in  django?

 so, please  sir help.
tell me, how to code Views.py file  to solve my problem.
 I am confused.

 I have read tutorial / documentation at _, but could not get a
 bare minimum example to code Views.py, if there is any, kindly help me
 by posting link.

I just only want get to values from form, store in database, then add
these values
and finally store the output in database

Thanks




-- 
Harbhag Singh Sohal
Website : http://harbhag.wordpress.com/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Unable to add two Numbers

On Mon, Aug 30, 2010 at 7:21 AM, Kenneth Gonsalves wrote:

> On Sun, 2010-08-29 at 22:50 +0530, Harbhag Singh Sohal wrote:
> > me try use request.POST function to get the value, but me also fail to
> > get the form values.
> >
> > Please suggest me how i get the value from form text fields and store
> > in database.
>
> please post your code
> --
> regards
> Kenneth Gonsalves
>
> I have already posted the code in the above posts . For more details please
check the links above .
-- 
Harbhag Singh Sohal
Website : http://harbhag.wordpress.com/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

On 30 August 2010 11:04, Russell Keith-Magee  wrote:
> On Sun, Aug 29, 2010 at 8:26 PM, dave b  wrote:
>  1) An actual problem where you can clearly describe the circumstances
> or sequence of events that would allow an attack to occur, and
>  2) Something that is actually Django's problem -- by which I mean,
> something that is actually Django's responsibility to solve, rather
> than something that is a webserver configuration issue.
>
> At this point, it's not clear to me that either of these two things
> are true. Based on your messages and the feedback from Graham and
> Steve, it sounds like you're describing an attack that *could* exist,
> but only if you've got a misconfigured (or badly implemented) web
> server.
>
> If you believe that I'm wrong, and there *is* an actual problem, you
> need to convince us. This doesn't mean posting large wads of Django's
> source code and proposed patches over multiple messages. It means
> describing in clear, concise language exactly what conditions need to
> exist for a problem to occur.
>
> Yours,
> Russ Magee %-)

Morning. Will do so below here.
Just do remember, there is more than one way to run a httpd, some of
us run our own custom stuff ;) and not everyone is using a setup like
you have.

---

Feature: Attacker crashes your django installation via file uploading
As attacker
I want to crash your django installation
To take your site down or reduce its availability, so I can steal the
underpants and then profit

Background:
Given I am an attacker
And you have uploads enabled with the default settings (memory and
temporary file).
And you are running on a platform with /tmp

Feature: I upload a 1gb file and have this go into system memory
Given I have a 1gb file
When I uploaded it to the website
Then I should see that your system now has used an additional 1gb of /tmp
And available system memory is now reduced

So basically I was saying there are two problems.
One is if the httpd isn't behaving properly(this is probably not
entirely true) with respect to the content length field and abusing
memory limitation.
The second issue is that there is no *default* set limit on temporary
file uploads, so any file larger than 2.5mb can find its way to /tmp
and there is no limit on the size of these files in django core.
That is there is no set limit on the size of a temporary file upload.
The second problem is going to exist within the bounds of the set
limits of the webserver and the various mods that are used with
django.

In an extreme and very unlikely case, the httpd may ungzip the data
from the attacker and modify the content length (when it knows what it
should be - the connection is terminated ) with django getting a large
amount of data to store from a much smaller user body request.

--
Let me take you a button-hole lower.-- William Shakespeare, "Love's
Labour's Lost"

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Unable to add two Numbers

2010-08-29 Thread Kenneth Gonsalves

On Sun, 2010-08-29 at 22:50 +0530, Harbhag Singh Sohal wrote:
> me try use request.POST function to get the value, but me also fail to
> get the form values.
> 
> Please suggest me how i get the value from form text fields and store
> in database. 

please post your code
-- 
regards
Kenneth Gonsalves

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: adding user instance to the comments constructor for a dynamic comment form

2010-08-29 Thread Cody Django

sure, whatever.  maybe you miss the point: I'd like to include the
user instance in the constructor.  Is there a way to do this without
rewriting the comments framework?

C



On Aug 29, 4:24 pm, "Evan H. Carmi"  wrote:
> On Sun, 29 Aug 2010 16:08:45 -0700 (PDT)
>
> Cody Django  wrote:
> > I'd like to have the comment form contain a captcha if the user is
> > logged in.
>
> Do you mean "have the comment form contain a captcha if the user *is
> not* logged in?
>
> -E

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-29 Thread Russell Keith-Magee

On Sun, Aug 29, 2010 at 8:26 PM, dave b  wrote:
>> Anyway, since you have done your civic duty there's a good chance that a
>> fix will find its way into some future version. Thanks for being a good
>> citizen.
>
> Django is an awesome project and. However, a bug is a bug. I don't
> care if it is a security bug or not, a bug *should* get fixed.
>
> FYI: I sent this information originally to the django security contact
> email address as per the website.
> This is what I got back.
>
>
> "I'll be on vacation and offline until December 27th.

