Re: set utf8 as default database char set

2010-08-30 Thread Elim Qiu 
Thanks Rolando Espinoza La Fuente !

On Mon, Aug 30, 2010 at 8:27 PM, Rolando Espinoza La Fuente <
dark...@gmail.com> wrote:

> On Mon, Aug 30, 2010 at 1:58 PM, elim  wrote:
> > In my MySQL's my.ini, I have
> >
> > default-character-set=latin1
> >
> > But I like to use utf-8 for all my Django projects. What I should set
> > in settings.py?
>
> Django already uses utf8 by default. Even, as far I know, is not possible
> to use
> another character encoding.
>
> Regards,
>
> Rolando Espinoza La fuente
> www.insophia.com
>
>
> > Thanks a lot.
> >
> > ===I just get Django installed, not even done with the 1st tutorial
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> "Django users" group.
> > To post to this group, send email to django-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com
> .
> > For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
> >
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: deployment problem gotcha

2010-08-30 Thread Mike Dewhirst 

Graham

Thanks for your response. Everything works nice now.

I read the reference and fixed the missing slashes and commented out 
print functions if dev-oriented or added the print option 
file=sys.stderr if reporting an error.


Nice to learn something before it bites :)

I have decided to keep the django admin-media files untouched in-situ
because it keeps my own static files area less cluttered. It also means
less hassle for me when django tweaks admin templates, js, css and images.

I also decided to use FollowSymLinks so I could stick with the more
generic python rather than python2.6 in the path.

Thanks again

Mike


On 30/08/2010 5:36pm, Mike Dewhirst wrote:

I had an admin media problem finding base.css in deploying an app
from the Django (svn head) dev server on Windows to Apache 2.2 on
Linux

Because I had prepared this email ready to ask for help, I'm
posting it anyway with the hope that it helps someone.

Everything else was working. Firebug was saying it couldn't find
base.css and I couldn't see anything wrong with the following
excerpts from settings.py and vhosts.conf:

... from settings.py ...

MEDIA_ROOT = '/srv/www/ccm/htdocs/static' MEDIA_URL = '/static/'
ADMIN_MEDIA_ROOT =
'/usr/local/lib64/python/site-packages/django/contrib/admin/media/'

ADMIN_MEDIA_PREFIX = '/media/'

... from vhosts.conf  ...

Alias /media/
/usr/local/lib64/python/site-packages/django/contrib/admin/media


You are missing a trailing slash on filesystem path which may be a
cause of problems.



AllowOverride None Order deny,allow Allow from all 

Alias /static/ /srv/www/ccm/htdocs/static/ Alias /tiny_mce/
/srv/www/ccm/htdocs/static/js/tiny_mce/ Alias /jquery/
/srv/www/ccm/htdocs/static/js/jquery/

 AllowOverride None Order
deny,allow Allow from all 

Now, in order to get some meaningful error messages I included
this

import sys sys.stdout = sys.stderr


That shouldn't have made any difference because the error message is
from Apache and not from the Python web application.

That workaround to broken WSGI applications is also only need in
mod_wsgi 2.X and earlier and not 3.X. This is because default change
in 3.0 as gave up trying to make people write portable WSGI
applications. Read:

http://blog.dscpl.com.au/2009/04/wsgi-and-printing-to-standard-output...



in my wsgi script - as per the recommendation I found
inhttp://code.google.com/p/modwsgi/wiki/DebuggingTechniques

and after which, I discovered "Symbolic link not allowed or link
target not accessible: /usr/local/lib64/python" in the Apache error
log. This gave the clue that I needed:

/usr/local/lib64/python2.6/site-packages/django/contrib/admin

rather than the one prepared earlier which incorporated /python/
which is a symbolic link.

Google indicated I could have included Options FollowSymLinks and
maybe I should have done that instead.

Maybe an expert who has read this far might care to comment?


I would generally recommend that a copy be made of media directory
into a sub directory of Django site and use it from there instead.
That way you can customise them without fiddling with the originals.

Graham


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Django UserProfile's - the hardest part of the whole framework

2010-08-30 Thread reduxdj 
So, I'm still newer to django. I have user registration,
authentication, imagefields, filters, and more all built into my
application and working. So now, I need a user to be able to edit his
own email and upload an image to the user_profile. First, I am using
RegistrationProfile for the django registration just fine, should be
no conflict right?

Here's my problem, I know you don't get direct access to the user
model, so making the user email editable is kind of tricky here's my
FAILED attempt:

from settings.py:

AUTH_PROFILE_MODULE = "gather.models.UserProfile"

>From models.py:

class UserProfile(models.Model):
user = models.ForeignKey(User, unique=True)
image = models.ImageField(null=True,upload_to='images/users')

def save(self, *args, **kwargs):
super(UserProfile, self).save(*args, **kwargs)

def update(self, *args, **kwargs):
 super(UserProfile, self).update(*args, **kwargs)

def delete(self, *args, **kwargs):
super(UserProfile, self).delete(*args, **kwargs)

class UserProfileForm(UserProfileForm):
class Meta:
model = UserProfile
exclude = ['user']


from forms.py:

class UserProfileForm(forms.ModelForm):

def __init__(self, *args, **kwargs):
super(UserProfileForm, self).__init__(*args, **kwargs)
try:
self.fields['email'].initial = self.instance.user.email
# self.fields['first_name'].initial =
self.instance.user.first_name
# self.fields['last_name'].initial =
self.instance.user.last_name
except User.DoesNotExist:
pass
email = forms.EmailField(label="Primary email",help_text='')
image = forms.ImageField(required=False)

def save(self, *args, **kwargs):
"""
Update the primary email address on the related User object as
well.
"""
u = self.instance.user
u.email = self.cleaned_data['email']
u.save()
profile = super(UserProfileForm, self).save(*args,**kwargs)
return profile

from views.py:

def account(request):
#return render_to_response('account.html',
context_instance=RequestContext(request))
if request.method == "POST":
form =
UserProfileForm(request.user,request.POST,request.FILES)
if form.is_valid():
form.save()
return HttpResponseRedirect('/account/')
else:
form = UserProfileForm(request.user)
return render_to_response('account.html', {'form': form},
context_instance=RequestContext(request))


So, this seems simple enough but doesn't work, here's my output:

Caught AttributeError while rendering: 'User' object has no attribute
'get'

Thanks, as I am at a stoppage.
appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Model Validation - Prevent Datetimefield overlaps?

2010-08-30 Thread Karen Tracey 
On Mon, Aug 30, 2010 at 10:34 PM, Victor Hooi  wrote:

> Just playing around - I noticed that setting "unique=True" on a
> DateTimeField() doesn't seem to work? As in, I was able to do
> something like:
>
> b1 =
>
> BandwidthUsageEntry(start_of_usage_block=datetime.datetime(2007,05,05,12,05),
>
> end_of_usage_block=datetime.datetime(2007,05,12,12,10),bytes_in=10,bytes_out=10)
> b1.save()
> b2 =
>
> BandwidthUsageEntry(start_of_usage_block=datetime.datetime(2007,05,05,12,05),
>
> end_of_usage_block=datetime.datetime(2007,05,12,12,10),bytes_in=20,bytes_out=20)
> b2.save()
>
> Is this expected behaviour, or do I have something wrong with my
> setup?
>

Did you add the unique=True to the fields after you had already run syncdb
to create the table?  If so, the database constraints to require the field
to be unique won't be in place. (And re-running syncdb won't create the
constraints either, since syncdb won't do anything for models with tables
that already exist.)

Karen
-- 
http://tracey.org/kmt/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread dave b 
> His response is to say he will escalate this to some other security
> forum. We can only assume that this is a threat that he will raise
> merry hell until we do what he says.

Right first: Yes I am sorry for the 9 or so posts :)  I am only human.
Right. Um no that's not a threat.
That's being responsible imho, instead of just those looking at
django-users, others will now also know about the problem. Knowing
about the problem, they can apply a workaround or fix.
Do remember, fix it anyway you like, the problem still exists.

> Our intention is not to make anyone feel stupid. As I've said
> previously, we take security seriously. However, extraordinary claims
> require extraordinary proof. When software X uses web server Y, and Y
> explicitly provides settings to avoid the specific problem you're
> describing, and your "attack" is predicated on those settings not
> being used in your use of Y, it's hard to make the case that you've
> found a security hole in X. You have, at best, found a weakness in the
> default configuration of Y on a specific platform -- which is exactly
> what we've told you.

I am not about to see what the default are on other commonly used
platforms, that is a total waste of my time.
http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestbody (the
default is 0).
Apparently LimitRequestBody is not touched by mod_wsgi so I assume
this means the default remains 0, unlimited.


> As for our claim that you should be auditing the settings of the
> software you use -- I'm unapologetic about that. Default values on any
> platform are selected to provide maximum utility for the general case,
> not maximum utility for a specific case.

I am going to suggest
1. this is fixed in django (through a default size limit)
and
2. wsgi sets the default LimitRequestBody to be a sane value.
As Graham Dumpleton[0] does a lot of work on mod_wsgi. So perhaps he
can introduce this into mod_wsgi.

This will mean that
1. django running in different configurations will be protected.
2. other python programs will be protected to a degree (under mod_wsgi).

Also, Graham Dumpleton keep up the good work on mod_wsgi!

[0] http://code.google.com/p/modwsgi/source/list
--
Talkers are no good doers.  -- William Shakespeare, "Henry VI"

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Missing template variable when using django admin list_display

2010-08-30 Thread Karen Tracey 
On Mon, Aug 30, 2010 at 4:13 PM, christian.oudard <
christian.oud...@gmail.com> wrote:

> On Django 1.2, I'm getting a missing template variable when using a
> custom formatter in the django admin.
>
> Here is my admin class:
>
> class CustomerAdmin(admin.ModelAdmin):
>fields = [
>'name',
>]
>list_display = [
>'name',
>'customer_tenants',
>]
>def customer_tenants(self, customer):
>return u', '.join(t.subdomain for t in
> customer.tenant_set.all())
>customer_tenants.short_description = 'Tenants'
>
> The error seems to be the same one as in this ticket:
> http://code.djangoproject.com/ticket/2583
>
> Looking at the template from the admin app, the header.class_attrib
> seems to be missing. This is generated internally by django.
>
> I can fix the error by changing the template admin/
> change_list_results.html by putting an if statement around the
> {{ header.class_attrib }} variable:
>
> {% for header in result_headers %} {{ header.class_attrib }}{% endif %}>
>
> Is this an error due to improper configuration or due to a bug in
> django?
>

Do you have TEMPLATE_STRING_IF_INVALID set to something? That is documented
to be only for temporary debug purposes:
http://docs.djangoproject.com/en/dev/ref/templates/api/#invalid-template-variables.
Attempting to use the admin with TEMPLATE_STRING_IF_INVALID set to something
other than the empty string is not a good idea -- admin is one of the
specific apps noted as relying on the default value of an empty string for
invalid variable references in templates.

Karen
-- 
http://tracey.org/kmt/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Staticstic app, ask for idea.

2010-08-30 Thread Lucian Romi 
Thanks Sebastien.

Can I integrate Cube with filter and search features from the admin app?
Also, to make things simple, I'm going to use GChart, but I need
statistic data.
Let me download Cube and spend some time on it. Thanks.

On Mon, Aug 30, 2010 at 4:16 PM, sebastien piquemal  wrote:
> I created an app to easily generate the stats part :
> http://code.google.com/p/django-cube/ ; however you still have to
> create the chart, for example with matplotlib :
> http://www.scipy.org/Cookbook/Matplotlib/Django.
>
> To create your stats with django-cube, you can use this code :
>
>    from cube.models import Cube, Dimension
>
>    class MyModelCube(Cube):
>        my_dimension = Dimension(field='my_float_field__range',
> sample_space=[(0, 1.5), (1.5, 6.2)])
>
>       �...@static
>        def aggregation(queryset):
>            return queryset.count()/MyModel.objects.count() * 100
>
> - You specify one dimension for the cube, this dimension refers to the
> field lookup 'my_float_field__range' (where 'my_float_field' is of
> course the name of your field)
> - then you specify a sample space for this dimension, which in fact
> means that you specify for which ranges the stats will be calculated
> (here, on the ranges (0, 1.5) and (1.5, 6.2))
> - then you write your aggregation function, which is in your case a
> percentage calculation ('queryset' is the queryset filtered according
> to the dimensions you will use while querying the cube, divided by the
> total, multiplied by 100)
> - finally, you instantiate a cube with a base queryset, and use one of
> the methods provided to calculate the statistics
>
> Ok, the doc is kind of bad for now, but I can help you if you want to
> use it but you don't manage to do so.
>
> On Aug 30, 8:24 pm, hollando  wrote:
>> I want to make a statistic app.
>> There is a float field in my model(table).I want to use a chart to
>> show what's the percentage in each range.
>> Any suggestion to make such and app that can fit into django model.
>> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread Russell Keith-Magee 
On Tue, Aug 31, 2010 at 10:01 AM, dave b  wrote:
>> And, for the record, the fact that Ubuntu or Debian have chosen these
>> defaults doesn't make Apache insecure either. System defaults exist to
>> make it easy and obvious to get something started. A responsible
>> sysadmin for a public-facing webserver shouldn't be using *any*
>> OS-provided defaults without auditing them. To aid that process, the
>> Django project is in a position to describe the sorts of issues that a
>> sysadmin should watch out for; hence, documenting deployment-related
>> security issues such as this one is in scope.
>>
>> However, at the end of the day, as Graham and I have *repeatedly* told
>> you -- this is an issue that should be caught at the webserver, not at
>> the application level. Even if we weren't talking about duplicating
>> functionality (and we are), there are both practical and technical
>> reasons why it is inappropriate for Django to implement file-upload
>> size restrictions. This problem can be avoided with appropriate
>> configuration of your web server, and therefore should be.
>
>> If you can do that, this episode will blow over and soon you will be as
>> welcome as everyone else. Carry on like you are doing and people will
>> start to run the other way at the sight of your name.
> Ok look. I am trying to be a nice guy here. You are making my job
> harder than it should be.
> Fact I reported a potential security bug, which did have the incorrect
> description(sort of ;) ) at the start but then I have provided a clear
> summary of the issue.
>
> So let me tell you a story. A guy reports a bug to the django security
> email, he gets a vacation reply.

I've already apologised for this - and I'm still investigating. The
immediate problem is that the person I need to talk to is on vacation.
Once he returns, I should be able to get the situation resolved.

> So he asks on irc in #django where he
> should take the issue to next, he is told the django users mailing
> list.
> So he emails the list and they don't take him seriously. They claim
> that the problem is that people shouldn't be using the default
> webserver configurations. They claim the problem isn't our fault. They
> also claim that the guy thinks he is smarter than others. They claim
> that this guy is wrong because in the "real" world people don't use
> defaults without auditing *all* of them right?
>
> I can tell you that this guy feels really stupid right now.

Ok - lets spin this around to our side.

A guy posts a large chunk of Django's source code to the users mailing
list, making a vague claim about some sort of file upload-based
attack. It takes him *9* follow up messages (not counting the
responses from others in the community) to narrow down that he is
reporting 2 problems -- one of which he has already been explicitly
told isn't actually a problem. He intersperses his voluminous comments
with vague pop-culturesque exclamations, makes demands that we should
stop arguing and just do what he says, provides excessive detail where
it isn't required, and insufficient detail where it is required, and
keeps making veiled references to "custom HTTP" webservers without
ever documenting which webserver he's actually concerned about.

Ultimately, the actual problem is narrowed down to "The default
install of Apache on Ubuntu allows you to upload a file of arbitrary
size". The guy is told "Apache provides a setting to control this". He
is also given a number of practical and technical reasons why the
webserver is the right place to solve the problem.

His response is to say he will escalate this to some other security
forum. We can only assume that this is a threat that he will raise
merry hell until we do what he says.

Our intention is not to make anyone feel stupid. As I've said
previously, we take security seriously. However, extraordinary claims
require extraordinary proof. When software X uses web server Y, and Y
explicitly provides settings to avoid the specific problem you're
describing, and your "attack" is predicated on those settings not
being used in your use of Y, it's hard to make the case that you've
found a security hole in X. You have, at best, found a weakness in the
default configuration of Y on a specific platform -- which is exactly
what we've told you.

As for our claim that you should be auditing the settings of the
software you use -- I'm unapologetic about that. Default values on any
platform are selected to provide maximum utility for the general case,
not maximum utility for a specific case.

