On Sat, Sep 26, 2009 at 2:29 PM, Luke Plant <l.plant...@cantab.net> wrote: > > Hi all, > > I just want to know what the status is before committing the CSRF > stuff: > > * Jacob am I waiting for a thumbs up? I think you said you were going > to try out the code. > * Simon am I waiting for your patch? > > If I'm not waiting for either, my plan would be: > * Commit what I've got pretty much as is. > * Then move it all from contrib to core > * Question: where should the docs (currently ref/contrib/csrf.txt) > be moved to? ref/csrf.txt seems like a sensible place, but I > don't know. > * Then add a render_to_response_with_request shortcut (once we > can decide on a colour...) and adjust the tutorials. >
So I'm still a little unclear on what this shortcut does that direct_to_template doesn't already? > Simon: > * I could wait for you to write your csrf_protect_form code before > doing any of this, merge it and then do the above. > * You could write it against my lp-csrf_rework branch (which is not > going to change substantially), and I can move your patch > over to core (or you could move it). > * You could wait 'til I'm done so that we don't have to worry about > the fact that everything is going to move. > > Personally, I think your patch would be better going in separately, as > it is additional functionality that is not used by default anywhere. > > Also, I have written a Python script that attempts to help people find > all the <form>s and view code that needs attention. It has a whole > bunch of limitations and caveats, but I think it's pretty useful 90% > solution and automates a lot of what people would have done using grep > etc. Where should it go? It's currently in 'extras/' which seems to > be the right place. > > Luke > > -- > "Smoking cures weight problems...eventually..." (Steven Wright) > > Luke Plant || http://lukeplant.me.uk/ > > > > Alex -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Voltaire "The people's good is the highest law." -- Cicero "Code can always be simpler than you think, but never as simple as you want" -- Me --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
