Re: Security Advisory: BREACH and Django
How about requiring that if csrfmiddlewaretoken is set, no matter what http method (GET, POST...), it is correct otherwise 403 response. Simon -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. For more options, visit https://groups.google.com/groups/opt_out.
M2M Column Names Changed in 1.2 - Breaks Backwards Compatibility
I think this ticket http://code.djangoproject.com/ticket/12386
identifies a change in the m2m code which breaks backwards
compatibility.
Consider the following three apps and models:
AppA/models.py:
class ModelA(models.Model):
name = models.CharField(max_length=1024, default='', blank=True)
AppB/models.py:
class ModelB(models.Model):
name = models.CharField(max_length=1024, default='', blank=True)
ma = models.ManyToManyField('AppA.ModelA', blank=True, null=True,
related_name='mb')
mc = models.ManyToManyField('AppC.ModelC', blank=True, null=True,
related_name='mc')
AppC/models.py:
class ModelC(models.Model):
name = models.CharField(max_length=1024, default='', blank=True)
The SQL generated for the m2m fields in AppB is different for Django
1.1 and 1.2/trunk. This breaks backwards compatibility.
It seems that in some cases 1.2 names the m2m column 'app.model_id'
whereas 1.1 uses 'model_id' only - i.e. no 'app.'
This only seems to happen when there are more that one m2m fields in a
model. Tested with postgresql. The SQL output for the M2M table is
show below for the different Django versions.
Django 1.1
CREATE TABLE "AppB_modelb_mc" (
"id" serial NOT NULL PRIMARY KEY,
"modelb_id" integer NOT NULL REFERENCES "AppB_modelb" ("id")
DEFERRABLE INITIALLY DEFERRED,
"modelc_id" integer NOT NULL REFERENCES "AppC_modelc" ("id")
DEFERRABLE INITIALLY DEFERRED,
UNIQUE ("modelb_id", "modelc_id")
);
Django 1.2
CREATE TABLE "AppB_modelb_mc" (
"id" serial NOT NULL PRIMARY KEY,
"modelb_id" integer NOT NULL,
"appc.modelc_id" integer NOT NULL,
UNIQUE ("modelb_id", "appc.modelc_id")
);
1.1 = "modelc_id"
1.2 = "appc.modelc_id"
I've uploaded a little test project to the ticket which demonstrates.
Simon
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-develop...@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
Re: TimeField broken in Oracle
Are you using timezone aware datetime objects? If so, see http://code.djangoproject.com/ticket/10443 Simon --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: add support for unicode-normalizing get/post-data?
On Apr 10, 9:44 pm, simonb <[EMAIL PROTECTED]> wrote:
> return unicodedata.normalize('NFC',text)
That should be "return unicodedata.normalize('NFC',value)"
It's late!
Simon
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---
Re: add support for unicode-normalizing get/post-data?
On Apr 10, 2:48 pm, Gábor Farkas <[EMAIL PROTECTED]> wrote:
> hi,
>
> would it be a good idea to add support to django to unicode-normalize
> incoming get/post-data?
class NormCharField(forms.CharField):
def clean(self, value):
value = super(NormCharField, self).clean(value)
return unicodedata.normalize('NFC',text)
Or am I missing something...
Simon
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---