> Here something from the default php5 setup on debian(for apache).:

Argumentum ad verecundiam (or possibly ad antiquitatem, depending on
how polite you're being). The fact that PHP does something doesn't
necessarily mean it's a good idea. After all, Django exists
specifically because the original developers were unhappy with the
design choices made by PHP.

Yours,
Russ Magee %-)

-- 
You received this message because

Model Validation - Prevent Datetimefield overlaps?

2010-08-30 Thread Victor Hooi 
heya,

I have a model that contains a whole bunch of bytes in/out for
datetime ranges. I.e.:

class BandwidthUsageEntry(models.Model):
start_of_usage_block = models.DateTimeField()
end_of_usage_block = models.DateTimeField()
bytes_in = models.IntegerField()
bytes_out = models.IntegerField()

I need to ensure that each entry doesn't overlap with any others
entries.

Just playing around - I noticed that setting "unique=True" on a
DateTimeField() doesn't seem to work? As in, I was able to do
something like:

b1 =
BandwidthUsageEntry(start_of_usage_block=datetime.datetime(2007,05,05,12,05),
end_of_usage_block=datetime.datetime(2007,05,12,12,10),bytes_in=10,bytes_out=10)
b1.save()
b2 =
BandwidthUsageEntry(start_of_usage_block=datetime.datetime(2007,05,05,12,05),
end_of_usage_block=datetime.datetime(2007,05,12,12,10),bytes_in=20,bytes_out=20)
b2.save()

Is this expected behaviour, or do I have something wrong with my
setup?

Anyhow, in terms of how to actually prevent overlaps, I assume that
the best way is to use a custom model validator, and check each start/
end against a query against all the entries?

(I saw this 
http://stackoverflow.com/questions/2243490/django-unique-time-interval-for-the-admin-panel,
but it seems to be going a different way that I don't follow).

How would I go about structuring this? Any particular tips here, or
any algorithms that could work well?

Cheers,
Victor

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Please wait page trouble

2010-08-30 Thread Rolando Espinoza La Fuente 
On Mon, Aug 30, 2010 at 7:18 PM, Bradley Hintze
 wrote:
> I am attempting to do a lengthe calculation that will require the user
> to wait a bit. I want a 'Please wait page to come up while the lengthy
> calculation is performed. I thought this might work:
>
> views.py
>
> def please_wait(request):
>    return HttpResponse('Please Wait..')
>
> def run_DHM(request):
>    please_wait(request)
>    lengthy calculations...
>
> This did not show the 'Please Wait' page. Is there a better way to do
> what I am trying to do?
>

You are not returning the HttpResponse object from please_wait(). But anyway,
doesn't work that way. At least with django.

What you can do is render a normal html with the message "Please wait",
then perform an ajax call to start the calculations and finally return
a json response
to display the result in the client-side.

Roughly:

def please_wait(request):
# ... setup context or something
return render_to_response("please_wait.html")

def run_DHM(request)
# ... perform calculations and collect the result in a dict
data = {"result": something}
return HttpResponse(json.dumps(data), mimetype="application/json")


# using jquery in your html

$.getJSON("/run_DHM/", function(data) {
// do something with result
console.log(data.result);
});



Rolando Espinoza La fuente
www.insophia.com

> --
> Bradley J. Hintze
> Graduate Student
> Duke University
> School of Medicine
> 801-712-8799
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: set utf8 as default database char set

2010-08-30 Thread Rolando Espinoza La Fuente 
On Mon, Aug 30, 2010 at 1:58 PM, elim  wrote:
> In my MySQL's my.ini, I have
>
> default-character-set=latin1
>
> But I like to use utf-8 for all my Django projects. What I should set
> in settings.py?

Django already uses utf8 by default. Even, as far I know, is not possible to use
another character encoding.

Regards,

Rolando Espinoza La fuente
www.insophia.com


> Thanks a lot.
>
> ===I just get Django installed, not even done with the 1st tutorial
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread dave b 
On 31 August 2010 12:04, Russell Keith-Magee  wrote:
>> On 8/30/2010 9:09 PM, dave b wrote:
>>> Do not pass go do not collect profit!
> ...
>>> Put your hands up in the air like you just don't care!
> ...
>>> blahblahblalbha sssh listen.
> ...
>
> On Tue, Aug 31, 2010 at 9:42 AM, Steve Holden  wrote:
>
>> Frankly, at this stage you can stick it up your ass and set fire to it
>> as far as I'm concerned. I like to delude myself that I am pretty
>> tolerant, but an ego the size of yours rubs me up the wrong way and I
>> start to forget my manners.
>
> Ok - before tempers get out of control, let's nip this in the bud.
>
> I don't care if the your weapon of choice is passive-aggressive
> expressions of pop culture, or detailed explorations of the
> appropriate application of incendiary products to bodily orifices --
> this kind of tone doesn't cast the community in a good light.
>
> We try to maintain a civil tone here. If you don't feel that you're
> able to maintain that tone, please walk away from this discussion.

Agreed, I apologize for my part in this.
Just a heads up have sent an email to bugtraq with this little issue
outlined in it.
While you wait for it to go through moderation here are some quotes
from much smarter people than myself:

"Those who cannot learn from history are doomed to repeat it."
"History is written by the victors. "
' "No comment" is a splendid expression. I am using it again and again. '
"Given enough eyeballs, all bugs are shallow. "

--
My only love sprung from my only hate!Too early seen unknown, and
known too late! -- William Shakespeare, "Romeo and Juliet"

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread Steve Holden 
Thanks for the reminder. I apologize.

regards
Steve

On Aug 30, 2010 10:04 PM, "Russell Keith-Magee" 
wrote:
>> On 8/30/2010 9:09 PM, dave b wrote:
>>> Do not pass go do not collect profit!
> ...
>>> Put your hands up in the air like you just don't care!
> ...
>>> blahblahblalbha sssh listen.
> ...
>
> On Tue, Aug 31, 2010 at 9:42 AM, Steve Holden  wrote:
>
>> Frankly, at this stage you can stick it up your ass and set fire to it
>> as far as I'm concerned. I like to delude myself that I am pretty
>> tolerant, but an ego the size of yours rubs me up the wrong way and I
>> start to forget my manners.
>
> Ok - before tempers get out of control, let's nip this in the bud.
>
> I don't care if the your weapon of choice is passive-aggressive
> expressions of pop culture, or detailed explorations of the
> appropriate application of incendiary products to bodily orifices --
> this kind of tone doesn't cast the community in a good light.
>
> We try to maintain a civil tone here. If you don't feel that you're
> able to maintain that tone, please walk away from this discussion.
>
> Yours
> Russ Magee %-)
>
> --
> You received this message because you are subscribed to the Google Groups
"Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
.
> For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread Russell Keith-Magee 
> On 8/30/2010 9:09 PM, dave b wrote:
>> Do not pass go do not collect profit!
...
>> Put your hands up in the air like you just don't care!
...
>> blahblahblalbha sssh listen.
...

On Tue, Aug 31, 2010 at 9:42 AM, Steve Holden  wrote:

> Frankly, at this stage you can stick it up your ass and set fire to it
> as far as I'm concerned. I like to delude myself that I am pretty
> tolerant, but an ego the size of yours rubs me up the wrong way and I
> start to forget my manners.

Ok - before tempers get out of control, let's nip this in the bud.

I don't care if the your weapon of choice is passive-aggressive
expressions of pop culture, or detailed explorations of the
appropriate application of incendiary products to bodily orifices --
this kind of tone doesn't cast the community in a good light.

We try to maintain a civil tone here. If you don't feel that you're
able to maintain that tone, please walk away from this discussion.

Yours
Russ Magee %-)

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread dave b 
> And, for the record, the fact that Ubuntu or Debian have chosen these
> defaults doesn't make Apache insecure either. System defaults exist to
> make it easy and obvious to get something started. A responsible
> sysadmin for a public-facing webserver shouldn't be using *any*
> OS-provided defaults without auditing them. To aid that process, the
> Django project is in a position to describe the sorts of issues that a
> sysadmin should watch out for; hence, documenting deployment-related
> security issues such as this one is in scope.
>
> However, at the end of the day, as Graham and I have *repeatedly* told
> you -- this is an issue that should be caught at the webserver, not at
> the application level. Even if we weren't talking about duplicating
> functionality (and we are), there are both practical and technical
> reasons why it is inappropriate for Django to implement file-upload
> size restrictions. This problem can be avoided with appropriate
> configuration of your web server, and therefore should be.

> If you can do that, this episode will blow over and soon you will be as
> welcome as everyone else. Carry on like you are doing and people will
> start to run the other way at the sight of your name.
Ok look. I am trying to be a nice guy here. You are making my job
harder than it should be.
Fact I reported a potential security bug, which did have the incorrect
description(sort of ;) ) at the start but then I have provided a clear
summary of the issue.

So let me tell you a story. A guy reports a bug to the django security
email, he gets a vacation reply. So he asks on irc in #django where he
should take the issue to next, he is told the django users mailing
list.
So he emails the list and they don't take him seriously. They claim
that the problem is that people shouldn't be using the default
webserver configurations. They claim the problem isn't our fault. They
also claim that the guy thinks he is smarter than others. They claim
that this guy is wrong because in the "real" world people don't use
defaults without auditing *all* of them right?

I can tell you that this guy feels really stupid right now.

Here something from the default php5 setup on debian(for apache).:
; Maximum size of POST data that PHP will accept.
post_max_size = 8M
...
; Maximum allowed size for uploaded files.
upload_max_filesize = 2M


; Maximum number of files that can be uploaded via a single request
max_file_uploads = 50


--
How apt the poor are to be proud.   -- William Shakespeare, 
"Twelfth-Night"

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread Russell Keith-Magee 
On Tue, Aug 31, 2010 at 9:09 AM, dave b  wrote:
>>> Secure by default please!
>>
>> That's an easy epithet to throw around, but I disagree that it is
>> appropriate here. "Security" doesn't mean "stops the user from making
>> mistakes".
>
> Look like wsgi, apache2 and django all on ubuntu PLACE no size limits
> at all by default. Isn't that neat?
> I think debian is the same too!
> Seriously, are you silly enough to think I was just using the
> development server for testing?
> Do not pass go do not collect profit!
>
>
>
>> it by default (i.e., no size limit). However, this relys on people
>> reading the documentation and determining an appropriate value for the
>> setting -- at which point, we've just duplicated the functionality of
>> Apache without actually changing anything.
>
> Incorrect. Put it in the changelog etc.
> I meant people are supposed to know about apache and its setup surely
> they should read the changelog when django changes? right.
>
>> IMHO, Graham is completely right when he says that the webserver is
>> the right place to catch this. Django isn't about to start introducing
>> more settings to duplicate functionality that is better provided by
>> other parts of the tool chain.
>
> I disagree. Very much so. Stop saying this isn't a django issue and
> start fixing it.
>
>> That said, there has been discussion recently about adding a section
>> to Django's docs talking about security issues -- things that may not
>> be immediately obvious about project design and configuration, but
>> would behoove users to think about. A discussion of this problem
>> sounds like it would be a good addition.
>
> Look you guys are saying that django is secure and then not willing to
> say "ok django might want to do something here". That's a great idea!
>
>>> Ok still following?
>>
>> Look -- Graham may not use Django on a daily basis, but he's not a
>> fool. For the record, neither am I. A cursory examination of his
>> history on this mailing list would indicate that saying "Add a
>> FileField uploading to /tmp to an existing model" would be more than
>> enough detail to describe your setup here.
>>
>> The part of this problem that you continue to refuse to describe is
>> *THE ONLY PART THAT MATTERS* - the web server configuration that
>> you're using to make your assertion.
>
>
> The default wsgi apache2 setup on $distro is a good testing place for
> this if you want to test how people will likely have it setup, or was
> said to me in prior emails here. I have tested it against that setup
> of course and *against* *many* others.
>
>
>
>>> apache setup etc.).
>>
>> The implication here is that you *haven't* tried this with Apache.
>> Worse still, it sounds like you might be trying to use the Django
>> development server as your test case to validate that this is a
>> problem.
>
> I can assure you I have tested this against apache2 with wsgi running
> with django.
>
>
>>> What do you say to this ?
>>
>> I say that this is the reason we're getting frustrated.
>
> Put your hands up in the air like you just don't care!
>
>> So far, you haven't actually told us which web server you *are* using.
>> You keep alluding to this "not-apache" webserver, but you haven't
>> actually said which webserver you *are* using.
> This doesn't even matter here, my attack works against the default
> apache wsgi and django setup K THX BIA.
>
>> Apache has it's faults, but it is feature complete, battle hardened,
>> widely available, and almost certainly the most widely used webserver
>> for Django deployment. It's also the webserver that virtually every
>> Django user and developer will have some experience in using. If a
>> potential problem exists in at the server level, Apache is the best
>> lingua franca to use in demonstrating it.
>
> Done that :)
> blahblahblalbha sssh listen. No Of course I have tested it against that.
> How confident are you in that in every possible setup for django used
> in production, this issue isn't a problem?
>
>> If the problem is actually that you're using a custom HTTP server, and
>> that custom HTTP server isn't providing a feature that you need (such
>> as a way to reject large uploads)
>
> Look. Should I post this to somewhere more security related on the internet?

Do whatever floats your boat. Graham and I have both explained the
situation. If anyone asks the same questions, we'll give them the same
answer.

> Summary:
> In the default setup of wsgi, apache and django (on distributions like
> ubuntu and debian) by default there are no limits on the size of a
> file that an attacker can upload.
> http://cwe.mitre.org/top25/#CWE-770 and see example 2 at
> http://cwe.mitre.org/data/definitions/770.html

One last try for your benefit:

If you have your Apache install configured to accept arbitrarily sized
uploads, your Apache install will accept arbitrarily sized uploads.
This should not be surprising behavior.

If Debian or Ubuntu are packaging Apache with this as the

Re: hosting django applications

2010-08-30 Thread creecode 
Hello Rodrigo,

I'm happy with EC2.  Others feel it is not a good value for the
money.  Previous posts to this group have gone over this topic so you
may want to look those message up.

On Aug 27, 6:54 pm, Rodrigo Lombardo  wrote:

> I'm planning to deploy my first django application and I think it will
> have more reads than writes and at least 1 requests a day. So I
> will take care about the system cache. I think FreeBSD(my prefered OS)
> would do the job, but I heard good things about Amazon EC2 and I would
> like to know if anyone here is happy with the Amazon's service.

Toodle-loo.
creecode

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread Steve Holden 
On 8/30/2010 9:09 PM, dave b wrote:
>>> Secure by default please!
>>
>> That's an easy epithet to throw around, but I disagree that it is
>> appropriate here. "Security" doesn't mean "stops the user from making
>> mistakes".
> 
> Look like wsgi, apache2 and django all on ubuntu PLACE no size limits
> at all by default. Isn't that neat?
> I think debian is the same too!
> Seriously, are you silly enough to think I was just using the
> development server for testing?
> Do not pass go do not collect profit!
> 
Talking that way to Russell Keith-Magee just makes you look like a
troll. If you think there is even a possibility that he is that silly
then you are clearly sadly deluded. Russell is well know throughout the
Django community (and outside it) for his deep understanding of the
issues and compromises involved in building a professional web framework.

You, on the other hand, are a complete unknown who has walked in off the
street and started to make a lot of noise. All this has achieved is to
demonstrate your total incomprehension of how to achieve practical
results, which despite your focus on only the technical issues that
interest you involves knowing how to interact with people as well.