This is deeply concerning. This is the second time in very recent
memory that someone has said they've had difficulty getting through to
secur...@djangoproject.org.

I need to do some investigation to determine exactly what is going on
here. Allow me to assure you that we take security reports *very*
seriously, and if people are having problems contacting security@,
then this is a problem we need to solve as a very high priority.

As for the problem: At this point, I'm thoroughly confused about what
you're actually describing. In order for this to be something that
needs a fix, it needs to be:

 1) An actual problem where you can clearly describe the circumstances
or sequence of events that would allow an attack to occur, and
 2) Something that is actually Django's problem -- by which I mean,
something that is actually Django's responsibility to solve, rather
than something that is a webserver configuration issue.

At this point, it's not clear to me that either of these two things
are true. Based on your messages and the feedback from Graham and
Steve, it sounds like you're describing an attack that *could* exist,
but only if you've got a misconfigured (or badly implemented) web
server.

If you believe that I'm wrong, and there *is* an actual problem, you
need to convince us. This doesn't mean posting large wads of Django's
source code and proposed patches over multiple messages. It means
describing in clear, concise language exactly what conditions need to
exist for a problem to occur.

Yours,
Russ Magee %-)

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: adding user instance to the comments constructor for a dynamic comment form

2010-08-29 Thread Evan H. Carmi

On Sun, 29 Aug 2010 16:08:45 -0700 (PDT)
Cody Django  wrote:

> I'd like to have the comment form contain a captcha if the user is
> logged in.
Do you mean "have the comment form contain a captcha if the user *is
not* logged in?

-E

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-29 Thread Graham Dumpleton

On Aug 29, 9:43 pm, dave b  wrote:
> > OK, so you don't believe the advice you are getting, which is that of
> > the many issues a Django sit will face this is a relatively low
> > probability attack. That's fair enough - a vulnerability is a
> > vulnerability, after all, no matter how improbable, and not everyone
> > will set up their production systems to be correctly protected by a
> > front-end server.
>
> > If you really want to see this in Django you would be better advised to
> > post it in the issue tracker, where it will not get lost.
>
> Ok I will do this :-)
>
> Sure Also, Wow gmail is a horrible email client. I am so used to $else.
> The patch I included in my previous email should not break any *real*
> clients, only evil ones(potentially).
>
> As I understand it an attacker can abuse gzip user requests, if
> mod_deflate is enabled (AND configured to decompress incoming user
> requests - this is not the default)  in apache2 with a user gziped
> request body.

You are again possibly getting overly worried about nothing here.

This is because use of a mutating input filter such as mod_deflate
with a WSGI based application is not possible.

As I said before, a WSGI application is not supposed to read more
content than is specified by the request content length, if it is, it
is a non compliant WSGI application.

For the case of mod_deflate, in decompressing the request content, it
cannot know in advance what the new content length will be. As such,
it leaves the original content length header intact. This means that a
conforming WSGI application would still only read up to that original
content length even if you were to enable mod_deflate. The result
being that the decompressed request content would actually be
truncated at the content length specified for the original compressed
content.

In short, you can not use mod_deflate on request content with
conforming WSGI applications as that would only read up to the
original content length. I have blogged about this limitation of WSGI
in the past, so maybe you should go search through postings on my
blog.

As I asked you before, have you actually run tests to prove your
hypothesis that this is all broken? If you have, then post what
hosting configuration and software you are using.

Graham

> So an attack could do effectively have a file like this:
>
> f = open("rar", "w")
> string = ""
> for i in range(0, 1000):
>         string += " " + "1"
> f.write(string)
> f.close()
>
> ls -lah 20M 2010-08-29 17:15 rar
>
> (except replace write with append and do it a lot more ;) )   and then
> send it gziped as in the request body.
>
> Just for fun ;)
> gzip rar
> ls -lah 19K 2010-08-29 17:15 rar.gz
>
> So  django will receive the original 20M file (as the httpd has
> uncompressed it for django ) afaik.
>
> see Input Decompression 
> athttp://httpd.apache.org/docs/2.0/mod/mod_deflate.html

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

adding user instance to the comments constructor for a dynamic comment form

2010-08-29 Thread Cody Django

I'd like to have the comment form contain a captcha if the user is
logged in.  short of rewriting the provided comment template tags I
haven't found a solution.   I'm curious if this issue hasn't been
already addressed.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Overriding flatpages class meta

On 8/29/2010 6:51 PM, Goran wrote:
> Thanks for the answer Steve. I'm Django and Python novice and here is
> what I was try. But it doesn't work.
> 
> from django.contrib.flatpages.models import FlatPage
> 
> class NewFlatpage(FlatPage):
> 
> class Meta:

The Meta class would need to subclass FlatPage.Meta, otherwise it won't
have the necessary FlatPage special sauces. I don't guarantee even that
will work, but try

class NewFlatpage(FlatPage):

class Meta(FlatPage.Meta):
verbose_name_plural = "New_name"

regards
 Steve

> verbose_name_plural = "New_name"
> 
> 
> 
> On Aug 26, 4:39 am, Steve Holden  wrote:
>> On 8/25/2010 8:26 PM, Goran wrote:> I need another verbose_name_plural for 
>> Flat pages so i need to
>>> overrideclassmetafor it right? How can I do that?
>>
>> [Caveat: this is a guess from general Python knowledge]
>>
>> Have you tried creating a subclass of Flatpage, whose body simply
>> declares aMetaclasswhich is a subclass of Flatpage.Meta?
>>
>> regards
>>  Steve
>> --
>> DjangoCon US 2010 September 7-9http://djangocon.us/
> 


-- 
DjangoCon US 2010 September 7-9 http://djangocon.us/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Overriding flatpages class meta

2010-08-29 Thread Goran

Thanks for the answer Steve. I'm Django and Python novice and here is
what I was try. But it doesn't work.

from django.contrib.flatpages.models import FlatPage

class NewFlatpage(FlatPage):

class Meta:
verbose_name_plural = "New_name"



On Aug 26, 4:39 am, Steve Holden  wrote:
> On 8/25/2010 8:26 PM, Goran wrote:> I need another verbose_name_plural for 
> Flat pages so i need to
> > overrideclassmetafor it right? How can I do that?
>
> [Caveat: this is a guess from general Python knowledge]
>
> Have you tried creating a subclass of Flatpage, whose body simply
> declares aMetaclasswhich is a subclass of Flatpage.Meta?
>
> regards
>  Steve
> --
> DjangoCon US 2010 September 7-9http://djangocon.us/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

prepopulated_fields do not work at all Django 1.2

2010-08-29 Thread Goran

I have strange problem, on my development server everything is fine
but I'm use Django 1.1 but on the production server (Django 1.2)
prepopulated_fields don't work. Does anyone have the same problem? Any
suggestion?

class UniverzitetAdmin(admin.ModelAdmin):
prepopulated_fields = {"url": ("naziv",)}

admin.site.register(Univerzitet, UniverzitetAdmin)

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Де факто - Вам не нужен полный список. Но если так хочется, то
достаточно инициально поддерживать список самых распростанённых агентов
и сделать ссылки "нормальная/мобильная версия". Каждый клик
протоколировать и из этой информации модифицировать список.

Спасибо за перевод моего вопроса, но тут дело в том, что я уже видел
эту страницу, и список там далеко не полный, и тем более, список этот
постоянно пополняется, с выходом новых ОС для мобильников.
Как реализовать универсальный проверку? Создать свой словарь из кусков
возможных User Agent'ов без использования цифр версий ОС и тд и
проверять его вхождение в полученный User Agent зашедшего на сайт
пользователя?

--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.

Re: Moderation of posts

2010-08-29 Thread Karen Tracey

The mail you sent on August 24 was approved through moderation, you can see
it here:

http://groups.google.com/group/django-users/browse_thread/thread/48ac828afbe07bf2/

Since then your posts have not been moderated; generally once someone sends
a non-spam posting to the group they are allowed to post without moderation.
I don't see any record in my mail archive of any other messages held for
moderation from you. In fact I don't see that one either -- I have noticed
lately that there are  sometimes more messages from new posters in the
moderation queue than moderation emails I have received. If your other
message looked identical to the one that got posted then likely it was
removed as a duplicate by whoever approved the one that did go through. If
it was different, I have no idea what happened to it.

Also, Google Groups does occasionally, and using no algorithm I can discern,
decide to hold posts from approved members because, it says, the "message
may be spam". When it does this no mail is sent to moderators until a day or
two (or three) later, so these posts sometimes do get held up for a while.
Usually, though, there are enough new member postings that someone visits
the moderation page often enough to see these oddball cases and move them
along fairly quickly.

Karen

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Moderation of posts

2010-08-29 Thread Shamail Tayyab

Hi,

  I've sent a couple of posts and it waits for moderation, but never
get cleared. I never even get any denial reason or something. Just
checking if this message reaches..

Thanks

-- 
Shamail Tayyab
Blog: http://shamail.in/blog

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: GeoDjango: default 4326 SRID doesn't work for transform()

2010-08-29 Thread kyleduncan

Sorry, i forgot to mention that this is the model field I am
retrieving user's locations from:

location = geomodels.PointField(null=True, blank=True)

which comes back as:

POINT(longitude, latitude)

and we are using a PostGreSQL database.

