Re: Changing the order of SQL generation

I haven't had chance to dig into this, but django-shared-property looks very interesting. IMO it would be great to be able to support it well, or even include that kind of functionality in Django itself. The closest SQLAlchemy equivalent to this seems to be hybrid attributes

Re: Ideas for a new DEP on long-term Django API compatibility

Hi Pascal, I know this is a very late reply, but there have been some things going round my head that I thought I should get down. *First,* some positive changes I think we can make from your suggestions: 1. I think in our release notes, for breaking changes that might need some

Re: Proposal to format Django using black

, Luke Plant wrote: Hi all, An alternative solution to the problem of nit-picky, formatting related PR reviews is simple: let's not do that. We already have an automated code formatting enforcer

Re: Proposal to format Django using black

Hi all, An alternative solution to the problem of nit-picky, formatting related PR reviews is simple: let's not do that. We already have an automated code formatting enforcer, flake8. Let's simply drop the requirement on fixing anything that flake8

Re: Development story for CBV FormViews using GET

Hi Kyle, My take would be this: What does the code look like if you don't use FormView but just write a function view? How does that compare to using a CBV? This may be the simpler method you are missing - if you are finding you are fighting with inherited

Re: Support for unittest -k option

I use `--keepdb` a lot, I never knew there was a shorthand and even know I do know wouldn't use it. For things like this I usually find it easy to remember the long option. So I'm +1 on changing it too, without a new shorthand for `--keepdb`. In the keyword usage

Re: Post mortem on today's packaging error.

Hi Carlton, I have had problems in the past with `setup.py sdist` and friends actually depending on existing artefacts in build directories from previous runs. A quick google turns up this bug report - https://github.com/pypa/setuptools/issues/436 - originally filed by oh, me :-)  and

Re: Request to reconsider ticket #27910: using an Enum class in model Field choices

I've also tried to come up with something better than Django's current default, using Enums, and found them lacking when it comes to the caption, especially when you need translations. I would be happy with re-opening the ticket, but in terms of committing a solution I would be -1 unless we

Re: CSRF Middlware and usage of request attributes (META, csrf_cookie_needs_reset)

Hi Florian, My own instincts would be steer away from writing to request.META for most things, because request.META also contains things from the environment and indeed from the user request. You really don't want an attacker to be able to set an HTTP header and bypass security controls or

Re: New Feature: Allow password reset token to expire in under a day

if needed. Zach On Friday, September 22, 2017 at 3:04:01 PM UTC-4, Luke Plant wrote: I would be +1 to what Adam wrote from me i.e. just allow the value to accept floats. However, I don't think it will work due to the way that we round the precision of timestamps to days <ht

Re: New Feature: Allow password reset token to expire in under a day

I would be +1 to what Adam wrote from me i.e. just allow the value to accept floats. However, I don't think it will work due to the way that we round the precision of timestamps to days . This was done partly to

Re: Automatic prefetching in querysets

This could work something like the way that ForeignKey `on_delete` works - you have options that are enumerated as constants, but in reality they are classes that embody the strategy to be used. We could have something similar - `on_missing_relation=FETCH | WARN | ERROR | IGNORE ... ` Luke

Re: Automatic prefetching in querysets

ased on the original queryset has the potential to add around 5 seconds to the response time (probably more, that table has doubled in size since I last measured it). I feel it would be better to optimise for your usecase, as apposed to try to prevent uncalled-for behaviour. O

Re: Automatic prefetching in querysets

I agree with Marc here that the proposed optimizations are 'magical'. I think when it comes to optimizations like these you simply cannot know in advance whether doing extra queries is going to a be an optimization or a pessimization. If I can come up with a single example where it would

Re: Are there use cases for storing null bytes in CharField/TextField?