It's kind of cute that you appear to think you might be smarter than me
(though you certainly don't have as much experience, and frankly I think
I would be likely to win in sheer sex appeal too). It's sheer lunacy to
think you might be smarter than Keith-Magee and Dumpleton (though you
may *just* beat Graham on people skills, he has the definite advantage
that he has demonstrated he knows what he's talking about).
> 
> 
>> it by default (i.e., no size limit). However, this relys on people
>> reading the documentation and determining an appropriate value for the
>> setting -- at which point, we've just duplicated the functionality of
>> Apache without actually changing anything.
> 
> Incorrect. Put it in the changelog etc.
> I meant people are supposed to know about apache and its setup surely
> they should read the changelog when django changes? right.
> 
>> IMHO, Graham is completely right when he says that the webserver is
>> the right place to catch this. Django isn't about to start introducing
>> more settings to duplicate functionality that is better provided by
>> other parts of the tool chain.
> 
> I disagree. Very much so. Stop saying this isn't a django issue and
> start fixing it.
> 
Who are you to tell the Django developers what to be doing? If you have
a demonstrated public record of making sound engineering decisions that
resulted in well-constructed systems, *then* your opinion might count
for something. You don't just need brains, you need to now how to use
them as well.
> 
>> That said, there has been discussion recently about adding a section
>> to Django's docs talking about security issues -- things that may not
>> be immediately obvious about project design and configuration, but
>> would behoove users to think about. A discussion of this problem
>> sounds like it would be a good addition.
> 
> Look you guys are saying that django is secure and then not willing to
> say "ok django might want to do something here". That's a great idea!
> 
> 
>>> Ok still following?
>>
>> Look -- Graham may not use Django on a daily basis, but he's not a
>> fool. For the record, neither am I. A cursory examination of his
>> history on this mailing list would indicate that saying "Add a
>> FileField uploading to /tmp to an existing model" would be more than
>> enough detail to describe your setup here.
>>
>> The part of this problem that you continue to refuse to describe is
>> *THE ONLY PART THAT MATTERS* - the web server configuration that
>> you're using to make your assertion.
> 
> The default wsgi apache2 setup on $distro is a good testing place for
> this if you want to test how people will likely have it setup, or was
> said to me in prior emails here. I have tested it against that setup
> of course and *against* *many* others.
> 
Sigh. It has already been clearly explained to you that the default
installation of anything isn't a reliable way to measure a platform's
fitness for purpose. If you want to run a production server on the
default installation of Apache how far do you think you will get?

The point is, serious people with serious production problems well
understand the issues that can come up, and the don't expect that the
products they use will meet their needs out of the box.

Go to Google and look up the phrase "one-trick pony". That's where I
have you filed right now.
> 
> 
>>> apache setup etc.).
>>
>> The implication here is that you *haven't* tried this with Apache.
>> Worse still, it sounds like you might be trying to use the Django
>> development server as your test case to validate that this is a
>> problem.
> 
> I can assure you I have tested this against apache2 with wsgi running
> with django.
> 
But still you refuse to show us the results? That seems a bit perverse.
> 
>>> What do you

django 1.2.1 csrf error

2010-08-30 Thread womenshizuihaode womenshizuihaode 
under wsgi + apache, there is no error

but when i change to nginx + fastcgi, i got csrf error.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread Tim Chase 

On 08/30/10 10:09, dave b wrote:

well you finish the tutorial(s) now and then you try to upload
a file right? So you start uploading the file. Now because (I
assume you are still using the django built in webserver) why
don't you play with this a bit, start uploading say 10 1gb
files(all at once) then stop them(all) at around say 700mb~
in.


Is it just me, or will this fail to make a difference because the 
devserver is single-threaded, so it will only respond to one 
request at a time?  ...so you can't concurrently upload 10 1gb 
files...


From my testing (granted this was run against something pre-1.2 
so things may have changed since then), as soon as you initiate 
the first file upload, you're monopolizing the devserver process, 
preventing further attempts to do the following 9 uploads until 
the first has completed (successfully or aborted).


Not that you'd want to use devserver in a production environment 
anyways, as Russell points out in the documentation[1].  Note the 
"DO NOT USE THIS SERVER IN A PRODUCTION SETTING."  It's not very 
subtle about that. :)


-tkc

[1]
http://docs.djangoproject.com/en/dev/ref/django-admin/?from=olddocs#runserver-port-or-ipaddr-port




--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread dave b 
>
> From my testing (granted this was run against something pre-1.2 so things
> may have changed since then), as soon as you initiate the first file upload,
> you're monopolizing the devserver process, preventing further attempts to do
> the following 9 uploads until the first has completed (successfully or
> aborted).
>
> Not that you'd want to use devserver in a production environment anyways, as
> Russell points out in the documentation[1].  Note the "DO NOT USE THIS
> SERVER IN A PRODUCTION SETTING."  It's not very subtle about that. :)

Exactly!
So test against wsgi and apache2 ;)


--
There's small choice in rotten apples.  -- William Shakespeare, "The
Taming of the Shrew"

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread dave b 
>> Secure by default please!
>
> That's an easy epithet to throw around, but I disagree that it is
> appropriate here. "Security" doesn't mean "stops the user from making
> mistakes".

Look like wsgi, apache2 and django all on ubuntu PLACE no size limits
at all by default. Isn't that neat?
I think debian is the same too!
Seriously, are you silly enough to think I was just using the
development server for testing?
Do not pass go do not collect profit!



> it by default (i.e., no size limit). However, this relys on people
> reading the documentation and determining an appropriate value for the
> setting -- at which point, we've just duplicated the functionality of
> Apache without actually changing anything.

Incorrect. Put it in the changelog etc.
I meant people are supposed to know about apache and its setup surely
they should read the changelog when django changes? right.

> IMHO, Graham is completely right when he says that the webserver is
> the right place to catch this. Django isn't about to start introducing
> more settings to duplicate functionality that is better provided by
> other parts of the tool chain.

I disagree. Very much so. Stop saying this isn't a django issue and
start fixing it.


> That said, there has been discussion recently about adding a section
> to Django's docs talking about security issues -- things that may not
> be immediately obvious about project design and configuration, but
> would behoove users to think about. A discussion of this problem
> sounds like it would be a good addition.

Look you guys are saying that django is secure and then not willing to
say "ok django might want to do something here". That's a great idea!


>> Ok still following?
>
> Look -- Graham may not use Django on a daily basis, but he's not a
> fool. For the record, neither am I. A cursory examination of his
> history on this mailing list would indicate that saying "Add a
> FileField uploading to /tmp to an existing model" would be more than
> enough detail to describe your setup here.
>
> The part of this problem that you continue to refuse to describe is
> *THE ONLY PART THAT MATTERS* - the web server configuration that
> you're using to make your assertion.


The default wsgi apache2 setup on $distro is a good testing place for
this if you want to test how people will likely have it setup, or was
said to me in prior emails here. I have tested it against that setup
of course and *against* *many* others.



>> apache setup etc.).
>
> The implication here is that you *haven't* tried this with Apache.
> Worse still, it sounds like you might be trying to use the Django
> development server as your test case to validate that this is a
> problem.

I can assure you I have tested this against apache2 with wsgi running
with django.


>> What do you say to this ?
>
> I say that this is the reason we're getting frustrated.

Put your hands up in the air like you just don't care!

> So far, you haven't actually told us which web server you *are* using.
> You keep alluding to this "not-apache" webserver, but you haven't
> actually said which webserver you *are* using.
This doesn't even matter here, my attack works against the default
apache wsgi and django setup K THX BIA.

> Apache has it's faults, but it is feature complete, battle hardened,
> widely available, and almost certainly the most widely used webserver
> for Django deployment. It's also the webserver that virtually every
> Django user and developer will have some experience in using. If a
> potential problem exists in at the server level, Apache is the best
> lingua franca to use in demonstrating it.

Done that :)
blahblahblalbha sssh listen. No Of course I have tested it against that.
How confident are you in that in every possible setup for django used
in production, this issue isn't a problem?

> If the problem is actually that you're using a custom HTTP server, and
> that custom HTTP server isn't providing a feature that you need (such
> as a way to reject large uploads)

Look. Should I post this to somewhere more security related on the internet?

Summary:
In the default setup of wsgi, apache and django (on distributions like
ubuntu and debian) by default there are no limits on the size of a
file that an attacker can upload.
http://cwe.mitre.org/top25/#CWE-770 and see example 2 at
http://cwe.mitre.org/data/definitions/770.html



--
Conscience doth make cowards of us all. -- Shakespeare

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread Russell Keith-Magee 
On Mon, Aug 30, 2010 at 11:09 PM, dave b  wrote:
>> I don't actually use Django so not 100% sure, but yes there possibly
>> isn't an equivalent of LimitRequestBody definable within Django unless
>> can be done with middleware.
>
> Ok so you don't even use django, ok...
> You know I think I missed your presentation at pycon-au.

Whether Graham uses Django isn't especially relevant here. You've been
making a bunch of claims about mod_wsgi and Apache behavior. Graham is
most certainly an expert on those two tools.

>> So, yes it may make sense for Django to have a fail safe and allow you
>> to specify a maximum on upload size if it doesn't already, but that is
>> only of use where you haven't set up your production web server
>> properly to protect you from abuses, something you should be doing.
>
> Yes and  imho it should be in django by default, not up to end django
> users to figure out.
> Secure by default please!

That's an easy epithet to throw around, but I disagree that it is
appropriate here. "Security" doesn't mean "stops the user from making
mistakes".

Also, consider this from a practical standpoint. If we introduced this
setting, we would need to introduce it with a default value. If we set
that limit to a low value (say, 10MB), lots of existing users would
discover that their website suddenly stopped accepting files. If we
set the value high (say 1GB), the attack still exists -- a malicious
user could upload a series of 999MB files. The only truly
backwards-compatibly option is to introduce the setting, but disable
it by default (i.e., no size limit). However, this relys on people
reading the documentation and determining an appropriate value for the
setting -- at which point, we've just duplicated the functionality of
Apache without actually changing anything.

IMHO, Graham is completely right when he says that the webserver is
the right place to catch this. Django isn't about to start introducing
more settings to duplicate functionality that is better provided by
other parts of the tool chain.

This is not an isolated policy decision, either. For example, Django
*could* provide a database connection pool -- but we have resolutely
refused to do so, on the grounds that there are excellent third party
tools that implement this functionality. Just because we *can* doesn't
mean we *should*.

That said, there has been discussion recently about adding a section
to Django's docs talking about security issues -- things that may not
be immediately obvious about project design and configuration, but
would behoove users to think about. A discussion of this problem
sounds like it would be a good addition.

>> For the third time I ask you whether you have actually gone and tested
>> your hypothesis and can provide a working test case that demonstrates
>> the problem.
> Ok. Look. You don't use django.
> 1. Try this - go to the django website
> http://docs.djangoproject.com/en/dev/intro/tutorial01/
>
> 2. and follow the tutorial 1 (and  also do 2 ) when it says put the
> poll file like this:
> from django.db import models
>
> class Poll(models.Model):
>    question = models.CharField(max_length=200)
>    pub_date = models.DateTimeField('date published')
>
> class Choice(models.Model):
>    poll = models.ForeignKey(Poll)
>    choice = models.CharField(max_length=200)
>    votes = models.IntegerField()
>
> put this instead:
>
> from django.db import models
> import datetime
>
> class Poll(models.Model):
>        question = models.CharField(max_length=200)
>        pub_date = models.DateTimeField('date published')
>        filed = models.FileField(upload_to="tmp/")
>        def __unicode__(self):
>                return self.question
>        def was_published_today(self):
>                return self.pub_date.date() == datetime.date.today()
>
>
> class Choice(models.Model):
>        poll = models.ForeignKey(Poll)
>        choice = models.CharField(max_length=200)
>        votes = models.IntegerField()
>        filed = models.FileField(upload_to="tmp/")
>        def __unicode__(self):
>                return self.choice
>
> Ok still following?

Look -- Graham may not use Django on a daily basis, but he's not a
fool. For the record, neither am I. A cursory examination of his
history on this mailing list would indicate that saying "Add a
FileField uploading to /tmp to an existing model" would be more than
enough detail to describe your setup here.

The part of this problem that you continue to refuse to describe is
*THE ONLY PART THAT MATTERS* - the web server configuration that
you're using to make your assertion.

> well you finish the tutorial(s) now and then you try to upload a file right?
> So you start uploading the file. Now because (I assume you are still
> using the django built in webserver) why don't you play with this a
> bit, start uploading say 10 1gb files(all at once) then stop them(all)
> at around say 700mb~ in.
> Have fun! (obviously you should go further than this and

Re: potential issue re in memory django file uploading.

2010-08-30 Thread Graham Dumpleton 


On Aug 31, 1:09 am, dave b  wrote:
> /me rolls eyes.
> You have a valid point re /tmp, sorry I am used to mounting /tmp as
> /tmpfs - my mistake :)
> Ok lets be *really* clear the security problem still exists.
> An attack can in the limits set on the maximum post by the httpd /
> module in use upload a large file.

Using /tmp or /var is potentially a silly place to put uploads anyway.
This is because they are partitions dependent upon by other
applications. If you fill up those partitions you will impact those
other applications and they could fail and stuff up your system in
other ways. A decent production setup would put uploads in a dedicated
partition where use can be properly controlled.

> > I don't actually use Django so not 100% sure, but yes there possibly
> > isn't an equivalent of LimitRequestBody definable within Django unless
> > can be done with middleware.
>
> Ok so you don't even use django, ok...
> You know I think I missed your presentation at pycon-au.
>
> > So, yes it may make sense for Django to have a fail safe and allow you
> > to specify a maximum on upload size if it doesn't already, but that is
> > only of use where you haven't set up your production web server
> > properly to protect you from abuses, something you should be doing.
>
> Yes and  imho it should be in django by default, not up to end django
> users to figure out.
> Secure by default please!

It isn't that simple though. It may be quite unrealistic to have a
single global value. This is because in practice, what is a valid
maximum for an form post/upload depends on the URL.

This is why using front end web server like Apache is preferred,
because its Location directive allows you to implement more fine
grained control than what a single value allows.

For example, you could have a default of:

  LimitRequestBody 100

but then for a specific URL designed to handle large uploads, you
could have:

  LimitRequestBody 1

Allowing this in Django itself would be harder.

The fact still remains that you should do these things using what is
the most appropriate tool and Django isn't going to be the right
place.

It certainly would be very dangerous to rely purely on Django defaults
in a production setting and if that is the approach you take for your
systems, I would be quite concerned as through ignoring the abilities
of the web server to protect you, you may be opening yourself up to
even more danger. You always want to be cutting off things as early as
possible where it can be done efficiently. Doing it in your Python web
application is the worst place to do it as you still clog up the
pipeline and are also having to do it with a programming language
which isn't going to be as efficient in dealing things as pure C code
in the web server.

> > Anyway, I would have to agree with Russell, you are simply not making
> > yourself clear enough and to added to that seem to keep echoing
> > statements that have been refuted.
>
> If you say so. I was pushing some other(more aggressive) impacts in
> exotic configurations with custom httpd etc. .
>
> > For the third time I ask you whether you have actually gone and tested
> > your hypothesis and can provide a working test case that demonstrates
> > the problem.
>
> Ok. Look. You don't use django.
> 1. Try this - go to the django 
> websitehttp://docs.djangoproject.com/en/dev/intro/tutorial01/

Be careful. I may not use Django, but I am not ignorant. I would
probably know more than most about the internal workings of Django and
Python web frameworks in general, and most definitely would know more
in regard to the interface between web server and web framework/
application. I am also well capable of reading code to get an
understanding things.

> 2. and follow the tutorial 1 (and  also do 2 ) when it says put the
> poll file like this:
> ...
> Ok still following?
> well you finish the tutorial(s) now and then you try to upload a file right?
> So you start uploading the file. Now because (I assume you are still
> using the django built in webserver) why don't you play with this a
> bit, start uploading say 10 1gb files(all at once) then stop them(all)
> at around say 700mb~ in.

The Django development server is single threaded so it isn't going to
do what I expect you think it is. If I cut them all off while still
processing the first, the latter requests wouldn't even have been
accepted by the web server at that point and so do nothing.

Using the development server as a guide is also stupid. If you use a
real server, even one that can handle concurrent requests, if the
client connection is cut off, the application should se an exception
for the broken connection prior to all content being received.
Presumably in that case the upload file will be removed as wasn't
complete. Also, if you do manage to fill up the disk partition then
the write of data to file will fail and again an exception will occur
and file should be removed. If Django isn't

Please wait page trouble

2010-08-30 Thread Bradley Hintze 
I am attempting to do a lengthe calculation that will require the user
to wait a bit. I want a 'Please wait page to come up while the lengthy
calculation is performed. I thought this might work:

views.py

def please_wait(request):
return HttpResponse('Please Wait..')

def run_DHM(request):
please_wait(request)
lengthy calculations...


This did not show the 'Please Wait' page. Is there a better way to do
what I am trying to do?

-- 
Bradley J. Hintze
Graduate Student
Duke University
School of Medicine
801-712-8799

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Staticstic app, ask for idea.

2010-08-30 Thread sebastien piquemal 
I created an app to easily generate the stats part :
http://code.google.com/p/django-cube/ ; however you still have to
create the chart, for example with matplotlib :
http://www.scipy.org/Cookbook/Matplotlib/Django.

