Czubakabra wrote:
> Hi,
> Include tag is vulnerable to directory traversal:
>
> {% include "/etc/passwd" %}
It's a bug and not intended behavior. I've opened a ticket and have
attached a patch.
http://code.djangoproject.com/ticket/4952
Gary
--~--~-~--~~~---~--~--
yep. i just updated the schema-evolution branch to match the trunk. or
you can apply this patch instead:
http://kered.org/blog/wp-content/uploads/2007/07/django_schema_evolution-svn20070719patch.txt
Sebastian Macias wrote:
> Does it work with the trunk?
>
> On Jul 19, 5:33 pm, Derek Anderso
Mario Gonzalez wrote:
>After I saw your link I read the FAQ and there's something caught
> my attention: "have added all features that we feel are necessary to
> earn a 1.0". Are those "features" the open tickets?
No, not all of the open tickets anyway. There will _always_ be open
tickets n
Resumes and CV's examples written by people in the industry. They are
the ones who know best what to write in a resume for that industry.
High Tech people writing technical resumes and CV examples, and
Teachers writing and advising teaching resumes examples and CV
examples. Do you really want a F
RESUME EXAMPLES / CV EXAMPLES NOW AVAILABLE THROUGH
RESUMEWRITERGUIDE.COM
RESUMEWRITERSGUIDE.COM is a website is designed for you to learn how
to write a resume on your own. Hiring someone to do a resume is not
enough learn how to do it on your own. If you do hire someone to help
you write a r
Does it work with the trunk?
On Jul 19, 5:33 pm, Derek Anderson <[EMAIL PROTECTED]> wrote:
> Hey all,
>
> Sorry for the double-post, but I've written up some examples /
> documentation:
>
> http://kered.org/blog/wp-content/uploads/2007/07/django_schema_evolut...
>
> Also, I've ported the changes
On 7/21/07, Czubakabra <[EMAIL PROTECTED]> wrote:
> Django templates shoudn`t permit html coder to include files located
> above TEMPLATE_DIRS paths.
> What do you think about it?
I'm personally ambivalent about where the "include" tag should be able
to search, because I can see cases where it'd
Hello,
> Of course, html coders need to accept a certain responsibility because
> sometimes they can access a *lot* of information quite easily. I would
> think if you have a non programmer making changes, the programmers
> would want to at least review those changes before accepting them, in
> a
On Jul 19, 11:47 pm, "Adrian Holovaty" <[EMAIL PROTECTED]> wrote:
> Hi Mario,
>
Hi Adrian, many thanks for your answer.
> Please check the FAQ, which is where we've written our definitive
> answer to this question --
>
> http://www.djangoproject.com/documentation/faq/#when-will-you-release...
Why pay over $90.00 a month for Cable or Satellite TV services, If you
Can Get it FREE?
Instantly Turn your Computer into a Super TV Get over 3000 STATIONS on
your PC or Laptop...
For More Details: http://shortlinks.co.uk/35w
--~--~-~--~~~---~--~~
You received t
Perhaps simply by preventing absolute paths? That would be very easy
to change if it doesn't prevent a legitimate setup.
Of course, html coders need to accept a certain responsibility because
sometimes they can access a *lot* of information quite easily. I would
think if you have a non programmer
On Fri 20 Jul 2007, Justin Bronn wrote:
> +1 to bigint support.
>
> I ran into this problem recently when implementing IP geolocation
> models. I know I'm not the only one that has or will experience these
> problems (remember when slashdot crashed after 16,777,216 comments?).
>
>From what I unde
Hi,
Include tag is vulnerable to directory traversal:
{% include "/etc/passwd" %}
Django templates shoudn`t permit html coder to include files located
above TEMPLATE_DIRS paths.
What do you think about it?
Best regards,
Czubakabra
--~--~-~--~~~---~--~~
You rece
> However, if commit=False, the m2m function is dynamically added to the
> form instance. This means that the user can choose to invoke save_m2m
> whenever they need. No m2m data loss!
Why not add a handler for the post_save-signal of the Model? This way
the user doesn't even have to know, that t
> Nicola Larosa wrote:
>> Having followed all the steps in the bug reporting guidelines, I have
>> now filed ticket #4937:
Russell Keith-Magee wrote:
> You should note that the bug reporting guidelines don't suggest you
> should announce tickets on django-developers.
Good to know. I'll now met
15 matches
Mail list logo
