> Thanks for pointing me to dict.get().... i am too stupid :-S

you are quite harsh on yourself. missing something in the huge pile of 
documentation that is django + python is really quite easy. 

> Regarding the tracking app: It's just my personal view... i don't like 
> shipping an app with the widelands code when much code of it is potentially 
> unused. 

I agree. Unused code should be deleted. But I think there are more useful 
things in the homepage than removing unused code - that said, if you want to do 
it I will gladly review it :)

> request variables

A bit of googling says you are probably right: 
https://www.djangoproject.com/weblog/2009/jul/28/security/#secondary-issue

We cannot rely on any of these variables to be set or even correct. I suggest 
we return a known false IP that we can recognize in the database instead. For 
example 192.168.23.42 or something like this. And we should probably not use 
the IP for anything besides what we maybe require for SPAM services. 


-- 
https://code.launchpad.net/~widelands-dev/widelands-website/fix_REMOTE_ADDR/+merge/308337
Your team Widelands Developers is subscribed to branch lp:widelands-website.

_______________________________________________
Mailing list: https://launchpad.net/~widelands-dev
Post to     : widelands-dev@lists.launchpad.net
Unsubscribe : https://launchpad.net/~widelands-dev
More help   : https://help.launchpad.net/ListHelp

Reply via email to