To create your stats with django-cube, you can use this code :

from cube.models import Cube, Dimension

class MyModelCube(Cube):
my_dimension = Dimension(field='my_float_field__range',
sample_space=[(0, 1.5), (1.5, 6.2)])

@static
def aggregation(queryset):
return queryset.count()/MyModel.objects.count() * 100

- You specify one dimension for the cube, this dimension refers to the
field lookup 'my_float_field__range' (where 'my_float_field' is of
course the name of your field)
- then you specify a sample space for this dimension, which in fact
means that you specify for which ranges the stats will be calculated
(here, on the ranges (0, 1.5) and (1.5, 6.2))
- then you write your aggregation function, which is in your case a
percentage calculation ('queryset' is the queryset filtered according
to the dimensions you will use while querying the cube, divided by the
total, multiplied by 100)
- finally, you instantiate a cube with a base queryset, and use one of
the methods provided to calculate the statistics

Ok, the doc is kind of bad for now, but I can help you if you want to
use it but you don't manage to do so.

On Aug 30, 8:24 pm, hollando  wrote:
> I want to make a statistic app.
> There is a float field in my model(table).I want to use a chart to
> show what's the percentage in each range.
> Any suggestion to make such and app that can fit into django model.
> Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Saving a location with a model

2010-08-30 Thread Joel Klabo 
looks cool. Any problems with just adding lattitude and longitute
float fields?

On Aug 30, 3:38 pm, Mikhail Korobov  wrote:
> You may find this useful:http://bitbucket.org/barttc/django-generic-location
>
> On 31 авг, 04:05, Joel Klabo  wrote:
>
>
>
> > I want to tie a location to each instance of a model. I am planning on
> > getting the lat/long. from navigator.geolocation through javascript.
> > My original idea is to have a location model with fields, latitude,
> > longitude, and the id of whatever model it is linked to. Is that the
> > way to go? Anyone have experience with this?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Saving a location with a model

2010-08-30 Thread Mikhail Korobov 
You may find this useful: http://bitbucket.org/barttc/django-generic-location

On 31 авг, 04:05, Joel Klabo  wrote:
> I want to tie a location to each instance of a model. I am planning on
> getting the lat/long. from navigator.geolocation through javascript.
> My original idea is to have a location model with fields, latitude,
> longitude, and the id of whatever model it is linked to. Is that the
> way to go? Anyone have experience with this?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Saving a location with a model

2010-08-30 Thread Joel Klabo 
I want to tie a location to each instance of a model. I am planning on
getting the lat/long. from navigator.geolocation through javascript.
My original idea is to have a location model with fields, latitude,
longitude, and the id of whatever model it is linked to. Is that the
way to go? Anyone have experience with this?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: urlencode in Django

2010-08-30 Thread refreegrata 
now works for all characters. I don't  know why, but now finally
works. ñ is converted to "%C3%B1", ó is converted to "%C3%B3", + to
"%2B", ...

thanks.

P.D.: I hate use special characters in an url, generaly is a bad idea,
but is necessary in my application.
The client want to filter registers according the  name, and the name
can have special characters, and i must to paginate the results. The
other option is use a ghost form and javascript.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: urlencode in Django

2010-08-30 Thread Alexandre González 
use a ñ in a url isn't a good way to work... why don't you change it for a
n? With a ñ you could have problems between explorers.

Anyway, you can use link

On Mon, Aug 30, 2010 at 23:29, refreegrata  wrote:

> i know how configure my urls.py is ok, with regular expression. but i
> must do something like
>
> link
>
> Now works. In the browser url the character "ñ" is not converted to
> "%C3%B1", but the character "+" is converted to "%2B". maybe i have
> some problems with the theory. Maybe the character "ñ" isn't a
> problem, and for this reason is not converted.
>
> Thanks for read.
>
> On 30 ago, 17:13, Alexandre González  wrote:
> > With django you can define you url in urls.py as:
> >
> > url(r'^sample$', sample, name='the_name'),
> >
> > and then in your template use: {% url the_name %}
> >
> > If it need a id or similar you can provide it with {% url the_name ID %}
> >
> >
> >
> > On Mon, Aug 30, 2010 at 23:08, refreegrata 
> wrote:
> > > for the moment i don´t have a problem, the section of my site work's
> > > fine. Maybe is just a PHP habit.
> >
> > > In php when a wont to build an url in the template  i do somethin like
> > > 
> > > 
> > > echo 'http://mysite.php?aaa='.urlencode($aaa).'>link';
> > > --
> > > because $aaa can have some special characters.
> >
> > > I thought that the urlencode filter do this in django. I must to build
> > > an url in the template with parameters for a filtered pagination.
> >
> > > On 30 ago, 16:44, Alexandre González  wrote:
> > > > Why do you like to do it?
> >
> > > > I think that your problem is with codification, and not with
> > > urlenconde...
> > > > try to search about utf8 and html
> >
> > > > On Mon, Aug 30, 2010 at 22:09, refreegrata 
> > > wrote:
> > > > > i'm sorry in my last time  accidentally send the post before of
> > > > > finish.
> > > > > I try to do in the template something like
> > > > > {{ my_var|urlencode }}
> > > > > but  don't work. Can i do something like an urlencode in the
> template?
> >
> > > > > P.D.: I'm from Chile.
> >
> > > > > --
> > > > > You received this message because you are subscribed to the Google
> > > Groups
> > > > > "Django users" group.
> > > > > To post to this group, send email to django-users@googlegroups.com
> .
> > > > > To unsubscribe from this group, send email to
> > > > > django-users+unsubscr...@googlegroups.com
> 
> >
> > > 
> 
> >
> >
> > > > > .
> > > > > For more options, visit this group at
> > > > >http://groups.google.com/group/django-users?hl=en.
> >
> > > > --
> > > > Please, don't send me files with extensions: .doc, .docx, .xls,
> .xlsx,
> > > .ppt
> > > > and/or .pptx
> >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "Django users" group.
> > > To post to this group, send email to django-us...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > django-users+unsubscr...@googlegroups.com
> 
> >
> > > .
> > > For more options, visit this group at
> > >http://groups.google.com/group/django-users?hl=en.
> >
> > --
> > Please, don't send me files with extensions: .doc, .docx, .xls, .xlsx,
> .ppt
> > and/or .pptx
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>


-- 
Please, don't send me files with extensions: .doc, .docx, .xls, .xlsx, .ppt
and/or .pptx

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: urlencode in Django

2010-08-30 Thread refreegrata 
i know how configure my urls.py is ok, with regular expression. but i
must do something like

link

Now works. In the browser url the character "ñ" is not converted to
"%C3%B1", but the character "+" is converted to "%2B". maybe i have
some problems with the theory. Maybe the character "ñ" isn't a
problem, and for this reason is not converted.

Thanks for read.

On 30 ago, 17:13, Alexandre González  wrote:
> With django you can define you url in urls.py as:
>
> url(r'^sample$', sample, name='the_name'),
>
> and then in your template use: {% url the_name %}
>
> If it need a id or similar you can provide it with {% url the_name ID %}
>
>
>
> On Mon, Aug 30, 2010 at 23:08, refreegrata  wrote:
> > for the moment i don´t have a problem, the section of my site work's
> > fine. Maybe is just a PHP habit.
>
> > In php when a wont to build an url in the template  i do somethin like
> > 
> > 
> > echo 'http://mysite.php?aaa='.urlencode($aaa).'>link';
> > --
> > because $aaa can have some special characters.
>
> > I thought that the urlencode filter do this in django. I must to build
> > an url in the template with parameters for a filtered pagination.
>
> > On 30 ago, 16:44, Alexandre González  wrote:
> > > Why do you like to do it?
>
> > > I think that your problem is with codification, and not with
> > urlenconde...
> > > try to search about utf8 and html
>
> > > On Mon, Aug 30, 2010 at 22:09, refreegrata 
> > wrote:
> > > > i'm sorry in my last time  accidentally send the post before of
> > > > finish.
> > > > I try to do in the template something like
> > > > {{ my_var|urlencode }}
> > > > but  don't work. Can i do something like an urlencode in the template?
>
> > > > P.D.: I'm from Chile.
>
> > > > --
> > > > You received this message because you are subscribed to the Google
> > Groups
> > > > "Django users" group.
> > > > To post to this group, send email to django-us...@googlegroups.com.
> > > > To unsubscribe from this group, send email to
> > > > django-users+unsubscr...@googlegroups.com
> > 
>
> > > > .
> > > > For more options, visit this group at
> > > >http://groups.google.com/group/django-users?hl=en.
>
> > > --
> > > Please, don't send me files with extensions: .doc, .docx, .xls, .xlsx,
> > .ppt
> > > and/or .pptx
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to django-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscr...@googlegroups.com
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/django-users?hl=en.
>
> --
> Please, don't send me files with extensions: .doc, .docx, .xls, .xlsx, .ppt
> and/or .pptx

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Pass extra data in post_save?

2010-08-30 Thread bruno desthuilliers 


On 30 août, 17:58, Bill Freeman  wrote:
> If you have control of the sending model, you can, so long as you
> avoid field and method names,

???

> just add a reference to the user to the
> instance.

If the OP has control over the sending model, he can overrides the
save method. FWIW, he can even override the save method without having
control over the sending model - monkeypatching is nothing new in
dynamic languages.

>    inst.user = request.user

Err... Actually, the post_save signal handler has no access to the
request object. Where's your request object coming from here ?

> Since it's not a field, it won't affect the saving of the instance,

Whatever you do in a *post*_save signal handler won't affect what's
just been saved. That is, unless you try to re-save the instance from
the signal handler, which is definitly not a good idea (I do hope you
understand why ?)...

> but it will be there in the instance passed in the signal.
>

Yes, fine. And then ? How does this answer the OP question ?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: urlencode in Django

2010-08-30 Thread Alexandre González 
With django you can define you url in urls.py as:

url(r'^sample$', sample, name='the_name'),

and then in your template use: {% url the_name %}

If it need a id or similar you can provide it with {% url the_name ID %}

On Mon, Aug 30, 2010 at 23:08, refreegrata  wrote:

> for the moment i don´t have a problem, the section of my site work's
> fine. Maybe is just a PHP habit.
>
> In php when a wont to build an url in the template  i do somethin like
> 
> 
> echo 'http://mysite.php?aaa='.urlencode($aaa).'>link';
> --
> because $aaa can have some special characters.
>
> I thought that the urlencode filter do this in django. I must to build
> an url in the template with parameters for a filtered pagination.
>
> On 30 ago, 16:44, Alexandre González  wrote:
> > Why do you like to do it?
> >
> > I think that your problem is with codification, and not with
> urlenconde...
> > try to search about utf8 and html
> >
> >
> >
> > On Mon, Aug 30, 2010 at 22:09, refreegrata 
> wrote:
> > > i'm sorry in my last time  accidentally send the post before of
> > > finish.
> > > I try to do in the template something like
> > > {{ my_var|urlencode }}
> > > but  don't work. Can i do something like an urlencode in the template?
> >
> > > P.D.: I'm from Chile.
> >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "Django users" group.
> > > To post to this group, send email to django-us...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > django-users+unsubscr...@googlegroups.com
> 
> >
> > > .
> > > For more options, visit this group at
> > >http://groups.google.com/group/django-users?hl=en.
> >
> > --
> > Please, don't send me files with extensions: .doc, .docx, .xls, .xlsx,
> .ppt
> > and/or .pptx
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>


-- 
Please, don't send me files with extensions: .doc, .docx, .xls, .xlsx, .ppt
and/or .pptx

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: urlencode in Django

2010-08-30 Thread refreegrata 
for the moment i don´t have a problem, the section of my site work's
fine. Maybe is just a PHP habit.

In php when a wont to build an url in the template  i do somethin like


echo 'http://mysite.php?aaa='.urlencode($aaa).'>link';
--
because $aaa can have some special characters.

I thought that the urlencode filter do this in django. I must to build
an url in the template with parameters for a filtered pagination.

On 30 ago, 16:44, Alexandre González  wrote:
> Why do you like to do it?
>
> I think that your problem is with codification, and not with urlenconde...
> try to search about utf8 and html
>
>
>
> On Mon, Aug 30, 2010 at 22:09, refreegrata  wrote:
> > i'm sorry in my last time  accidentally send the post before of
> > finish.
> > I try to do in the template something like
> > {{ my_var|urlencode }}
> > but  don't work. Can i do something like an urlencode in the template?
>
> > P.D.: I'm from Chile.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to django-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscr...@googlegroups.com
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/django-users?hl=en.
>
> --
> Please, don't send me files with extensions: .doc, .docx, .xls, .xlsx, .ppt
> and/or .pptx

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Staticstic app, ask for idea.

2010-08-30 Thread bruno desthuilliers 
On 30 août, 20:24, hollando  wrote:
> I want to make a statistic app.
> There is a float field in my model(table).I want to use a chart to
> show what's the percentage in each range.
> Any suggestion to make such and app that can fit into django model.

Nope, but reposting the same question two times in two minutes under
two different names won't help.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: urlencode in Django

2010-08-30 Thread Alexandre González 
Why do you like to do it?

I think that your problem is with codification, and not with urlenconde...
try to search about utf8 and html

On Mon, Aug 30, 2010 at 22:09, refreegrata  wrote:

> i'm sorry in my last time  accidentally send the post before of
> finish.
> I try to do in the template something like
> {{ my_var|urlencode }}
> but  don't work. Can i do something like an urlencode in the template?
>
> P.D.: I'm from Chile.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>


-- 
Please, don't send me files with extensions: .doc, .docx, .xls, .xlsx, .ppt
and/or .pptx

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: {% csrf_token %} template tag not outputting the hidden field

2010-08-30 Thread Daniel Lathrop 
I may misunderstand how csrf_token works, but I think it needs to be used in
conjunction with the forms system, which would require you to pass a form to
your template. Are you doing that?

Daniel Lathrop
News Applications Editor
The Dallas Morning News
---
Daniel Lathrop
206.718.0349 (cell)


On Mon, Aug 30, 2010 at 11:46 AM, Erik  wrote:

> Hi Django Users-
> I'm having trouble with the {% csrf_token %} tag.
> On my site I have a regular login view / page / url, which uses
> the django contrib registration app.  I include the CSRF token in my
> login template and it works fine.
> I'd also like a little login box in the corner of every page,
> which will either show a login form or a "you're logged in!" message
> depending on whether the user is logged in.  So, I wrote a little form
> into my base.html template that other templates inherit from; and I
> stuck the {% csrf_token %} tag in there as well.
> The part I don't understand is, if I load the login url in the
> browser ( mysite.com/login/ ) both forms work, I can login with them,
> and when I view the source the CSRF token tag has put a hidden field
> into my form.
> However, when I'm on any other page - for example the front page
> - the token tag just leaves a blank space and doesn't output anything,
> but it doesn't give me an error message on loading the page - as it
> would when I try to use a token tag that doesn't exist - such as {%
> faketokentag  %}.  Of course, because the csrf token tag doesn't
> create any output (in the HTML source generated) when the form is
> submitted the CSRF error occurs.
> I'm rendering all such pages with the generic view
> direct_to_template , which, because it's a generic view, the
> documentation suggests should just work with CSRF.
> Does anyone have any suggestions?
>
> Thank you,
> Erik
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Missing template variable when using django admin list_display

2010-08-30 Thread christian.oudard 
On Django 1.2, I'm getting a missing template variable when using a
custom formatter in the django admin.

Here is my admin class:

class CustomerAdmin(admin.ModelAdmin):
fields = [
'name',
]
list_display = [
'name',
'customer_tenants',
]
def customer_tenants(self, customer):
return u', '.join(t.subdomain for t in
customer.tenant_set.all())
customer_tenants.short_description = 'Tenants'

The error seems to be the same one as in this ticket:
http://code.djangoproject.com/ticket/2583

Looking at the template from the admin app, the header.class_attrib
seems to be missing. This is generated internally by django.

I can fix the error by changing the template admin/
change_list_results.html by putting an if statement around the
{{ header.class_attrib }} variable:

{% for header in result_headers %}

Is this an error due to improper configuration or due to a bug in
django?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: urlencode in Django

2010-08-30 Thread refreegrata 
i'm sorry in my last time  accidentally send the post before of
finish.
I try to do in the template something like
{{ my_var|urlencode }}
but  don't work. Can i do something like an urlencode in the template?

P.D.: I'm from Chile.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: static files

2010-08-30 Thread Bradley Hintze 
I added:

AliasMatch /([^/]*\.gif)
/Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media/$1

and it worked. YAY!