On Aug 29, 6:45 pm, kyleduncan  wrote:
> Hi all,
>
> I am trying to do obtain the distance between two users on my site,
> using code I found in this group. We already have geoDjango installed,
> though i'm wondering if my problem comes from being on an old version
> (i dont know which version we're using - if somebody could tell me how
> to check that would be great). We are running Django 1.1
>
> the code i am using is:
>
> from django.contrib.gis.geos import Point
> from django.contrib.gis.measure import D
>
> my_location = request.user.get_profile().location
>             their_location = other_user.get_profile().location
>
>             my_location.transform(4326)
>             their_location.transform(4326)
>             distance = my_location.distance(their_location)
>
>             if request.user.get_profile().get_preferences().use_metric
> == 1:
>                 distance_result =
> round(D(m=my_location.distance(their_location)).km, 1)
>             else:
>                 distance_result =
> round(D(m=my_location.distance(their_location)).mi, 1)
>
> the last section is just a check to see whether the user wants the
> result in miles or km. the bit that's troubles me is the transform()
> section. if i put in 4326, i just get 0.0 as the result. if i put in
> nothing so it's just transform() (which i understand should use 4326),
> i get this django Error:
>
> TypeError at /members/GayHopHelper/
>
> transform() takes at least 2 arguments (1 given)
>
> the only thing that works so far is using SRID 32140, which is for
> south texas. the results seem ok but definitely a bit inaccurate,
> which is to be expected.
>
> i'm not a Django export at all so maybe this all just comes from being
> on an old version of GeoDjango and i need to upgrade. if that's all it
> is then sorry for wasting time (i'm not a sys admin and dont know much
> about Django so cant upgrade myself easily).

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Unable to add two Numbers

2010-08-29 Thread Daniel Roseman

> I have written the code
> model.py
> from django.db import models
>
> class Math(models.Model):
>    input1 = models.IntegerField()
>    input2 = models.IntegerField()
>    output = models.IntegerField()
>
> Views.py file
>
> from django.template import RequestContext
> from django.shortcuts import render_to_response
> from mysite.maths.models import Math
> from django.http import Http404
> from django.shortcuts import render_to_response, get_object_or_404
> from django.http import HttpResponseRedirect, HttpResponse
> from django.template import RequestContext
>
> def index(request):
>    latest_math_list = Math.objects.all().order_by('
> id')[:5]
>    return render_to_response('maths/index.html', {'latest_math_list':
> latest_math_list})
>
> def detail(request, math_id):
>    p = get_object_or_404(Math, pk=math_id)
>    return render_to_response('maths/detail.html', {'math': p},
>                               context_instance=RequestContext(request))
> def results(request, math_id):
>    p = get_object_or_404(Math, pk=math_id)
>    return render_to_response('maths/results.html', {'math': p})
>
> def vote(request, math_id):
>    p = get_object_or_404(Math, pk=math_id)
>    try:
>        selected_input1 = p.math_set.get(pk=request.POST['input1'])
>        selected_input2 = p.math_set.get(pk=request.POST['input2'])
>    except (KeyError, Math.DoesNotExist):
>   # Redisplay the poll voting form.
>        return render_to_response('maths/detail.html', {
>            'poll': p,
>            'error_message': "You didn't fill a value.",
>        }, context_instance=RequestContext(request))
>    else:
>        selected_output = selected_input1 + selected_input2
>        selected_output.save()
>
>        return HttpResponseRedirect(reverse('mysite.maths.views.results',
> args=(p.id
>
> ,)))
>
> problem is in def vote function.

And you still don't tell us what the actual problem is. There are two
obvious issues with the code you've posted, but you haven't told us
which issue you are encountering.

Firstly, you get a Math object `p`, then get another two Math
instances via `p.math_set.get()`. With the code you've posted, the
Math model doesn't have a `math_set` attribute - for that to exist,
the model would need to have a foreign key relationship to self, which
it doesn't have. It's not clear what you are trying to do here.

Secondly, presuming that works, selected_input1 and selected_input2
are both instances of the Math model. You haven't defined an __add__
method on Math, so adding two instances makes no sense. If you just
want to add two numbers and save the result, just do that, don't try
to add the instances.
--
DR.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

GeoDjango: default 4326 SRID doesn't work for transform()

2010-08-29 Thread kyleduncan

Hi all,

I am trying to do obtain the distance between two users on my site,
using code I found in this group. We already have geoDjango installed,
though i'm wondering if my problem comes from being on an old version
(i dont know which version we're using - if somebody could tell me how
to check that would be great). We are running Django 1.1

the code i am using is:

from django.contrib.gis.geos import Point
from django.contrib.gis.measure import D

my_location = request.user.get_profile().location
their_location = other_user.get_profile().location

my_location.transform(4326)
their_location.transform(4326)
distance = my_location.distance(their_location)

if request.user.get_profile().get_preferences().use_metric
== 1:
distance_result =
round(D(m=my_location.distance(their_location)).km, 1)
else:
distance_result =
round(D(m=my_location.distance(their_location)).mi, 1)

the last section is just a check to see whether the user wants the
result in miles or km. the bit that's troubles me is the transform()
section. if i put in 4326, i just get 0.0 as the result. if i put in
nothing so it's just transform() (which i understand should use 4326),
i get this django Error:

TypeError at /members/GayHopHelper/

transform() takes at least 2 arguments (1 given)

the only thing that works so far is using SRID 32140, which is for
south texas. the results seem ok but definitely a bit inaccurate,
which is to be expected.

i'm not a Django export at all so maybe this all just comes from being
on an old version of GeoDjango and i need to upgrade. if that's all it
is then sorry for wasting time (i'm not a sys admin and dont know much
about Django so cant upgrade myself easily).