I agree with Adam, we should never silently change submitted data at the model layer. My preference would be c), a form-level validation error that prevents saving. Luke On 15/05/17 19:11, Adam Johnson wrote: The problem with (a) - data with null bytes in strings from other databases can't

Re: DJANGO_SETTINGS_FILE

On 09/04/17 16:16, Josh Smeaton wrote: So I think there are a few questions to go over. 1. What are the more successful strategies that work in the wild? (files in /etc/, PYTHONPATH, env vars, local_settings.py) 2. Are any of the above clearly superior? 3. Is this a serious problem that

Re: To keep or not to keep: logging of undefined template variables

My general policy is that warnings should only be logged if there is a good way to silence them. A good way means: 1) fix the bug which is causing them (only applies if there is genuinely a bug or bad practice that should be fixed) 2) disable the warning in a fine tuned way i.e. you can

Re: NEW Feature: Collect static order of directories searched. Possible upgrade inside FileSystemFinder.

Like Tim, I'm surprised if there is non-determinism in the order here - a quick look at the code shows the search is in the order specified in STATICFILES_DIRS. Is it possible you are encountering browser caching effects, perhaps triggered by accessing both sites on 'localhost' locally?

Re: Template handling of undefined variables

On 01/03/17 01:53, Tim Martin wrote: On Tuesday, 28 February 2017 13:39:21 UTC, Luke Plant wrote: On 28/02/17 15:24, Marten Kenbeek wrote: What about adding a filter |definedthat returns True if a variable is defined, False otherwise? It may not solve any problems when it's

Re: Template handling of undefined variables

In the context of template variable interpolation i.e. `{{ }}` syntax, it is defined that `x` in this case will get converted to the empty string (or your 'string_if_invalid' setting) - https://docs.djangoproject.com/en/dev/ref/templates/api/#how-invalid-variables-are-handled

Re: Template handling of undefined variables

On 28/02/17 15:24, Marten Kenbeek wrote: What about adding a filter |definedthat returns True if a variable is defined, False otherwise? It may not solve any problems when it's left implicit, but at least it allows users the explicitly define the behaviour for non-existing template

Re: Template handling of undefined variables

On 05/01/17 02:39, Tim Martin wrote: 2) There appears to be an inconsistency in the default_if_none modifier. If I have a template with x|default_if_none:y = {{x|default_if_none:y}} {% if x|default_if_none:y %} x|default_if_none:y is apparently True {% endif %} with y

Re: Template handling of undefined variables

On 26/02/17 00:44, Karen Tracey wrote: On Sat, Feb 25, 2017 at 2:10 PM, Tim Graham > wrote: I think any use of undefined template variables should raise an exception. In the long run, keeping a setting to allow some other behavior

Re: Template handling of undefined variables

On 19/02/17 12:55, Adam Johnson wrote: +1 for more obvious errors, silently changing the behaviour could indeed lead to unconsidered security holes like {% if user is None %} non-sensitive information {% else %} sensitive information {% endif %} ...which doesn't seem like an unrealistic

Re: Consider reverting or adding guidelines on how to use class based views for security sensitive features

Hi all, First, I want to say that complex things fail in complex ways, so there it's probably a fallacy to look for a single root cause. I agree with various other points about mistakes that were made, but not others. Particularly: On 22/11/16 12:41, Florian Apolloner wrote: Hi, On

Re: Making max_length argument optional

Regarding custom sentinels for values vs custom sentinels for missing values: The added complication in this case is migrations, and migrations that support multiple Django versions, as is common in 3rd party apps. I haven't thought through the implications, but it is vital to do so, because

Re: Making max_length argument optional

Replying to this and the other emails in the thread: Django should not be settling low arbitrary limits for the sake of a database I'm not even using, that's just crazy. Limits as high as 120 are not "big enough for anyone", and will cause problems. (I can give lots of examples). Maximum field

Re: Django Admin - ModelAdmin exclude

https://groups.google.com/d/optout. -- Clothes make the man. Naked people have little or no influence on society. -- Mark Twain Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers (Contribu

Re: CSRF_FAILURE_VIEW should not be used when DEBUG is False

le.com/d/optout. -- OSBORN'S LAW Variables won't, constants aren't. Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiv

Re: Support for UNLOGGED tables in PostgreSQL

o I said, "Got any shoes you're not using?" (Steven Wright) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop

Re: Django Admin - ModelAdmin exclude

775S7akyHfC%2BNEk4sqSDw8cOb%2Bg%40mail.gmail.com?utm_medium=email_source=footer>. For more options, visit https://groups.google.com/d/optout. -- "He knows the way I take: when he has tried me, I shall come forth as gold" (Job 23:10). Luke Plant || http://lukeplant.me.uk/ -- Y