On Mon, Aug 30, 2010 at 3:26 PM, Bradley Hintze
 wrote:
> OK,
>
> I followed http://code.google.com/p/modwsgi/wiki/IntegrationWithDjango
> and still sant seem to get my image up.
>
> hpptd.conf
>
> #WSGI stuff
> #
> Alias /media/ 
> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media/
>
>  /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media>
> Order deny,allow
> Allow from all
> 
>
> WSGIScriptAlias /
> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache/django.wsgi
>
>  /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache>
> Order deny,allow
> Allow from all
> 
>
> base.html
> ...
>
> 
>  
> 
>
> settings.py
>
> ...
> MEDIA_ROOT = 
> '/Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media/'
> MEDIA_URL = 'http://summit.research.duhs.duke.edu/media/'
> ...
>
> Any ideas? Or do you need mor info? if so, what?
>
>
> On Mon, Aug 30, 2010 at 3:09 PM, Bradley Hintze
>  wrote:
>> I think you just found my problem...lol. I'll let you know if I still
>> have problems
>>
>> On Mon, Aug 30, 2010 at 2:59 PM, Daniel Roseman  
>> wrote:
>>> On Aug 30, 7:26 pm, Bradley Hintze 
>>> wrote:
 Hi all,

 I have my site on a production server (apache) and am trying to get
 static files to be served but cannot get it to work (serving on the
 same server). Following the django documentation did not work, I
 edited the httpd.conf as described in the documentation but when I
 tried to restart the server the server quit and would not restart. The
 error log did'nt give any info as to why.

 I tried this (http://oebfare.com/blog/2007/dec/31/django-and-static-files/)
 which is very similar to the Django documentation but I get the same
 results as described above.

 Here are my httpd.contf settings.

 #Serving media files for django
 
     SetHandler python-program
     PythonHandler django.core.handlers.modpython
     SetEnv DJANGO_SETTINGS_MODULE mysite.settings
     PythonDebug On
 

 
     SetHandler None
 

 Alias /site_media/
 /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media
 
     SetHandler None
 

 WSGIScriptAlias /
 /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache/djang
  o.wsgi

 >>> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache>
 Order deny,allow
 Allow from all
 

 Any help would be appreciated.

 Thanks

 --
 Bradley J. Hintze
 Graduate Student
 Duke University
 School of Medicine
 801-712-8799
>>>
>>> Some weird stuff in that configuration file. You have directives for
>>> both mod_python and mod_wsgi. Which one are you using? (mod_wsgi is
>>> *strongly* recommended over mod_python.)
>>> --
>>> DR.
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups 
>>> "Django users" group.
>>> To post to this group, send email to django-us...@googlegroups.com.
>>> To unsubscribe from this group, send email to 
>>> django-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at 
>>> http://groups.google.com/group/django-users?hl=en.
>>>
>>>
>>
>>
>>
>> --
>> Bradley J. Hintze
>> Graduate Student
>> Duke University
>> School of Medicine
>> 801-712-8799
>>
>
>
>
> --
> Bradley J. Hintze
> Graduate Student
> Duke University
> School of Medicine
> 801-712-8799
>



-- 
Bradley J. Hintze
Graduate Student
Duke University
School of Medicine
801-712-8799

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: static files

2010-08-30 Thread Bradley Hintze 
OK,

I followed http://code.google.com/p/modwsgi/wiki/IntegrationWithDjango
and still sant seem to get my image up.

hpptd.conf

#WSGI stuff
#
Alias /media/ 
/Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media/


Order deny,allow
Allow from all


WSGIScriptAlias /
/Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache/django.wsgi


Order deny,allow
Allow from all


base.html
...


  


settings.py

...
MEDIA_ROOT = 
'/Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media/'
MEDIA_URL = 'http://summit.research.duhs.duke.edu/media/'
...

Any ideas? Or do you need mor info? if so, what?


On Mon, Aug 30, 2010 at 3:09 PM, Bradley Hintze
 wrote:
> I think you just found my problem...lol. I'll let you know if I still
> have problems
>
> On Mon, Aug 30, 2010 at 2:59 PM, Daniel Roseman  wrote:
>> On Aug 30, 7:26 pm, Bradley Hintze 
>> wrote:
>>> Hi all,
>>>
>>> I have my site on a production server (apache) and am trying to get
>>> static files to be served but cannot get it to work (serving on the
>>> same server). Following the django documentation did not work, I
>>> edited the httpd.conf as described in the documentation but when I
>>> tried to restart the server the server quit and would not restart. The
>>> error log did'nt give any info as to why.
>>>
>>> I tried this (http://oebfare.com/blog/2007/dec/31/django-and-static-files/)
>>> which is very similar to the Django documentation but I get the same
>>> results as described above.
>>>
>>> Here are my httpd.contf settings.
>>>
>>> #Serving media files for django
>>> 
>>>     SetHandler python-program
>>>     PythonHandler django.core.handlers.modpython
>>>     SetEnv DJANGO_SETTINGS_MODULE mysite.settings
>>>     PythonDebug On
>>> 
>>>
>>> 
>>>     SetHandler None
>>> 
>>>
>>> Alias /site_media/
>>> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media
>>> 
>>>     SetHandler None
>>> 
>>>
>>> WSGIScriptAlias /
>>> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache/djang 
>>> o.wsgi
>>>
>>> >> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache>
>>> Order deny,allow
>>> Allow from all
>>> 
>>>
>>> Any help would be appreciated.
>>>
>>> Thanks
>>>
>>> --
>>> Bradley J. Hintze
>>> Graduate Student
>>> Duke University
>>> School of Medicine
>>> 801-712-8799
>>
>> Some weird stuff in that configuration file. You have directives for
>> both mod_python and mod_wsgi. Which one are you using? (mod_wsgi is
>> *strongly* recommended over mod_python.)
>> --
>> DR.
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To post to this group, send email to django-us...@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> django-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/django-users?hl=en.
>>
>>
>
>
>
> --
> Bradley J. Hintze
> Graduate Student
> Duke University
> School of Medicine
> 801-712-8799
>



-- 
Bradley J. Hintze
Graduate Student
Duke University
School of Medicine
801-712-8799

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: static files

2010-08-30 Thread Bradley Hintze 
I think you just found my problem...lol. I'll let you know if I still
have problems

On Mon, Aug 30, 2010 at 2:59 PM, Daniel Roseman  wrote:
> On Aug 30, 7:26 pm, Bradley Hintze 
> wrote:
>> Hi all,
>>
>> I have my site on a production server (apache) and am trying to get
>> static files to be served but cannot get it to work (serving on the
>> same server). Following the django documentation did not work, I
>> edited the httpd.conf as described in the documentation but when I
>> tried to restart the server the server quit and would not restart. The
>> error log did'nt give any info as to why.
>>
>> I tried this (http://oebfare.com/blog/2007/dec/31/django-and-static-files/)
>> which is very similar to the Django documentation but I get the same
>> results as described above.
>>
>> Here are my httpd.contf settings.
>>
>> #Serving media files for django
>> 
>>     SetHandler python-program
>>     PythonHandler django.core.handlers.modpython
>>     SetEnv DJANGO_SETTINGS_MODULE mysite.settings
>>     PythonDebug On
>> 
>>
>> 
>>     SetHandler None
>> 
>>
>> Alias /site_media/
>> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media
>> 
>>     SetHandler None
>> 
>>
>> WSGIScriptAlias /
>> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache/djang 
>> o.wsgi
>>
>> > /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache>
>> Order deny,allow
>> Allow from all
>> 
>>
>> Any help would be appreciated.
>>
>> Thanks
>>
>> --
>> Bradley J. Hintze
>> Graduate Student
>> Duke University
>> School of Medicine
>> 801-712-8799
>
> Some weird stuff in that configuration file. You have directives for
> both mod_python and mod_wsgi. Which one are you using? (mod_wsgi is
> *strongly* recommended over mod_python.)
> --
> DR.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.
>
>



-- 
Bradley J. Hintze
Graduate Student
Duke University
School of Medicine
801-712-8799

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

{% csrf_token %} template tag not outputting the hidden field

2010-08-30 Thread Erik 
Hi Django Users-
 I'm having trouble with the {% csrf_token %} tag.
 On my site I have a regular login view / page / url, which uses
the django contrib registration app.  I include the CSRF token in my
login template and it works fine.
 I'd also like a little login box in the corner of every page,
which will either show a login form or a "you're logged in!" message
depending on whether the user is logged in.  So, I wrote a little form
into my base.html template that other templates inherit from; and I
stuck the {% csrf_token %} tag in there as well.
 The part I don't understand is, if I load the login url in the
browser ( mysite.com/login/ ) both forms work, I can login with them,
and when I view the source the CSRF token tag has put a hidden field
into my form.
 However, when I'm on any other page - for example the front page
- the token tag just leaves a blank space and doesn't output anything,
but it doesn't give me an error message on loading the page - as it
would when I try to use a token tag that doesn't exist - such as {%
faketokentag  %}.  Of course, because the csrf token tag doesn't
create any output (in the HTML source generated) when the form is
submitted the CSRF error occurs.
 I'm rendering all such pages with the generic view
direct_to_template , which, because it's a generic view, the
documentation suggests should just work with CSRF.
 Does anyone have any suggestions?

Thank you,
Erik

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: static files

2010-08-30 Thread Daniel Roseman 
On Aug 30, 7:26 pm, Bradley Hintze 
wrote:
> Hi all,
>
> I have my site on a production server (apache) and am trying to get
> static files to be served but cannot get it to work (serving on the
> same server). Following the django documentation did not work, I
> edited the httpd.conf as described in the documentation but when I
> tried to restart the server the server quit and would not restart. The
> error log did'nt give any info as to why.
>
> I tried this (http://oebfare.com/blog/2007/dec/31/django-and-static-files/)
> which is very similar to the Django documentation but I get the same
> results as described above.
>
> Here are my httpd.contf settings.
>
> #Serving media files for django
> 
>     SetHandler python-program
>     PythonHandler django.core.handlers.modpython
>     SetEnv DJANGO_SETTINGS_MODULE mysite.settings
>     PythonDebug On
> 
>
> 
>     SetHandler None
> 
>
> Alias /site_media/
> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media
> 
>     SetHandler None
> 
>
> WSGIScriptAlias /
> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache/djang 
> o.wsgi
>
>  /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache>
> Order deny,allow
> Allow from all
> 
>
> Any help would be appreciated.
>
> Thanks
>
> --
> Bradley J. Hintze
> Graduate Student
> Duke University
> School of Medicine
> 801-712-8799

Some weird stuff in that configuration file. You have directives for
both mod_python and mod_wsgi. Which one are you using? (mod_wsgi is
*strongly* recommended over mod_python.)
--
DR.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: static files

2010-08-30 Thread Łukasz Rekucki 
On 30 August 2010 20:26, Bradley Hintze  wrote:
> Hi all,
>
> I have my site on a production server (apache) and am trying to get
> static files to be served but cannot get it to work (serving on the
> same server). Following the django documentation did not work, I
> edited the httpd.conf as described in the documentation but when I
> tried to restart the server the server quit and would not restart. The
> error log did'nt give any info as to why.
>
> I tried this (http://oebfare.com/blog/2007/dec/31/django-and-static-files/)
> which is very similar to the Django documentation but I get the same
> results as described above.
>
> Here are my httpd.contf settings.
>
> #Serving media files for django
> 
>    SetHandler python-program
>    PythonHandler django.core.handlers.modpython
>    SetEnv DJANGO_SETTINGS_MODULE mysite.settings
>    PythonDebug On
> 
>
> 
>    SetHandler None
> 
>
> Alias /site_media/
> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media
> 
>    SetHandler None
> 
>
> WSGIScriptAlias /
> /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache/django.wsgi
>
>  /Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache>
> Order deny,allow
> Allow from all
> 
>
> Any help would be appreciated.
>
> Thanks
>
> --
> Bradley J. Hintze
> Graduate Student
> Duke University
> School of Medicine
> 801-712-8799
>
It looks like your trying to use both mod_python and mod_wsgi on the same path ?

-- 
Łukasz Rekucki

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Staticstic app, ask for idea.

2010-08-30 Thread hollando 
I want to make a statistic app.
There is a float field in my model(table).I want to use a chart to
show what's the percentage in each range.
Any suggestion to make such and app that can fit into django model.
Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Staticstic app, any suggestion?

2010-08-30 Thread romi.lucian 
I want to make a statistic app.
There is a float field in my model(table). I want to use a chart to
show what's the percentage in each range.
Any suggestion to make such and app that can fit into django model. Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: manage.py: syncdb/sql do not pick up models from custom directory structure

2010-08-30 Thread Dan 
On 30 Aug., 13:56, Daniel Roseman  wrote:
> In your lib/models/__init__.py, do `from FooModels import *` for each
> model file.
OK, that does the trick. When I import the models in lib/__init__.py
they are being recognized by the manage.py script. I guess I could
just look for *.py files in lib/models and import them automatically -
a bit dirty but this seems to work.

On 30 Aug., 16:10, Alex Robbins  wrote:
> If you define your models somewhere django doesn't expect, I think you
> need to add the app_label in the model's Meta class.
Yeah, I know. I already set the app_label for my models beforehand.


Thanks for the advice!


Regards,
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: urlencode in Django

2010-08-30 Thread Shawn Milochik 
This a Python question, not a Django question.

import urllib
urllib.quote("+ ñ ó")
'%2B%20%C3%B1%20%C3%B3'

Shawn

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

static files

2010-08-30 Thread Bradley Hintze 
Hi all,

I have my site on a production server (apache) and am trying to get
static files to be served but cannot get it to work (serving on the
same server). Following the django documentation did not work, I
edited the httpd.conf as described in the documentation but when I
tried to restart the server the server quit and would not restart. The
error log did'nt give any info as to why.

I tried this (http://oebfare.com/blog/2007/dec/31/django-and-static-files/)
which is very similar to the Django documentation but I get the same
results as described above.

Here are my httpd.contf settings.

#Serving media files for django

SetHandler python-program
PythonHandler django.core.handlers.modpython
SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonDebug On



SetHandler None


Alias /site_media/
/Users/bradleyhintze/djcode/production/MolProbity_Compare_test/media

SetHandler None


WSGIScriptAlias /
/Users/bradleyhintze/djcode/production/MolProbity_Compare_test/apache/django.wsgi


Order deny,allow
Allow from all


Any help would be appreciated.

Thanks

-- 
Bradley J. Hintze
Graduate Student
Duke University
School of Medicine
801-712-8799

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: urlencode in Django

2010-08-30 Thread Felix Dreissig 
The urlquote() function from django.utils.http and the "urlencode" template filter might be exactly 
what you're looking for.


Regards,
Felix


refreegrata schrieb:

Hello lista, I'm a newbie in django. In php i have the  urlencode
function for encoding an url with characters "+","ñ","ó",  Has
Django an urlencode or similar function?

Thanks for read, and sorry my bad english

P.D.: django 1,2.1



--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

set utf8 as default database char set

2010-08-30 Thread elim 
In my MySQL's my.ini, I have

default-character-set=latin1

But I like to use utf-8 for all my Django projects. What I should set
in settings.py?

Thanks a lot.

===I just get Django installed, not even done with the 1st tutorial

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: urlencode in Django

2010-08-30 Thread Alexandre González 
example from one of my codes...

import urllib

parameters = ({'langpair': '%s|%s' % (self.detected_language, 'en'),
  'v': '1.0',
  'q': self.words_list.encode('utf-8') })

urllib.urlencode(parameters)


but what do you need this? Becasue you can find a more easy reply that uses
urlencode.

lista? Are you from Spain? Me too :p

On Mon, Aug 30, 2010 at 18:22, refreegrata  wrote:

> Hello lista, I'm a newbie in django. In php i have the  urlencode
> function for encoding an url with characters "+","ñ","ó",  Has
> Django an urlencode or similar function?
>
> Thanks for read, and sorry my bad english
>
> P.D.: django 1,2.1
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>


-- 
Please, don't send me files with extensions: .doc, .docx, .xls, .xlsx, .ppt
and/or .pptx

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Overriding flatpages class meta

2010-08-30 Thread Owen Nelson 
Sorry to be guessing here, but I was looking at something similar recently.
My attempt (untested at this point) would be something like:

from copy import copy
class NewFlatpage(FlatPage):
_meta = copy(FlatPage._meta)
_meta.verbose_name_plural = "foo"

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Surreptitious caching of JS in Django

2010-08-30 Thread buddhasystem 

Hello,
with the generous help of many of you, I easily set up JSON caching feature
in my Django app, in a few views.