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Unable to add two Numbers

On Sun, Aug 29, 2010 at 11:22 PM, Harbhag Singh Sohal <
harbhag.so...@gmail.com> wrote:

>
>
> On Sun, Aug 29, 2010 at 10:56 PM, Steve Holden wrote:
>
>> On 8/29/2010 1:20 PM, Harbhag Singh Sohal wrote:
>> > i am the new user of Django, i try the tutorials of  django wesite
>> > http://docs.djangoproject.com/en/1.2/intro/tutorial01/
>> >
>> >
>> >
>> > Now i create a application in django to add two numbers, After filling
>> form.
>> > and store the values of two inputs and output after add two numbers in
>> > databases.
>> >
>> > me able to create form and database using model.py file and using
>> template,
>> > but me face problem to store the two input value in database after
>> > filling in form text box.
>> >
>> > me try use request.POST function to get the value, but me also fail to
>> > get the form values.
>> >
>> > Please suggest me how i get the value from form text fields and store
>> > in database.
>> >
>> Harbagh:
>>
>> Your question is the approximate equivalent of:
>>
>>  "I have a car, but when I try to drive it it doesn't work"
>>
>> You don't show any code, you don't give us any error messages, you don't
>> describe the failure mode at all. You simply say that you fail tp get
>> the form values and you "face a problem" in storing the information in
>> the database.
>>
>> Is it that you don't know how to write the code, or that the code you
>> have written isn't working.
>>
>>
>>
> I have written the code
> model.py
> from django.db import models
>
> class Math(models.Model):
>input1 = models.IntegerField()
>input2 = models.IntegerField()
>output = models.IntegerField()
>
> Views.py file
>
> from django.template import RequestContext
> from django.shortcuts import render_to_response
> from mysite.maths.models import Math
> from django.http import Http404
> from django.shortcuts import render_to_response, get_object_or_404
> from django.http import HttpResponseRedirect, HttpResponse
> from django.template import RequestContext
>
> def index(request):
>latest_math_list = Math.objects.all().order_by('
> id')[:5]
>return render_to_response('maths/index.html', {'latest_math_list':
> latest_math_list})
>
> def detail(request, math_id):
>p = get_object_or_404(Math, pk=math_id)
>return render_to_response('maths/detail.html', {'math': p},
>   context_instance=RequestContext(request))
> def results(request, math_id):
>p = get_object_or_404(Math, pk=math_id)
>return render_to_response('maths/results.html', {'math': p})
>
> def vote(request, math_id):
>p = get_object_or_404(Math, pk=math_id)
>try:
>selected_input1 = p.math_set.get(pk=request.POST['input1'])
>selected_input2 = p.math_set.get(pk=request.POST['input2'])
>except (KeyError, Math.DoesNotExist):
>   # Redisplay the poll voting form.
>return render_to_response('maths/detail.html', {
>'poll': p,
>'error_message': "You didn't fill a value.",
>}, context_instance=RequestContext(request))
>else:
>selected_output = selected_input1 + selected_input2
>selected_output.save()
>
>return HttpResponseRedirect(reverse('mysite.maths.views.results',
> args=(p.id
>
> ,)))
>
> problem is in def vote function.
>
>
> for code:-
http://202.164.53.116/~jagdeep/mysite/maths/


http://202.164.53.116/~jagdeep/mytemplates/maths/



and also check site
http://202.164.53.116/django/maths/2/





-- 
Harbhag Singh Sohal
Website : http://harbhag.wordpress.com/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Unable to add two Numbers

On Sun, Aug 29, 2010 at 10:56 PM, Steve Holden  wrote:

> On 8/29/2010 1:20 PM, Harbhag Singh Sohal wrote:
> > i am the new user of Django, i try the tutorials of  django wesite
> > http://docs.djangoproject.com/en/1.2/intro/tutorial01/
> >
> >
> >
> > Now i create a application in django to add two numbers, After filling
> form.
> > and store the values of two inputs and output after add two numbers in
> > databases.
> >
> > me able to create form and database using model.py file and using
> template,
> > but me face problem to store the two input value in database after
> > filling in form text box.
> >
> > me try use request.POST function to get the value, but me also fail to
> > get the form values.
> >
> > Please suggest me how i get the value from form text fields and store
> > in database.
> >
> Harbagh:
>
> Your question is the approximate equivalent of:
>
>  "I have a car, but when I try to drive it it doesn't work"
>
> You don't show any code, you don't give us any error messages, you don't
> describe the failure mode at all. You simply say that you fail tp get
> the form values and you "face a problem" in storing the information in
> the database.
>
> Is it that you don't know how to write the code, or that the code you
> have written isn't working.
>
>
>
I have written the code
model.py
from django.db import models

class Math(models.Model):
   input1 = models.IntegerField()
   input2 = models.IntegerField()
   output = models.IntegerField()