Re: does django-admin need a man page?

c4-b31a-4675-bd62-95e76369a6e5%40googlegroups.com <https://groups.google.com/d/msgid/django-developers/1ecfaac4-b31a-4675-bd62-95e76369a6e5%40googlegroups.com?utm_medium=email_source=footer>. For more options, visit https://groups.google.com/d/optout. -- "He knows the way

Re: Multiple template engines for Django - week 8

s-for-django/#2014-11-30 > -- "Whom have I in heaven but You? And there is none upon earth that I desire besides You." Psalm 73:25 Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers (Contribu

Re: Infinite loop in migration code

t shouldn't happen. > > /Markus > > On Wednesday, November 26, 2014 8:54:55 AM UTC+1, Luke Plant wrote: > > On 25/11/14 16:23, Markus Holtermann wrote: > > Hey Luke, > > > > It would be interesting to see why A.1 and B.1 depend on each >

Re: Infinite loop in migration code

as fixing the migrations is relatively easy. But I think fixing the infinite loop is another matter, and I'll go ahead and backport that. Thanks for the input, Luke -- "We may not return the affection of those who like us, but we always respect their good judgement." -- Libbie Fudi

Infinite loop in migration code

good judgement." -- Libbie Fudim Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send

Re: sys.exit(1) from makemigrations if no changes found

msgid/django-developers/92203dcb-a775-4c17-a831-97d01ce8af3c%40googlegroups.com?utm_medium=email_source=footer>. > For more options, visit https://groups.google.com/d/optout. -- "I was sad because I had no shoes, until I met a man who had no feet. So I said, "Got any shoes you're

Re: Please don't kill the ecosystem

and new versions without generating deprecation warnings. I've just added one fix to 1.6 release notes on this front. Regards, Luke -- "Cross country skiing is great if you live in a small country." (Steven Wright) Luke Plant || http://lukeplant.me.uk/ -- You received this messag

Re: Please don't kill the ecosystem

e -- "Cross country skiing is great if you live in a small country." (Steven Wright) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubs

Re: Why is the CSRF template context processor hardcoded?

ers the reasoning? > > Thanks, > -- "Cross country skiing is great if you live in a small country." (Steven Wright) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers (Contribution

Re: Callable LazyObject?

Luke -- "God demonstrates his love towards us in this, that while we were still sinners, Christ died for us." (Romans 5:8) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To u

Re: BCrypt and PBKDF2 Password Hash Caching

n Django itself. Thanks, Luke -- "DO NOT DISTURB. I'm disturbed enough already." Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving email

Re: Proposal: Modifying the CSRF protection scheme

ttacker getting and using a valid CSRF cookie/token in the first place. Luke -- "DO NOT DISTURB. I'm disturbed enough already." Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To

Re: Proposal: Modifying the CSRF protection scheme

t the proposed changes. I think adding complexity is more likely to confuse us. Luke -- "Because Your lovingkindness is better than life, My lips shall praise You." (Ps 63:3) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Gro

Re: Question about password salt and encryption

ng things, we'd have to consider whether the increase in security, in a typical setup, would justify the change. Regards, Luke -- "Pessimism: Every dark cloud has a silver lining, but lightning kills hundreds of people each year trying to find it." (despair.com) Luke Plant || htt

Re: Question about password salt and encryption

ach year trying to find it." (despair.com) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-develo

Re: Migrations, commands and syncdb

ve the other problems. I would like to be able to turn off migrations for tests, and just skip to the final schema. Luke -- "I washed a sock. Then I put it in the dryer. When I took it out, it was gone." (Steven Wright) Luke Plant || http://lukeplant.me.uk/ -- You received th

Re: Perception of attitude in tickets

draft, feel free to edit. We don't want it too long, as that is intimidating by itself, but some of the points you make might would be good additions What do people think? Luke -- "I asked mom if I was a gifted child. She said they certainly wouldn't have paid for me." (Calvin and

Re: Perception of attitude in tickets

on, but I think you picked an example that demonstrates exactly the opposite of what you claimed. Best regards, Luke -- "God demonstrates his love towards us in this, that while we were still sinners, Christ died for us." (Romans 5:8) Luke Plant || http://lukeplant.me.uk/ --