The problem I'm now facing is that according to what I observe, Django also
caches Javascript code in its memcached backend. While this is a welcome
behavior in a deployed app, it makes development quite a pain -- I need to
flush cache after any code update and therefore wait for the lengthy DB
interaction to happen...

Is this a known behavior? Can it be defeated? I statically serve JS:

urlpatterns += patterns("", (r'^include/(?P.*)$',
'django.views.static.serve', {'document_root': INCLUDE_DIR}),)

TIA!

-- 
View this message in context: 
http://old.nabble.com/Surreptitious-caching-of-JS-in-Django-tp29575393p29575393.html
Sent from the django-users mailing list archive at Nabble.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: prepopulated_fields do not work at all Django 1.2

2010-08-30 Thread Goran 
Finally problem is fixed. In the admin/media/js was been files from
Django 1.1 after uplod 1.2 files everything works as expected.



On Aug 30, 6:52 pm, Goran  wrote:
> I agree with you but it is the situation. I didn't know Django version
> on the production server (shared) before I run the project.
>
> On Aug 30, 10:00 am, bruno desthuilliers
>
>  wrote:
> > Not really an answer to your question, but you should definitly dev
> > using the the same versions of Django and any third-part app - at
> > least you'd have a chance to find out what happens when something goes
> > wrong.
>
> > On 29 août, 23:58, Goran  wrote:
>
> > > I have strange problem, on my development server everything is fine
> > > but I'm use Django 1.1 but on the production server (Django 1.2)
> > > prepopulated_fields don't work. Does anyone have the same problem? Any
> > > suggestion?
>
> > > class UniverzitetAdmin(admin.ModelAdmin):
> > >     prepopulated_fields = {"url": ("naziv",)}
>
> > > admin.site.register(Univerzitet, UniverzitetAdmin)
>
> > > Thanks
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Model validation for non-django-orm databases

2010-08-30 Thread Owen Nelson 
Sounds good.  Thanks for the advice!

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Overriding flatpages class meta

2010-08-30 Thread Goran 
I was try

class Meta(FlatPage.Meta):

but when runserver there is following error:

AttributeError: type object 'FlatPage' has no attribute 'Meta'

any other solution to try?

Thanks




On Aug 30, 12:53 am, Steve Holden  wrote:
> On 8/29/2010 6:51 PM, Goran wrote:
>
> > Thanks for the answer Steve. I'm Django and Python novice and here is
> > what I was try. But it doesn't work.
>
> > from django.contrib.flatpages.models import FlatPage
>
> >classNewFlatpage(FlatPage):
>
> >    classMeta:
>
> TheMetaclasswould need to subclass FlatPage.Meta, otherwise it won't
> have the necessary FlatPage special sauces. I don't guarantee even that
> will work, but try
>
> classNewFlatpage(FlatPage):
>
>    classMeta(FlatPage.Meta):
>         verbose_name_plural = "New_name"
>
> regards
>  Steve
>
>
>
> >         verbose_name_plural = "New_name"
>
> > On Aug 26, 4:39 am, Steve Holden  wrote:
> >> On 8/25/2010 8:26 PM, Goran wrote:> I need another verbose_name_plural for 
> >> Flat pages so i need to
> >>> overrideclassmetafor it right? How can I do that?
>
> >> [Caveat: this is a guess from general Python knowledge]
>
> >> Have you tried creating a subclass of Flatpage, whose body simply
> >> declares aMetaclasswhich is a subclass of Flatpage.Meta?
>
> >> regards
> >>  Steve
> >> --
> >> DjangoCon US 2010 September 7-9http://djangocon.us/
>
> --
> DjangoCon US 2010 September 7-9http://djangocon.us/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: prepopulated_fields do not work at all Django 1.2

2010-08-30 Thread Goran 
I agree with you but it is the situation. I didn't know Django version
on the production server (shared) before I run the project.



On Aug 30, 10:00 am, bruno desthuilliers
 wrote:
> Not really an answer to your question, but you should definitly dev
> using the the same versions of Django and any third-part app - at
> least you'd have a chance to find out what happens when something goes
> wrong.
>
> On 29 août, 23:58, Goran  wrote:
>
> > I have strange problem, on my development server everything is fine
> > but I'm use Django 1.1 but on the production server (Django 1.2)
> > prepopulated_fields don't work. Does anyone have the same problem? Any
> > suggestion?
>
> > class UniverzitetAdmin(admin.ModelAdmin):
> >     prepopulated_fields = {"url": ("naziv",)}
>
> > admin.site.register(Univerzitet, UniverzitetAdmin)
>
> > Thanks
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

urlencode in Django

2010-08-30 Thread refreegrata 
Hello lista, I'm a newbie in django. In php i have the  urlencode
function for encoding an url with characters "+","ñ","ó",  Has
Django an urlencode or similar function?

Thanks for read, and sorry my bad english

P.D.: django 1,2.1

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Custom attributes in Django

2010-08-30 Thread Beres Botond 
Hi Sebastian,

I suppose you are trying to do something like this?

class CustomAttributes(models.Model):
name = models.CharField(max_length=30)
value = models.CharField(max_length=50)

class ObjectWithCustom(models.Model):
name = models.CharField(max_length=30)
attributes = models.ManyToManyField(CustomAttributes)

new_attr = o.attributes.create(name='custom_attr', value='value')

ObjectWithCustom.objects.filter(attributes__value='value')

For more info about many-to-many check out docs:
http://www.djangoproject.com/documentation/models/many_to_many/
Maybe describe in some detail what you are trying to accomplish (in
terms of resulting functionality), as this might not necessarily be
the best way to do it.

Cheers,

Béres Botond

On Aug 30, 5:54 pm, Sebastian Pawlus 
wrote:
> Hi
>
> Maybe im looking in wrong places or maybe there is no application to
> cover functionality of carrying custom/admin defined attributes, or
> maybe it isn't even possible.
>
> Use Case could looks like
> Defining models
>
> from customr_attr import models
>
> class ObjectWithCustom(models.Model):
>      name = models.CharField(max_length=30)
>
> o = ObjectWithCustom.objects.create(name='test')
> o.custom_attr.create(name='custom_attr', value='value')
>
> >> o.custom_attr
>
> value
>
> >> ObjectWithCustom.objects.filter(custom_attr='value')
>
> [o]
>
> any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: How to display the user profile in the admin interface?

2010-08-30 Thread João Rodrigues 
Thanks, I did run syncdb and added myapp to the INSTALLED_APPS.
"Company" appears in the admin interface under myapp.

But what I wanted to do is to show the UserProfile fields in the
Add/Change user page.

I was thinking in subclassing django.contrib.auth.admin.UserAdmin and
adding the UserProfile fields to the fieldsets, unregister(User) and
register(User, UserWithProfileFields)

is there another way?

On 30 August 2010 16:30, Sithembewena Lloyd Dube  wrote:
> Don't forget to run manage.py syncdb to create table/s for your model/s.
>
> On Mon, Aug 30, 2010 at 5:28 PM, Sithembewena Lloyd Dube 
> wrote:
>>
>> Hi João,
>>
>> Add myapp.UserProfile to the INSTALLED_APPS global variable of your
>> settings.py file, and in your admin.py file, import the model/s.
>>
>> On Mon, Aug 30, 2010 at 5:04 PM, João Rodrigues 
>> wrote:
>>>
>>> I have a company model
>>>
>>> class Company(models.Model):
>>>    name = models.CharField(max_length=50)
>>>    address = models.TextField()
>>>    phone = models.CharField(max_length=15)
>>>    fax = models.CharField(max_length=15)
>>>
>>> and I wanted to associate each user to a company, so I read
>>>
>>> http://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users
>>> added AUTH_PROFILE_MODULE = "myapp.UserProfile" to settings.py and
>>> created a UserProfile model
>>>
>>> class UserProfile(models.Model):
>>>    user = models.OneToOneField(User)
>>>    company = models.OneToOneField(Company)
>>>
>>>
>>> How do I make it appear in the admin interface?
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Django users" group.
>>> To post to this group, send email to django-us...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> django-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/django-users?hl=en.
>>>
>>
>>
>>
>> --
>> Regards,
>> Sithembewena Lloyd Dube
>> http://www.lloyddube.com
>
>
>
> --
> Regards,
> Sithembewena Lloyd Dube
> http://www.lloyddube.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Is there a way to dumpdata truncate to last n lines?

2010-08-30 Thread Beres Botond 
Hi Steven,

You can use the django-test-utils app, more specifically it's
"makefixture" command, then you can just dump a single model instance
if you want. Or a subset of model instances.
You can see it here:
http://github.com/ericholscher/django-test-utils/blob/master/test_utils/management/commands/makefixture.py

Cheers,

Botond

On Aug 30, 5:47 pm, rh0dium  wrote:
> Hi Folks,
>
> Is there anyway to dump the last 'n' lines of the db.  I like to build
> test fixtures but with 3M lines it's a bit much...
>
> Thanks
>
> ---
>
> Steven M. Klass
>
> ☎ 1 (480) 225-1112
> ✉ skl...@pointcircle.com

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Pass extra data in post_save?

2010-08-30 Thread Bill Freeman 
If you have control of the sending model, you can, so long as you
avoid field and method names, just add a reference to the user to the
instance.

   inst.user = request.user

Since it's not a field, it won't affect the saving of the instance,
but it will be there in the instance passed in the signal.

Bill

On Sun, Aug 29, 2010 at 9:12 AM, bruno desthuilliers
 wrote:
> On 27 août, 18:07, AK  wrote:
>> From what I can tell in the documentation, a post_save signal only
>> passes sender, instance, created, and using.  I would love to use this
>> signal to update information in the instance, such as the datetime of
>> when it was saved.
>
> Just add a datetime field with 'autonow=True', it will work OOTB.
>
>>  This would be fine, except that I want to also
>> keep track of the user who made the save (from request.user).
>
> If you want request.user, you need to have access to the request
> object. IOW, you have to do this by yourself in your views.
>
>
>>  What is
>> the best way to get this information to a post-save signal?
>
> The best way is to avoid using post_save for such things - what do you
> think will happen if you call instance.save on the instance passed to
> a post_save signal ?-)
>
>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: How to display the user profile in the admin interface?

2010-08-30 Thread Sithembewena Lloyd Dube 
Don't forget to run manage.py syncdb to create table/s for your model/s.

On Mon, Aug 30, 2010 at 5:28 PM, Sithembewena Lloyd Dube
wrote:

> Hi João,
>
> Add myapp.UserProfile to the INSTALLED_APPS global variable of your
> settings.py file, and in your admin.py file, import the model/s.
>
>
> On Mon, Aug 30, 2010 at 5:04 PM, João Rodrigues wrote:
>
>> I have a company model
>>
>> class Company(models.Model):
>>name = models.CharField(max_length=50)
>>address = models.TextField()
>>phone = models.CharField(max_length=15)
>>fax = models.CharField(max_length=15)
>>
>> and I wanted to associate each user to a company, so I read
>>
>> http://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users
>> added AUTH_PROFILE_MODULE = "myapp.UserProfile" to settings.py and
>> created a UserProfile model
>>
>> class UserProfile(models.Model):
>>user = models.OneToOneField(User)
>>company = models.OneToOneField(Company)
>>
>>
>> How do I make it appear in the admin interface?
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To post to this group, send email to django-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-users+unsubscr...@googlegroups.com
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>>
>
>
> --
> Regards,
> Sithembewena Lloyd Dube
> http://www.lloyddube.com
>



-- 
Regards,
Sithembewena Lloyd Dube
http://www.lloyddube.com

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: How to display the user profile in the admin interface?

2010-08-30 Thread Sithembewena Lloyd Dube 
Hi João,

Add myapp.UserProfile to the INSTALLED_APPS global variable of your
settings.py file, and in your admin.py file, import the model/s.

On Mon, Aug 30, 2010 at 5:04 PM, João Rodrigues wrote:

> I have a company model
>
> class Company(models.Model):
>name = models.CharField(max_length=50)
>address = models.TextField()
>phone = models.CharField(max_length=15)
>fax = models.CharField(max_length=15)
>
> and I wanted to associate each user to a company, so I read
>
> http://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users
> added AUTH_PROFILE_MODULE = "myapp.UserProfile" to settings.py and
> created a UserProfile model
>
> class UserProfile(models.Model):
>user = models.OneToOneField(User)
>company = models.OneToOneField(Company)
>
>
> How do I make it appear in the admin interface?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>


-- 
Regards,
Sithembewena Lloyd Dube
http://www.lloyddube.com

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Model validation for non-django-orm databases

2010-08-30 Thread David De La Harpe Golden 
On 30/08/10 15:12, Owen Nelson wrote:

>  I just started to wonder if the ORM would, I don't
> know... "freak out" on the off-chance I run a query that returns a set of
> objects with duplicate values on what is supposed to be the pk.

Nah, you just get multiple objects back with the same "pk", mapped from
different rows. At least, at the moment...

But therefore one other thing to watch out for is that such multiple
objects themselves will, unless you take further steps, compare True
under '==', even if they really represent different rows in the
underlying db, since django basically checks if self.pk == other.pk [1]

# this is a model wrapping a table with a key (bug_id, field_id),
# and field_id is the arbitrarily chosen fake pk for ORM purposes
l = PMSM_CustomFieldString.objects.filter(field_id=4)
a = l[0]
b = l[1]
# those are definitely different objects for different rows, but:
print a.bug_id == b.bug_id
False
print a is b
False
print a == b
True

And also watch out for things like hashing, as a few lines below [1]
shows, django also similarly uses the pk as the __hash__ of such objects.

If you're anything like us, you're probably just iterating through
queryset results to suck data out, so it doesn't matter too much. You
could just make sure to use field values from the objects, not the
object itself, or maybe overriding the relevant __blah__ would work.

Mind you, if you do have very complicated needs, do also bear in mind a
whole other library, SQLAlchemy, does have composite field support, it's
just generally more complex than Django ORM.

[1]
http://code.djangoproject.com/browser/django/trunk/django/db/models/base.py#L355

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread dave b 
/me rolls eyes.
You have a valid point re /tmp, sorry I am used to mounting /tmp as
/tmpfs - my mistake :)
Ok lets be *really* clear the security problem still exists.
An attack can in the limits set on the maximum post by the httpd /
module in use upload a large file.


> I don't actually use Django so not 100% sure, but yes there possibly
> isn't an equivalent of LimitRequestBody definable within Django unless
> can be done with middleware.

Ok so you don't even use django, ok...
You know I think I missed your presentation at pycon-au.

>
> So, yes it may make sense for Django to have a fail safe and allow you
> to specify a maximum on upload size if it doesn't already, but that is
> only of use where you haven't set up your production web server
> properly to protect you from abuses, something you should be doing.

Yes and  imho it should be in django by default, not up to end django
users to figure out.
Secure by default please!

>
> Anyway, I would have to agree with Russell, you are simply not making
> yourself clear enough and to added to that seem to keep echoing
> statements that have been refuted.

If you say so. I was pushing some other(more aggressive) impacts in
exotic configurations with custom httpd etc. .


> For the third time I ask you whether you have actually gone and tested
> your hypothesis and can provide a working test case that demonstrates
> the problem.
Ok. Look. You don't use django.
1. Try this - go to the django website
http://docs.djangoproject.com/en/dev/intro/tutorial01/

2. and follow the tutorial 1 (and  also do 2 ) when it says put the
poll file like this:
from django.db import models

class Poll(models.Model):
question = models.CharField(max_length=200)
pub_date = models.DateTimeField('date published')

class Choice(models.Model):
poll = models.ForeignKey(Poll)
choice = models.CharField(max_length=200)
votes = models.IntegerField()

put this instead:

from django.db import models
import datetime

class Poll(models.Model):
question = models.CharField(max_length=200)
pub_date = models.DateTimeField('date published')
filed = models.FileField(upload_to="tmp/")
def __unicode__(self):
return self.question
def was_published_today(self):
return self.pub_date.date() == datetime.date.today()


class Choice(models.Model):
poll = models.ForeignKey(Poll)
choice = models.CharField(max_length=200)
votes = models.IntegerField()
filed = models.FileField(upload_to="tmp/")
def __unicode__(self):
return self.choice

Ok still following?
well you finish the tutorial(s) now and then you try to upload a file right?
So you start uploading the file. Now because (I assume you are still
using the django built in webserver) why don't you play with this a
bit, start uploading say 10 1gb files(all at once) then stop them(all)
at around say 700mb~ in.
Have fun! (obviously you should go further than this and try with
apache setup etc.).