Views.py file

from django.template import RequestContext
from django.shortcuts import render_to_response
from mysite.maths.models import Math
from django.http import Http404
from django.shortcuts import render_to_response, get_object_or_404
from django.http import HttpResponseRedirect, HttpResponse
from django.template import RequestContext

def index(request):
   latest_math_list = Math.objects.all().order_by('
id')[:5]
   return render_to_response('maths/index.html', {'latest_math_list':
latest_math_list})

def detail(request, math_id):
   p = get_object_or_404(Math, pk=math_id)
   return render_to_response('maths/detail.html', {'math': p},
  context_instance=RequestContext(request))
def results(request, math_id):
   p = get_object_or_404(Math, pk=math_id)
   return render_to_response('maths/results.html', {'math': p})

def vote(request, math_id):
   p = get_object_or_404(Math, pk=math_id)
   try:
   selected_input1 = p.math_set.get(pk=request.POST['input1'])
   selected_input2 = p.math_set.get(pk=request.POST['input2'])
   except (KeyError, Math.DoesNotExist):
  # Redisplay the poll voting form.
   return render_to_response('maths/detail.html', {
   'poll': p,
   'error_message': "You didn't fill a value.",
   }, context_instance=RequestContext(request))
   else:
   selected_output = selected_input1 + selected_input2
   selected_output.save()

   return HttpResponseRedirect(reverse('mysite.maths.views.results',
args=(p.id

,)))

problem is in def vote function.


-- 
Harbhag Singh Sohal
Website : http://harbhag.wordpress.com/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Мобильная версия

2010-08-29 Thread Aspontus

You probably mean
http://code.google.com/p/djangobile/
But it seems it was last updated about a year ago.
Anyway I hope it helps.
Cheers

On 28 Sie, 15:56, Sergey Panfilov  wrote:
> Замучаетесь поддерживать список user-agent. По-моему, я видел
> приложение django-mobile, которое использует базу данных wurfl.
>
> On 27 авг, 05:42, Vanger - irk  wrote:
>
> > не могу понять, как лучше реализовать определение того, что человек
> > зашел сейчас с мобилы, и что мне нужно подсунуть ему мобильную
> > версию ?
> > Может быть кто-то уже реализовывал эти моменты?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Unable to add two Numbers

On 8/29/2010 1:20 PM, Harbhag Singh Sohal wrote:
> i am the new user of Django, i try the tutorials of  django wesite
> http://docs.djangoproject.com/en/1.2/intro/tutorial01/
>  
> 
> 
> Now i create a application in django to add two numbers, After filling form.
> and store the values of two inputs and output after add two numbers in
> databases.
> 
> me able to create form and database using model.py file and using template,
> but me face problem to store the two input value in database after
> filling in form text box.
> 
> me try use request.POST function to get the value, but me also fail to
> get the form values.
> 
> Please suggest me how i get the value from form text fields and store
> in database.
> 
Harbagh:

Your question is the approximate equivalent of:

  "I have a car, but when I try to drive it it doesn't work"

You don't show any code, you don't give us any error messages, you don't
describe the failure mode at all. You simply say that you fail tp get
the form values and you "face a problem" in storing the information in
the database.

Is it that you don't know how to write the code, or that the code you
have written isn't working.

regards
 Steve
-- 
DjangoCon US 2010 September 7-9 http://djangocon.us/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Unable to add two Numbers

i am the new user of Django, i try the tutorials of  django wesite
http://docs.djangoproject.com/en/1.2/intro/tutorial01/



Now i create a application in django to add two numbers, After filling form.
and store the values of two inputs and output after add two numbers in
databases.

me able to create form and database using model.py file and using template,
but me face problem to store the two input value in database after
filling in form text box.

me try use request.POST function to get the value, but me also fail to
get the form values.

Please suggest me how i get the value from form text fields and store
in database.

-- 
Harbhag Singh Sohal
Website : http://harbhag.wordpress.com/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Pass extra data in post_save?

2010-08-29 Thread bruno desthuilliers

On 27 août, 18:07, AK  wrote:
> From what I can tell in the documentation, a post_save signal only
> passes sender, instance, created, and using.  I would love to use this
> signal to update information in the instance, such as the datetime of
> when it was saved.

Just add a datetime field with 'autonow=True', it will work OOTB.

>  This would be fine, except that I want to also
> keep track of the user who made the save (from request.user).

If you want request.user, you need to have access to the request
object. IOW, you have to do this by yourself in your views.


>  What is
> the best way to get this information to a post-save signal?

The best way is to avoid using post_save for such things - what do you
think will happen if you call instance.save on the instance passed to
a post_save signal ?-)



-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

> Anyway, since you have done your civic duty there's a good chance that a
> fix will find its way into some future version. Thanks for being a good
> citizen.