Re: Recommending a Python 3-compatible MySQL connector

any purpose. It's only when a project becomes a distributor of the GPL code that it is required to abide by the other terms. Regards, Luke -- "God demonstrates his love towards us in this, that while we were still sinners, Christ died for us." (Romans 5:8) Luke Plant || http://luke

Re: Ticket 19445

= "__all__"' is exactly the flag you are talking about, only it operates at the ModelForm metaclass level. Regards, Luke -- Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe fro

Re: Setting aside easy-pickings for sprints

She changes it more often. (Oliver Herford) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers

Re: Request method in urls.py

it to do). Luke -- A mosquito cried out in pain: "A chemist has poisoned my brain!" The cause of his sorrow was para-dichloro- diphenyltrichloroethane Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Dj

Re: Request method in urls.py

. Regards, Luke -- Environmentalists are much too concerned with planet earth. Their geocentric attitude prevents them from seeing the greater picture -- lots of planets are much worse off than earth is. Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscri

Re: Ticket 20147 - deprecate and replace request.META

hem. Regards, Luke -- Clothes make the man. Naked people have little or no influence on society. -- Mark Twain Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe fr

Re: Ticket 20147 - deprecate and replace request.META

ou've got 2 things to grep for now. However, that problem already existed due to META - you've got things like QUERY_STRING and request.GET, HTTP_HOST and request.get_host(), X_REQUESTED_WITH and request.is_ajax(). Regards, Luke -- Clothes make the man. Naked people have little or no influence on socie

Re: Ticket 20147 - deprecate and replace request.META

y, then we could extend the deprecation cycle - 1.7 would give PendingDeprecationWarning. Regards, Luke -- Be careful of reading health books, you might die of a misprint. -- Mark Twain Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to t

Ticket 20147 - deprecate and replace request.META

h it forward. https://code.djangoproject.com/ticket/20147 Regards, Luke -- Be careful of reading health books, you might die of a misprint. -- Mark Twain Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group.

Re: ModelForms and the Rails input handling vulnerability

fields' (at the moment the opposite is assumed). How does that sound? Luke -- "If you're not part of the solution, you're part of the precipitate." (Steven Wright) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google G

Re: Writing class-based contrib.admin actions

always do: def my_admin_action(modeladmin, request, queryset): return MyView.as_view(request, modeladmin, queryset) And then take it to the next step: my_admin_action = cbv_to_admin_action(MyView) Luke -- "I am going to let you move around more, just to break up the mahogany

Re: Relative path support for TEMPLATE_DIRS and others in settings.py (django ticket 694)

hemist has poisoned my brain!" The cause of his sorrow was para-dichloro- diphenyltrichloroethane Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email t

Re: Relative path support for TEMPLATE_DIRS and others in settings.py (django ticket 694)

se world peace for an hour, imagine how serene and quiet it would be until the looting started" -- Anon Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, se

Re: Relative path support for TEMPLATE_DIRS and others in settings.py (django ticket 694)

p text for TEMPLATE_DIRS and STATICFILES_DIRS to mention it. Luke -- The fashion wears out more apparel than the man. -- William Shakespeare Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers"

Re: Could prefetch_related be modified to utilize select_related for ForeignKey relations?

valents of both select_related and prefetch_related. What I'm saying is that in the absence of that better API, or some way of specifying the query you want, we shouldn't guess and convert one optimisation into another. Luke -- OSBORN'S LAW Variables won't, constants aren't. Luk

Re: proposal: post-collectstatic signal

want of a wife." (Jane Austen) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, sen

contrib.markup deprecation

to participate in this thread. I think we should have recommendations for alternatives for rendering markdown as well. Regards, Luke -- "Christ Jesus came in to the world to save sinners" (1 Timothy 1:15) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are

Re: Django 1.5: AUTH_USER_MODEL and GeoManager

ensure this is not forgotten. It sounds like it should be a release blocker. Luke -- "Because Your lovingkindness is better than life, My lips shall praise You." (Ps 63:3) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google G