> FWIW, there are much simpler ways to bring a site down than this. I
> suggest you go research Slowloris.
I know about this attack, but I can use my attack against those who
are not using apache.
What do you say to this ?

Here you should get one of these -->
http://www.flickr.com/photos/chrisjrn/4740021871/sizes/l/
Isn't it cute?

--
Small things make base men proud.   -- William Shakespeare, "Henry 
VI"

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

How to display the user profile in the admin interface?

2010-08-30 Thread João Rodrigues 
I have a company model

class Company(models.Model):
name = models.CharField(max_length=50)
address = models.TextField()
phone = models.CharField(max_length=15)
fax = models.CharField(max_length=15)

and I wanted to associate each user to a company, so I read
http://docs.djangoproject.com/en/dev/topics/auth/#storing-additional-information-about-users
added AUTH_PROFILE_MODULE = "myapp.UserProfile" to settings.py and
created a UserProfile model

class UserProfile(models.Model):
user = models.OneToOneField(User)
company = models.OneToOneField(Company)


How do I make it appear in the admin interface?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Geodjango + Docstrings

2010-08-30 Thread David Z 
Hello,

I can't generate docs from my docstrings for geographic models w/
geodjango.  I opened this bug, with a really simple test case:

http://code.djangoproject.com/ticket/14183

Is this a good test case? Is there anything else I can do to assist in
this bug's resolution?

Thanks,
z

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Custom attributes in Django

2010-08-30 Thread Sebastian Pawlus 
Hi

Maybe im looking in wrong places or maybe there is no application to
cover functionality of carrying custom/admin defined attributes, or
maybe it isn't even possible.

Use Case could looks like
Defining models

from customr_attr import models

class ObjectWithCustom(models.Model):
 name = models.CharField(max_length=30)

o = ObjectWithCustom.objects.create(name='test')
o.custom_attr.create(name='custom_attr', value='value')

>> o.custom_attr
value

>> ObjectWithCustom.objects.filter(custom_attr='value')
[o]

any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Is there a way to dumpdata truncate to last n lines?

2010-08-30 Thread rh0dium 
Hi Folks,

Is there anyway to dump the last 'n' lines of the db.  I like to build
test fixtures but with 3M lines it's a bit much...


Thanks


---

Steven M. Klass

☎ 1 (480) 225-1112
✉ skl...@pointcircle.com

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: GeoDjango: default 4326 SRID doesn't work for transform()

2010-08-30 Thread kyleduncan 
Hi,

thanks for the tips! to answer your questions:

1. our model doesnt specify a coordinate system, it just saves the lat
and lng that are returned from google maps.
2. i thought transforming had to be done to make a lat/lng point
"spatial" before distance was calculated. have i got that wrong?
3. i'm not actually sure we even have a "geodatabase". all we have are
pointfields in the model for users, which save the lat/lng points from
google.

i'm not really capable enough to know how to proceed on my own from
your points, but for now i'll try removing the transform() (and also
placing it after) and i'll also specify the transform SRID of 900973
(is that the SRID for google or are you talking about something else
with that number?)

thanks again

Kyle

On Aug 30, 9:16 am, Reinout van Rees  wrote:
> On 08/29/2010 07:45 PM, kyleduncan wrote:
>
> > Hi all,
>
> > I am trying to do obtain the distance between two users on my site,
> > using code I found in this group. We already have geoDjango installed,
> > though i'm wondering if my problem comes from being on an old version
> > (i dont know which version we're using - if somebody could tell me how
> > to check that would be great). We are running Django 1.1
>
> Well, then you're using the geodjango bundled with django 1.1.  I don't
> remember seeing big changes in django 1.2's changelog regarding
> geodjango.  So you ought to be OK with that.
>
>
>
> > the code i am using is:
>
> > from django.contrib.gis.geos import Point
> > from django.contrib.gis.measure import D
>
> > my_location = request.user.get_profile().location
> >              their_location = other_user.get_profile().location
>
> >              my_location.transform(4326)
> >              their_location.transform(4326)
> >              distance = my_location.distance(their_location)
>
> >              if request.user.get_profile().get_preferences().use_metric
> > == 1:
> >                  distance_result =
> > round(D(m=my_location.distance(their_location)).km, 1)
> >              else:
> >                  distance_result =
> > round(D(m=my_location.distance(their_location)).mi, 1)
>
> > the last section is just a check to see whether the user wants the
> > result in miles or km. the bit that's troubles me is the transform()
> > section. if i put in 4326, i just get 0.0 as the result. if i put in
> > nothing so it's just transform() (which i understand should use 4326),
> > i get this django Error:
>
> > TypeError at /members/GayHopHelper/
>
> > transform() takes at least 2 arguments (1 given)
>
> > the only thing that works so far is using SRID 32140, which is for
> > south texas. the results seem ok but definitely a bit inaccurate,
> > which is to be expected.
>
> I only recently started using geodjango, so I'll just spit out a few
> brainstormy ideas without any real solution:
>
> - What's the coordinate system of your user's location data?
>
> - Why transforming before grabbing the distance? Can't you transform
> afterwards?
>
> - If you're using the google projection somewhere: did you add it to
> your geo database?  There's a note somewhere in geodjango's doc about
> that 900973 projection.  Not having it could throw off a calculation.
>
> - There's also a hint in that doc about a NULL projection that you need
> to add to your proj4 or whatever files to enable proper transformations.
>
> Just a brainstorm to get you started ;-)
>
> Reinout
>
> --
> Reinout van Rees - rein...@vanrees.org -http://reinout.vanrees.org
> Collega's gezocht!
> Django/python vacature in Utrecht:http://tinyurl.com/35v34f9

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Model validation for non-django-orm databases

2010-08-30 Thread Owen Nelson 
> With the hack i think you mean, it doesn't matter, just pick one, the
> point of the hack is you just shamelessly lie to the django ORM. So make
> sure to make your model ummanaged and _don't_ try to save.
>

Excellent.  Yeah, I'd been planning on overriding save() to make it raise
NotImplementedError (it's a read-only database after all).


> I'm not sure about django 1.2+ model validation with the hack, though,
> or even just django 1.2.  We use the hack - but presently with 1.1.
>

Good deal.  I'd be targeting 1.2+ so I'll just have to wait and see I guess.


Looking at the docs, you're presumably not using a ModelForm, and if
> you're explicitly using Model.full_clean() or clean_fields() you can
> probably pass in an exclude=... to exclude the field(s) that you're
> lying to django about if need be.  Based on the docs rather than
> experience, I don't think django model calls validators on initial
> load/init, it has to be by ModelForm calling them on the model, or just
> explictly calling one of the model clean methods.
>

Ok, great.  If validation only takes place during operations normally
associated with insert/update (like ModelForm.save(), or Model.save()), I
should be good to go.  I just started to wonder if the ORM would, I don't
know... "freak out" on the off-chance I run a query that returns a set of
objects with duplicate values on what is supposed to be the pk.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: manage.py: syncdb/sql do not pick up models from custom directory structure

2010-08-30 Thread Alex Robbins 
If you define your models somewhere django doesn't expect, I think you
need to add the app_label in the model's Meta class.

http://docs.djangoproject.com/en/1.2/ref/models/options/#app-label

They mention the models submodule use case in the docs.

Hope that helps,
Alex

On Aug 30, 6:56 am, Daniel Roseman  wrote:
> On Aug 30, 7:46 am, Dan  wrote:
>
>
>
> > On 30 Aug., 08:26, Kenneth Gonsalves  wrote:> import 
> > lib.models
>
> > > from lib.models import * - you may get an error here
>
> > Both commands work without giving any error messages. However they do
> > not actually import anything, since the models reside in seperate
> > files in the models subdir and need to be imported by "import
> > lib.models.ModelFileName". If you do not know what I am talking about,
> > this is what I mean:
>
> >http://www.nomadjourney.com/2009/11/splitting-up-django-models/
>
> > Any other ideas?
>
> > Regards,
> > Dan
>
> In your lib/models/__init__.py, do `from FooModels import *` for each
> model file.
> --
> DR.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Мобильная версия

2010-08-30 Thread Sergey Panfilov 
Please, fix encoding of your message.

On Aug 30, 1:46 am, Anton Bessonov  wrote:
> - . ,
> Σ
> " / ".
> .
>
>
>
> > , ,
> > , , ,
> > , .
> > ?
> > User Agent'
> > User Agent
> > ?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Мобильная версия

2010-08-30 Thread Sergey Panfilov 
Hm, I thought it was django-mobile, however I've checked the link and
description reminds me that project. By the way, there's also a django-
wurfl at github: http://github.com/clement/django-wurfl. The latest
commit was on January 21, 2010.

On Aug 29, 9:30 pm, Aspontus  wrote:
> You probably meanhttp://code.google.com/p/djangobile/
> But it seems it was last updated about a year ago.
> Anyway I hope it helps.
> Cheers
>
> On 28 Sie, 15:56, Sergey Panfilov  wrote:
>
>
>
> > Замучаетесь поддерживать список user-agent. По-моему, я видел
> > приложение django-mobile, которое использует базу данных wurfl.
>
> > On 27 авг, 05:42, Vanger - irk  wrote:
>
> > > не могу понять, как лучше реализовать определение того, что человек
> > > зашел сейчас с мобилы, и что мне нужно подсунуть ему мобильную
> > > версию ?
> > > Может быть кто-то уже реализовывал эти моменты?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Bidirectional syncdb and fixtures save

2010-08-30 Thread Alexandre González 
Hi!

I'm developing a little project, so I'm using sqlite at the moment only to
test... when I change something on my model most times I must delete my
db.sqlite and create it again with syncdb to the changes made effect...

Is it any module or another way to automagically create the fields (or erase
it) when we was working with models?

And another question, can I save a content on the DB in a fixture file? I'm
using fixture files but I created it manually.

Excuse my english.

-- 
Please, don't send me files with extensions: .doc, .docx, .xls, .xlsx, .ppt
and/or .pptx

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Model validation for non-django-orm databases

2010-08-30 Thread David De La Harpe Golden 
On 30/08/10 06:07, onelson wrote:

> I've read that a "hack" around this kind of issue is to use the meta
> unique_together property and almost arbitrarily set primary_key on one
> of the fields.  That sounds great, except for the fact that I've got
> no guarantee that any given field will actually be unique -- which
> column do I add the primary_key to? 

With the hack i think you mean, it doesn't matter, just pick one, the
point of the hack is you just shamelessly lie to the django ORM. So make
sure to make your model ummanaged and _don't_ try to save.

N.B. I would assume that you're thoroughly on your own with this hack, I
wouldn't expect django to officially support it. Maybe one day someone
will make something like (for argument's sake)

foo = models.PositiveIntegerField()
bar = models.PositiveIntegerField()
foobar = models.CompositeField(['foo', 'bar'], primary_key=True)

work, but right now it doesn't.

> loads/validates I'm happy.

I'm not sure about django 1.2+ model validation with the hack, though,
or even just django 1.2.  We use the hack - but presently with 1.1.

Looking at the docs, you're presumably not using a ModelForm, and if
you're explicitly using Model.full_clean() or clean_fields() you can
probably pass in an exclude=... to exclude the field(s) that you're
lying to django about if need be.  Based on the docs rather than
experience, I don't think django model calls validators on initial
load/init, it has to be by ModelForm calling them on the model, or just
explictly calling one of the model clean methods.


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: deployment problem gotcha

2010-08-30 Thread Graham Dumpleton 


On Aug 30, 5:36 pm, Mike Dewhirst  wrote:
> I had an admin media problem finding base.css in deploying an app from
> the Django (svn head) dev server on Windows to Apache 2.2 on Linux
>
> Because I had prepared this email ready to ask for help, I'm posting it
> anyway with the hope that it helps someone.
>
> Everything else was working. Firebug was saying it couldn't find
> base.css and I couldn't see anything wrong with the following excerpts
> from settings.py and vhosts.conf:
>
> ... from settings.py ...
>
> MEDIA_ROOT = '/srv/www/ccm/htdocs/static'
> MEDIA_URL = '/static/'
> ADMIN_MEDIA_ROOT =
> '/usr/local/lib64/python/site-packages/django/contrib/admin/media/'
> ADMIN_MEDIA_PREFIX = '/media/'
>
> ... from vhosts.conf  ...
>
> Alias /media/
> /usr/local/lib64/python/site-packages/django/contrib/admin/media

You are missing a trailing slash on filesystem path which may be a
cause of problems.

> 
>    AllowOverride None
>    Order deny,allow
>    Allow from all
> 
>
> Alias /static/ /srv/www/ccm/htdocs/static/
> Alias /tiny_mce/ /srv/www/ccm/htdocs/static/js/tiny_mce/
> Alias /jquery/ /srv/www/ccm/htdocs/static/js/jquery/
>
> 
>    AllowOverride None
>    Order deny,allow
>    Allow from all
> 
>
> Now, in order to get some meaningful error messages I included this
>
> import sys
> sys.stdout = sys.stderr

That shouldn't have made any difference because the error message is
from Apache and not from the Python web application.

That workaround to broken WSGI applications is also only need in
mod_wsgi 2.X and earlier and not 3.X. This is because default change
in 3.0 as gave up trying to make people write portable WSGI
applications. Read:

  http://blog.dscpl.com.au/2009/04/wsgi-and-printing-to-standard-output.html

> in my wsgi script - as per the recommendation I found 
> inhttp://code.google.com/p/modwsgi/wiki/DebuggingTechniques
>
> and after which, I discovered "Symbolic link not allowed or link target
> not accessible: /usr/local/lib64/python" in the Apache error log. This
> gave the clue that I needed:
>
> /usr/local/lib64/python2.6/site-packages/django/contrib/admin
>
> rather than the one prepared earlier which incorporated /python/ which
> is a symbolic link.
>
> Google indicated I could have included Options FollowSymLinks and maybe
> I should have done that instead.
>
> Maybe an expert who has read this far might care to comment?

I would generally recommend that a copy be made of media directory
into a sub directory of Django site and use it from there instead.
That way you can customise them without fiddling with the originals.

Graham

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: potential issue re in memory django file uploading.

2010-08-30 Thread Graham Dumpleton 


On Aug 30, 1:54 pm, dave b  wrote:
> On 30 August 2010 11:04, Russell Keith-Magee  wrote:
>
>
>
>
>
> > On Sun, Aug 29, 2010 at 8:26 PM, dave b  wrote:
> >  1) An actual problem where you can clearly describe the circumstances
> > or sequence of events that would allow an attack to occur, and
> >  2) Something that is actually Django's problem -- by which I mean,
> > something that is actually Django's responsibility to solve, rather
> > than something that is a webserver configuration issue.
>
> > At this point, it's not clear to me that either of these two things
> > are true. Based on your messages and the feedback from Graham and
> > Steve, it sounds like you're describing an attack that *could* exist,
> > but only if you've got a misconfigured (or badly implemented) web
> > server.
>
> > If you believe that I'm wrong, and there *is* an actual problem, you
> > need to convince us. This doesn't mean posting large wads of Django's
> > source code and proposed patches over multiple messages. It means
> > describing in clear, concise language exactly what conditions need to
> > exist for a problem to occur.
>
> > Yours,
> > Russ Magee %-)
>
> Morning. Will do so below here.
> Just do remember, there is more than one way to run a httpd, some of
> us run our own custom stuff ;) and not everyone is using a setup like
> you have.
>
> ---
>
> Feature: Attacker crashes your django installation via file uploading
> As attacker
> I want to crash your django installation
> To take your site down or reduce its availability, so I can steal the
> underpants and then profit
>
> Background:
> Given I am an attacker
> And you have uploads enabled with the default settings (memory and
> temporary file).
> And you are running on a platform with /tmp
>
> Feature: I upload a 1gb file and have this go into system memory
> Given I have a 1gb file
> When I uploaded it to the website
> Then I should see that your system now has used an additional 1gb of /tmp
> And available system memory is now reduced

How is any available system memory reduced. Normally '/tmp' is disk,
not memory and since data is streamed when being written to disk, the
only memory impact on the application would be what is required to
hold one block of the data in memory while it is being read/written.
The whole file would not be getting stored in memory because when >
2.5MB, it wouldn't be using in memory file uploader, but the disk
based one.