Django is an awesome project and. However, a bug is a bug. I don't
care if it is a security bug or not, a bug *should* get fixed.

FYI: I sent this information originally to the django security contact
email address as per the website.
This is what I got back.


"I'll be on vacation and offline until December 27th.

I likely won't be responding to the majority of email received between
now and then. If it's important, please re-send the email after the
27th.

Revolution Systems clients should contact  and/or
Frank Wiles at .

In an emergency, I can be contacted at the Ranguana Lodge in
Placencia, Belize. The local number is 523-3112; callers from the US
should call 011-501-523-3112.

Thanks!

Jacob"

So I understand people are busy etc. but ... django is a large project
why did I receive this email?

Required  That's ok all attackers will not look for security
problems in django will not look for bugs while Jacob is away.



--
The ripest fruit falls first.   -- William Shakespeare, "Richard II"

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

On 8/29/2010 8:07 AM, dave b wrote:
>> An attacker could also assemble a powerful explosive device and detonate
>> it near enough your hosting service to take your site down. What
>> counter-measures are you going to take against that?
> 
> Good question. I have two cats and they like to lick people ^^
> They are a bit friendly I guess. Do you think I can train them to
> pounce on strangers?
> 
> 
>> You perhaps feel people aren't taking your proposal seriously enough.
>> The fact of the matter is that security is never absolute, and on a
>> threat scale of 0 to 10 this issue comes in at about 1.7. If you are
>> running a professional service and you are monitoring it correctly then
>> you ought to notice an attack of this nature before it does too much damage.
> 
> Look I send you guys an email, I send a patch for one of the problems
> and point out the second one. I just can't make you guys happy can I ?
> 
> http://cwe.mitre.org/top25/
> [22]  145 CWE-770 Allocation of Resources Without Limits or 
> Throttling
> http://cwe.mitre.org/top25/#CWE-770
> But ok if you say so ;)
> I wonder how much ram most django commonly found django installations
> that allow file upload on the internet have?  now remember a lot of
> those have a fairly fast download and upload ;)
> bonus points if they have mod_deflate decompressing the user body request ;)
> 
>> I repeat, you may be correct in treating this as a vulnerability, but
>> your estimate of its seriousness appears to disagree with that of
>> others. If you want to have your code seriously considered for inclusion
>> (and why not?) you should raise it in the Django issue tracker - see
>> "Reporting Bugs" in
> 
> I did as I was suggested to do so :)
> Some one first told me on irc in #django that I should raise it here first :)
> 
> Please see http://code.djangoproject.com/ticket/14192

That's cool. Sorry I nagged you unnecessarily. Yes, it might be a
problem. But you'll notice it's #22 on a list of 25 ...

Anyway, since you have done your civic duty there's a good chance that a
fix will find its way into some future version. Thanks for being a good
citizen.

regards
 Steve

-- 
DjangoCon US 2010 September 7-9 http://djangocon.us/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

> An attacker could also assemble a powerful explosive device and detonate
> it near enough your hosting service to take your site down. What
> counter-measures are you going to take against that?

Good question. I have two cats and they like to lick people ^^
They are a bit friendly I guess. Do you think I can train them to
pounce on strangers?


> You perhaps feel people aren't taking your proposal seriously enough.
> The fact of the matter is that security is never absolute, and on a
> threat scale of 0 to 10 this issue comes in at about 1.7. If you are
> running a professional service and you are monitoring it correctly then
> you ought to notice an attack of this nature before it does too much damage.

Look I send you guys an email, I send a patch for one of the problems
and point out the second one. I just can't make you guys happy can I ?

http://cwe.mitre.org/top25/
[22]145 CWE-770 Allocation of Resources Without Limits or 
Throttling
http://cwe.mitre.org/top25/#CWE-770
But ok if you say so ;)
I wonder how much ram most django commonly found django installations
that allow file upload on the internet have?  now remember a lot of
those have a fairly fast download and upload ;)
bonus points if they have mod_deflate decompressing the user body request ;)

> I repeat, you may be correct in treating this as a vulnerability, but
> your estimate of its seriousness appears to disagree with that of
> others. If you want to have your code seriously considered for inclusion
> (and why not?) you should raise it in the Django issue tracker - see
> "Reporting Bugs" in

I did as I was suggested to do so :)
Some one first told me on irc in #django that I should raise it here first :)