Re: Schema Alteration update

n't know what that means in practice, but if we got feedback from the developers of those other solutions it would be good. We might need something like a 'syncdb --ignore-migrations' option. Luke -- "Because Your lovingkindness is better than life, My lips shall praise You." (

Re: Backporting some Python 3 support features to 1.4.x?

adding forwards compatibility to 1.4.X, assuming a safe patch. Luke -- "In your presence there is fullness of joy; at your right hand are pleasures forevermore" Psalm 16:11 Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Gr

Re: ORM refactoring, part 2

ore I commit anything)... > > I am sorry if I haven't worked on other patches I thought I had time > to work on. The core ORM refactorings are IMO really important to work > on, and thus they have bypassed some other items in my admittedly too > long TODO list. > > - Anssi >

Re: GSoC Check-in: Security Enhancements

t; This makes strict referer checking a non-started, and lax referer checking (only check it if it is present) has known flaws. Regards, Luke -- "Pretension: The downside of being better than everyone else is that people tend to assume you're pretentious." (despair.com) Luke Plant || http://luke

Re: OT: security announcements for Django-related libraries

> On Mon, Jul 23, 2012 at 5:55 AM, Luke Plant <l.plant...@cantab.net > <mailto:l.plant...@cantab.net>> wrote: > > Hi all, > > I started a thread on the 'Python security' list about the need for a > place for 3rd party Django/Python libraries to announce

OT: security announcements for Django-related libraries

, so I've got a couple of replies that haven't shown up yet. Luke -- "Pretension: The downside of being better than everyone else is that people tend to assume you're pretentious." (despair.com) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are

Re: GSoC Check-in: Security Enhancements

e is that people tend to assume you're pretentious." (despair.com) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroup

Re: Skip session save on 500 responses

find it." (despair.com) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, sen

Re: Skip session save on 500 responses

- "Pessimism: Every dark cloud has a silver lining, but lightning kills hundreds of people each year trying to find it." (despair.com) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group.

Re: I think adding a "first" method to the QuerySet be useful.

f items %} {{ items.0.something }} {% endif %} Luke -- Parenthetical remarks (however relevant) are unnecessary Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send emai

Re: Proposal: use SQLAlchemy Core for query generation

It would be surprising if it was really doing the same thing! I think it's one of those things where we really won't know the impact until we've got most of the way there, and even then differences of approach could make all the difference. Luke -- Parenthetical remarks (however relevant) ar

Re: Proposal: use SQLAlchemy Core for query generation

nts, which are cleaner than ours from what I can see. Luke -- Parenthetical remarks (however relevant) are unnecessary Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group

Proposal: use SQLAlchemy Core for query generation

torious.org/django-sqlalchemy/ [5] http://goo.gl/4Vhlb [6] http://geoalchemy.org/index.html -- "Outside of a dog, a book is a man's best friend... inside of a dog, it's too dark to read." Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google

Re: XSS and string interpolation

it long, the above is just rationalisation. Some other alternatives: build_html, build_html_safe, format_html Luke -- Parenthetical remarks (however relevant) are unnecessary Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups &

XSS and string interpolation

the "5 Whys" http://en.wikipedia.org/wiki/5_Whys especially for security problems. Regards, Luke -- Parenthetical remarks (however relevant) are unnecessary Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups

Re: Reg Memcache issue.

sk is the django-users list, or file a ticket on our Trac instance (code.djangoproject.com) if you think you've found a bug in Django BTW, there is no cache_anonymous decorator in Django, so it is likely your problem is elsewhere. Thanks, Luke -- Parenthetical remarks (however relevant)

Re: QuerySet refactoring

2.0' will happen). If you've got a particular interest in the ORM, you might be interested in that proposal. I completely agree regarding how to handle NoSQL as well. Regards, Luke -- "Outside of a dog, a book is a man's best friend... inside of a dog, it's too dark to read." Luke Pla

ModelForms and the Rails input handling vulnerability

ke [1] http://chrisacky.posterous.com/github-you-have-let-us-all-down [2] http://weblog.rubyonrails.org/2012/3/21/strong-parameters/ -- OSBORN'S LAW Variables won't, constants aren't. Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the

Re: json vs simplejson

te more problems if the json module ever gained that keyword argument in the future. Luke -- OSBORN'S LAW Variables won't, constants aren't. Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" grou