> So basically I was saying there are two problems.
> One is if the httpd isn't behaving properly (this is probably not
> entirely true) with respect to the content length field and abusing
> memory limitation.

Huh. Don't know what you are suggesting here. Web servers do not load
all request content into memory at one time, they stream data, usually
through the web application actually pulling it through a chunk at a
time when the application wants it. Thus is matters little what
content length is to the web server.

> The second issue is that there is no *default* set limit on temporary
> file uploads, so any file larger than 2.5mb can find its way to /tmp
> and there is no limit on the size of these files in django core.
> That is there is no set limit on the size of a temporary file upload.

I don't actually use Django so not 100% sure, but yes there possibly
isn't an equivalent of LimitRequestBody definable within Django unless
can be done with middleware. But then it is as I pointed out the wrong
place to be doing it. The better place is in the web server. This is
because the web server can reject it immediately. If you do it in the
application, then for any hosting mechanism that has to proxy data
through to the application, eg., mod_wsgi daemon mode, fastcgi, scgi,
uWSGI etc, then the web server will have already started proxying
through the data to the application process, thus wasting cycles and
resources, by the time the application decides it doesn't want to
handle it. You are thus always better off rejecting large requests as
early as possible in the pipeline.

So, yes it may make sense for Django to have a fail safe and allow you
to specify a maximum on upload size if it doesn't already, but that is
only of use where you haven't set up your production web server
properly to protect you from abuses, something you should be doing.

> The second problem is going to exist within the bounds of the set
> limits of the webserver and the various mods that are used with
> django.
>
> In an extreme and very unlikely case, the httpd may ungzip the data
> from the attacker and modify the content length (when it knows what it
> should be - the connection is terminated ) with django getting a large
> amount of data to store from a much smaller user body request.

No it will not. Did you not read my other post?

The mod_deflate filter does not modify the content length as it cant.
This is because it has to stream the

filling model choices field according to language code

2010-08-30 Thread Oguz Yarimtepe 

Hi,

In my django application i have a Ticket class at my model as below

class Ticket(models.Model):

...

  
faculty = models.SmallIntegerField( 

_('Faculty'),   
#edit begins
choices=((0,""),),  
#edit begins
default=0,  
blank=False,
null=True,  
help_text=_('Faculty name of the ticket related with'), 
)  




The thing is, i want to fill the choices part dynamically. According to the 
language, i want to fill the string part so at the template the right human 
readable string will be seen. Because i couldn't visualize how i can do it, i 
tried to fix it at the view part as

if lang == "en":
form.fields['faculty'].choices = [(0, '')] + 
[[f.fakulte_id, f.faculty_name] for f in Faculty.objects.all()]
fak=Faculty.objects.get(fakulte_id=fak)
form.fields['department'].choices = [(0, '')] + 
[[d.bolum_id, d.dep_name] for d in fak.department_set.all()]
if lang == "tr":
form.fields['faculty'].choices = [(0, '')] + 
[[f.fakulte_id, f.fakulte_tr] for f in Faculty.objects.all()]
fak=Faculty.objects.get(fakulte_id=fak)
form.fields['department'].choices = [(0, '')] + 
[[d.bolum_id, d.bolum_tr] for d in fak.department_set.all()]
form.fields['problemcategory'].choices = [(0, '')] + [[p.id, 
p.category] for p in ProblemCategory.objects.all()]

As you can see i have problemcategory and department fields also. At the ticket 
edit issue, i have modelform as


class EditTicketForm(forms.ModelForm):
class Meta:
model = Ticket

And at the view 

form = EditTicketForm(request.POST, instance=ticket)
lang=request.LANGUAGE_CODE
fak=int(request.POST["faculty"])

The rest continues as above lang part. When i tried 

if form.is_valid():

i got errors saying that the values from the department, faculty and 
problemcategory fields are not valid. When i add a clean method for modelform as

def clean_faculty(self):
data = self.cleaned_data['faculty']
return 0

the error related with faculty is gone. So it seems modelform is creating the 
choices with (0, "") which is defined at the model. How can i fix it like at 
the view part so that i will fill the choices according to the language code? 

 
-- 
Oguz Yarimtepe 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: appengine dynamic translation

2010-08-30 Thread TomasJKouba 
Hi, I have the same problem. Please help...

Tomas

On 30 srp, 13:17, Martin Kubát  wrote:
> Hi,
> I have a problem with dynamic translation strings on AppEngine.
> Best django module for my problem is django-rosetta. But... I can't do
> any operations with files on AppEngine.
>
> Exists somethings else like django-rosetta for AppEngine? Or, have
> somebody any experience with this problem?
>
> Thanks.
> Martin

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: manage.py: syncdb/sql do not pick up models from custom directory structure

2010-08-30 Thread Daniel Roseman 
On Aug 30, 7:46 am, Dan  wrote:
> On 30 Aug., 08:26, Kenneth Gonsalves  wrote:> import 
> lib.models
>
> > from lib.models import * - you may get an error here
>
> Both commands work without giving any error messages. However they do
> not actually import anything, since the models reside in seperate
> files in the models subdir and need to be imported by "import
> lib.models.ModelFileName". If you do not know what I am talking about,
> this is what I mean:
>
> http://www.nomadjourney.com/2009/11/splitting-up-django-models/
>
> Any other ideas?
>
> Regards,
> Dan

In your lib/models/__init__.py, do `from FooModels import *` for each
model file.
--
DR.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: django.contrib.auth.views.login

2010-08-30 Thread Karen Tracey 
On Mon, Aug 30, 2010 at 2:34 AM, ashy  wrote:

>
> I am using django.contrib.auth.views.login for the login view. The
> code for 'registration/login.html' is as below:
>
> 
>  
>User Login
>  
>  
>User Login
>{% if form.has_errors %}


It looks like you are working from an old book or using some old code,
likely originally written for Django .96 or earlier. has_errors is a very
old method for checking for form errors. It was replaced, prior to Django
1.0, with errors. If you are working from a book, you probably want to
switch to one that covers at least Django 1.0 level code; there were some
major changes made just before 1.0 and working from a book that assumes an
older level is likely going to be frustrating.

Karen
-- 
http://tracey.org/kmt/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

appengine dynamic translation

2010-08-30 Thread Martin Kubát 
Hi,
I have a problem with dynamic translation strings on AppEngine.
Best django module for my problem is django-rosetta. But... I can't do
any operations with files on AppEngine.

Exists somethings else like django-rosetta for AppEngine? Or, have
somebody any experience with this problem?

Thanks.
Martin

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

urls permalink error

2010-08-30 Thread Patricia 


Hi all!

I have a page with some years. I want to click over the year, for
instance 2000, to see all the information.
I've build some permalinks in other pages to built the URL, now I
wanted to do the same thing, but the field I wanted to connect is not
the year, is the date.

@permalink
def get_absolute_url(self):
return('year', [str(self.date.year)])

But this give me a error, I suppose I can't make a query inside
permalink.
Anyone has any idea how to solve this?
Thanks :)

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: GeoDjango: default 4326 SRID doesn't work for transform()

2010-08-30 Thread Reinout van Rees 

On 08/29/2010 07:45 PM, kyleduncan wrote:

Hi all,

I am trying to do obtain the distance between two users on my site,
using code I found in this group. We already have geoDjango installed,
though i'm wondering if my problem comes from being on an old version
(i dont know which version we're using - if somebody could tell me how
to check that would be great). We are running Django 1.1


Well, then you're using the geodjango bundled with django 1.1.  I don't 
remember seeing big changes in django 1.2's changelog regarding 
geodjango.  So you ought to be OK with that.



the code i am using is:

from django.contrib.gis.geos import Point
from django.contrib.gis.measure import D

my_location = request.user.get_profile().location
 their_location = other_user.get_profile().location

 my_location.transform(4326)
 their_location.transform(4326)
 distance = my_location.distance(their_location)

 if request.user.get_profile().get_preferences().use_metric
== 1:
 distance_result =
round(D(m=my_location.distance(their_location)).km, 1)
 else:
 distance_result =
round(D(m=my_location.distance(their_location)).mi, 1)

the last section is just a check to see whether the user wants the
result in miles or km. the bit that's troubles me is the transform()
section. if i put in 4326, i just get 0.0 as the result. if i put in
nothing so it's just transform() (which i understand should use 4326),
i get this django Error:

TypeError at /members/GayHopHelper/

transform() takes at least 2 arguments (1 given)

the only thing that works so far is using SRID 32140, which is for
south texas. the results seem ok but definitely a bit inaccurate,
which is to be expected.


I only recently started using geodjango, so I'll just spit out a few 
brainstormy ideas without any real solution:


- What's the coordinate system of your user's location data?

- Why transforming before grabbing the distance? Can't you transform 
afterwards?


- If you're using the google projection somewhere: did you add it to 
your geo database?  There's a note somewhere in geodjango's doc about 
that 900973 projection.  Not having it could throw off a calculation.


- There's also a hint in that doc about a NULL projection that you need 
to add to your proj4 or whatever files to enable proper transformations.



Just a brainstorm to get you started ;-)

Reinout

--
Reinout van Rees - rein...@vanrees.org - http://reinout.vanrees.org
Collega's gezocht!
Django/python vacature in Utrecht: http://tinyurl.com/35v34f9

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Unable to add two Numbers

2010-08-30 Thread Harbhag Singh Sohal 
On Mon, Aug 30, 2010 at 10:14 AM, Kenneth Gonsalves wrote:

> On Mon, 2010-08-30 at 10:06 +0530, Harbhag Singh Sohal wrote:
> > I have read tutorial / documentation
>
> no use reading it - please do the tutorial step by step until you make a
> complete web application as shown in the tutorial. Then you will be able
> to understand how to add the numbers.
> --
> regards
> Kenneth Gonsalves
>
>  Thanks everyone replying . I think I need to do read the tutorial
thoroughly again . Now I will comeback after reading and doing everything
from scratch .

-- 
Harbhag Singh Sohal
Website : http://harbhag.wordpress.com/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: prepopulated_fields do not work at all Django 1.2

2010-08-30 Thread bruno desthuilliers 
Not really an answer to your question, but you should definitly dev
using the the same versions of Django and any third-part app - at
least you'd have a chance to find out what happens when something goes
wrong.

On 29 août, 23:58, Goran  wrote:
> I have strange problem, on my development server everything is fine
> but I'm use Django 1.1 but on the production server (Django 1.2)
> prepopulated_fields don't work. Does anyone have the same problem? Any
> suggestion?
>
> class UniverzitetAdmin(admin.ModelAdmin):
>     prepopulated_fields = {"url": ("naziv",)}
>
> admin.site.register(Univerzitet, UniverzitetAdmin)
>
> Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

deployment problem gotcha

2010-08-30 Thread Mike Dewhirst 
I had an admin media problem finding base.css in deploying an app from 
the Django (svn head) dev server on Windows to Apache 2.2 on Linux


Because I had prepared this email ready to ask for help, I'm posting it 
anyway with the hope that it helps someone.


Everything else was working. Firebug was saying it couldn't find 
base.css and I couldn't see anything wrong with the following excerpts 
from settings.py and vhosts.conf:


... from settings.py ...

MEDIA_ROOT = '/srv/www/ccm/htdocs/static'
MEDIA_URL = '/static/'
ADMIN_MEDIA_ROOT = 
'/usr/local/lib64/python/site-packages/django/contrib/admin/media/'

ADMIN_MEDIA_PREFIX = '/media/'

... from vhosts.conf  ...

Alias /media/ 
/usr/local/lib64/python/site-packages/django/contrib/admin/media



  AllowOverride None
  Order deny,allow
  Allow from all


Alias /static/ /srv/www/ccm/htdocs/static/
Alias /tiny_mce/ /srv/www/ccm/htdocs/static/js/tiny_mce/
Alias /jquery/ /srv/www/ccm/htdocs/static/js/jquery/


  AllowOverride None
  Order deny,allow
  Allow from all



Now, in order to get some meaningful error messages I included this

import sys
sys.stdout = sys.stderr

in my wsgi script - as per the recommendation I found in 
http://code.google.com/p/modwsgi/wiki/DebuggingTechniques


and after which, I discovered "Symbolic link not allowed or link target 
not accessible: /usr/local/lib64/python" in the Apache error log. This 
gave the clue that I needed:


/usr/local/lib64/python2.6/site-packages/django/contrib/admin

rather than the one prepared earlier which incorporated /python/ which 
is a symbolic link.


Google indicated I could have included Options FollowSymLinks and maybe 
I should have done that instead.


Maybe an expert who has read this far might care to comment?

Mike

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

django.contrib.auth.views.login

2010-08-30 Thread ashy 
Hi All,

I am using django.contrib.auth.views.login for the login view. The
code for 'registration/login.html' is as below:


  
User Login
  
  
User Login
{% if form.has_errors %}
  Your username and password didn't match.
 Please try again.
{% endif %}

  Username:
 {{ form.username }}
  Password:
 {{ form.password }}
  
  

  


The login process works correctly, but if there are errors the message
is not displayed. Any help in this regard.

thanks
ashy

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: manage.py: syncdb/sql do not pick up models from custom directory structure

2010-08-30 Thread Dan 
On 30 Aug., 08:26, Kenneth Gonsalves  wrote:
> import lib.models
>
> from lib.models import * - you may get an error here
Both commands work without giving any error messages. However they do
not actually import anything, since the models reside in seperate
files in the models subdir and need to be imported by "import
lib.models.ModelFileName". If you do not know what I am talking about,
this is what I mean:

http://www.nomadjourney.com/2009/11/splitting-up-django-models/

Any other ideas?


Regards,
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Moderation of posts

2010-08-30 Thread Shamail Tayyab 
On Mon, Aug 30, 2010 at 12:56 AM, Karen Tracey  wrote:
> The mail you sent on August 24 was approved through moderation, you can see
> it here:
>
> http://groups.google.com/group/django-users/browse_thread/thread/48ac828afbe07bf2/
>
> Since then your posts have not been moderated; generally once someone sends
> a non-spam posting to the group they are allowed to post without moderation.
> I don't see any record in my mail archive of any other messages held for
> moderation from you. In fact I don't see that one either -- I have noticed
> lately that there are  sometimes more messages from new posters in the
> moderation queue than moderation emails I have received. If your other
> message looked identical to the one that got posted then likely it was
> removed as a duplicate by whoever approved the one that did go through. If
> it was different, I have no idea what happened to it.
>
> Also, Google Groups does occasionally, and using no algorithm I can discern,
> decide to hold posts from approved members because, it says, the "message
> may be spam". When it does this no mail is sent to moderators until a day or
> two (or three) later, so these posts sometimes do get held up for a while.
> Usually, though, there are enough new member postings that someone visits
> the moderation page often enough to see these oddball cases and move them
> along fairly quickly.
>
> Karen
>


Hi Karen,

   Thanks for your prompt reply :-)

/me is happy.


-- 
Shamail Tayyab
Blog: http://shamail.in/blog

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: manage.py: syncdb/sql do not pick up models from custom directory structure

2010-08-30 Thread Kenneth Gonsalves 
On Mon, 2010-08-30 at 08:20 +0200, Daniel Klaffenbach wrote:
> 
> The problem is that the manage.py script does not seem to be aware of
> these models. I added "myproject.lib" to the INSTALLED_APPS section in
> the settings file, but manage.py still cannot find any models. 

that is not possible. Are you sure it cannot find them? sometimes when
there is an import error or syntax error, manage.py syncdb gives a
misleading message that it cannot find the app/model in question. To
test this, in your shell, try:

import lib.models

if that works then try:

from lib.models import * - you may get an error here
-- 
regards
Kenneth Gonsalves

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

manage.py: syncdb/sql do not pick up models from custom directory structure

2010-08-30 Thread Daniel Klaffenbach 
Hi,

I am working on a pretty big application and somewhat changed the
default directory structure a bit. I now have an app called "lib" in
my project dir. This application contains two folders: "models" and
"templatetags". The __init__.py files are present in all
subdirectories. Whenever I want to use models from the lib-app, I
would use "from myproject.lib.models import FooModel" and it would use
the models from lib/models/FooModel.py.

The problem is that the manage.py script does not seem to be aware of
these models. I added "myproject.lib" to the INSTALLED_APPS section in
the settings file, but manage.py still cannot find any models.

How can I tell manage.py to also look in the lib/models subdirectory for models?


Regards,
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.