Please see http://code.djangoproject.com/ticket/14192

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

On 8/29/2010 7:43 AM, dave b wrote:
>> OK, so you don't believe the advice you are getting, which is that of
>> the many issues a Django sit will face this is a relatively low
>> probability attack. That's fair enough - a vulnerability is a
>> vulnerability, after all, no matter how improbable, and not everyone
>> will set up their production systems to be correctly protected by a
>> front-end server.
>>
>> If you really want to see this in Django you would be better advised to
>> post it in the issue tracker, where it will not get lost.
>>
>>
> 
> Ok I will do this :-)
> 
> Sure Also, Wow gmail is a horrible email client. I am so used to $else.
> The patch I included in my previous email should not break any *real*
> clients, only evil ones(potentially).
> 
> As I understand it an attacker can abuse gzip user requests, if
> mod_deflate is enabled (AND configured to decompress incoming user
> requests - this is not the default)  in apache2 with a user gziped
> request body.
> 
> So an attack could do effectively have a file like this:
> 
> f = open("rar", "w")
> string = ""
> for i in range(0, 1000):
>   string += " " + "1"
> f.write(string)
> f.close()
> 
> ls -lah 20M 2010-08-29 17:15 rar
> 
> (except replace write with append and do it a lot more ;) )   and then
> send it gziped as in the request body.
> 
> Just for fun ;)
> gzip rar
> ls -lah 19K 2010-08-29 17:15 rar.gz
> 
> So  django will receive the original 20M file (as the httpd has
> uncompressed it for django ) afaik.
> 
> see Input Decompression at 
> http://httpd.apache.org/docs/2.0/mod/mod_deflate.html

An attacker could also assemble a powerful explosive device and detonate
it near enough your hosting service to take your site down. What
counter-measures are you going to take against that?

You perhaps feel people aren't taking your proposal seriously enough.
The fact of the matter is that security is never absolute, and on a
threat scale of 0 to 10 this issue comes in at about 1.7. If you are
running a professional service and you are monitoring it correctly then
you ought to notice an attack of this nature before it does too much damage.

I repeat, you may be correct in treating this as a vulnerability, but
your estimate of its seriousness appears to disagree with that of
others. If you want to have your code seriously considered for inclusion
(and why not?) you should raise it in the Django issue tracker - see
"Reporting Bugs" in

  http://docs.djangoproject.com/en/1.2/internals/contributing/

regards
 Steve
-- 
DjangoCon US 2010 September 7-9 http://djangocon.us/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

> OK, so you don't believe the advice you are getting, which is that of
> the many issues a Django sit will face this is a relatively low
> probability attack. That's fair enough - a vulnerability is a
> vulnerability, after all, no matter how improbable, and not everyone
> will set up their production systems to be correctly protected by a
> front-end server.
>
> If you really want to see this in Django you would be better advised to
> post it in the issue tracker, where it will not get lost.
>
>

Ok I will do this :-)

Sure Also, Wow gmail is a horrible email client. I am so used to $else.
The patch I included in my previous email should not break any *real*
clients, only evil ones(potentially).

As I understand it an attacker can abuse gzip user requests, if
mod_deflate is enabled (AND configured to decompress incoming user
requests - this is not the default)  in apache2 with a user gziped
request body.

So an attack could do effectively have a file like this:

f = open("rar", "w")
string = ""
for i in range(0, 1000):
string += " " + "1"
f.write(string)
f.close()

ls -lah 20M 2010-08-29 17:15 rar

(except replace write with append and do it a lot more ;) )   and then
send it gziped as in the request body.

Just for fun ;)
gzip rar
ls -lah 19K 2010-08-29 17:15 rar.gz

So  django will receive the original 20M file (as the httpd has
uncompressed it for django ) afaik.

see Input Decompression at http://httpd.apache.org/docs/2.0/mod/mod_deflate.html

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: authentication through http authorization header

2010-08-29 Thread Sævar Öfjörð

I guess you would have to subclass both RemoteUserMiddleware and
RemoteUserBackend. I'm not sure if this will work, but at least it's
one idea.

In your custom RemoteUserMiddleware you would have to set the header
property to HTTP_AUTHORIZATION so that Django knows where to find the
username.

from django.contrib.auth.middleware import RemoteUserMiddleware

class CustomHeaderMiddleware(RemoteUserMiddleware):
header = 'HTTP_AUTHORIZATION'

Since the username is base64 encoded, I think you have to subclass
RemoteUserBackend and override the clean_username method:

from django.contrib.backends import RemoteUserBackend

class CustomRemoteUserBackend(RemoteUserBackend):
def clean_username(username):
# do some cleaning, e.g. base64 decoding
return cleaned_username

- Sævar

On Aug 28, 5:58 pm, yupu  wrote:
> Dear Djangoer:
>
> I am new to Django. Please excuse me if the question is naive.
>
> I am trying to figure out if I could integrate my company's "access
> manager" with Django's authorization.
>
> Every time a user try to login my Django application, he/she got
> redirect to "access Manager" to put the company username and password
> in. Access Manager then does the authorization for me against the LDAP
> and pass the base64 encode username in the authorization header.
>
> I found the following doc helpful:http://docs.djangoproject.com/en/dev/
> howto/auth-remote-user/#.
>
> I guess my situation belongs to auth-remote-user with custom header
> but I am not sure how to subclass RemoteUserMiddleware.
>
> Thanks,
> Yupu

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.