Re: json vs simplejson

a 'import simplejson' or 'import django.utils.simplejson') will break. I found this already with django-piston. I think we at least need a bigger section in the release notes about this. Luke -- OSBORN'S LAW Variables won't, constants aren't. Luke Plant || http://lukeplant.me.uk/ -- You

Re: json vs simplejson

ened on two quite different machines. Looking at this discussion: http://stackoverflow.com/questions/712791/json-and-simplejson-module-differences-in-python it seems that lots of people don't have the C extension for json (reporting json 10x slower than simplejson). Luke -- OSBORN'S LAW Variables w

json vs simplejson

horrible places, deep in libraries that you can't do much about. In my case I was loading config, including passwords, from a config file in JSON, and the password was now exploding inside smtplib because it was a unicode object. Yuck. Ideas? Luke -- OSBORN'S LAW Variables won't, constan

Git questions

git fetch upstream', rather than 'git pull upstream master', then the pointers always update, but I thought the whole point of doing 'pull' was 'pull=fetch then merge'. Am I doing something wrong? Thanks in advance, Luke -- OSBORN'S LAW Variables won't, constants aren't. Luke Plant || h

Re: startproject template context

hould get an exception, not the default template rendered with "tempate=/home/me/foo". The feature given in the patch on ticket #18277, is however, much more like it - you have to pass the context using --add-context Regards, Luke -- OSBORN'S LAW Variables won't, constants aren't

Re: Will django escaping ever consider context of javascript and CSS?

evious discussions: http://goo.gl/XZ7Pt http://goo.gl/T8tkx Luke -- OSBORN'S LAW Variables won't, constants aren't. Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to

Re: Django's CVB - Roadmap?

POST requests. I found I had to write something like this snippet: https://gist.github.com/2596285 But it's not ideal in a number of ways, like needing its own documentation, since it doesn't just set parameters on ListView. Luke -- O'REILLY'S LAW OF THE KITCHEN Cleanliness is next to imposs

Re: GitHub migration planning

DFL decision, there was no point making the pretence of discussion in a wider forum. (Adrian/Jacob feel may correct me if I'm guessing wrongly). Luke -- "My capacity for happiness you could fit into a matchbox without taking out the matches first." (Marvin the paranoid androi

Re: GitHub migration planning

and report building abilities: https://code.djangoproject.com/wiki/Reports No-one thinks Trac is ideal, it's just much better than GitHub Issues which, in its own words, is a "lightweight" issue management system. Luke -- "My capacity for happiness you could fit into a matchbox

Re: GitHub migration planning

ax folks wrote their own issue system rather than using GitHub's! """ Cheers, Luke -- "My capacity for happiness you could fit into a matchbox without taking out the matches first." (Marvin the paranoid android) Luke Plant || http://lukeplant.me.uk/ -- You received this

Re: GSoC 2012: Security Enhancements

: http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-February/007533.html Luke -- "My capacity for happiness you could fit into a matchbox without taking out the matches first." (Marvin the paranoid android) Luke Plant || http://lukeplant.me.uk/ -- You received this message because

Re: GSoC 2012: Security Enhancements

Sorry to reply twice, a comment on a different part: On 15/04/12 05:23, Rohan Jain wrote: > On 22:50 +0100 / 13 Apr, Luke Plant wrote: >> .. At the moment, it seems that few browsers send the >> 'Origin' header for normal HTML requests. (Recent versions of Chrome, >> Firefo

Re: GSoC 2012: Security Enhancements

On 15/04/12 05:23, Rohan Jain wrote: > On 22:50 +0100 / 13 Apr, Luke Plant wrote: >> The reason for the strict referer checking under HTTPS is set out here: >> >> https://code.djangoproject.com/wiki/CsrfProtection >> >> Particularly, it is to fix the 'CSRF + MITM'

Re: GSoC 2012: Security Enhancements

F token was tied to a particular session). Also, I'm not sure that it is safe for the case where the session data is exposed e.g. if the session backend actually stores the session the cookie, rather than in a database to which an attacker has no access. Since the attacker can send javascript to the clien

  1   2   3   4   5   6   7   >