Re: RFC: Django history tracking

2006-06-15 Thread DavidA 

There was a similar thread on this earlier where I commented about a
slightly different way to store the changes:
http://groups.google.com/group/django-users/browse_thread/thread/f36f4e48f9579fff/0d3d64b25f3fd506?q=time_from&rnum=1

To summarize, in the past I've used a time_from/time_thru pair of
date/time columns to make it more efficient to retrieve the version of
a row as it looked at a particular point in time. Your design of just
using change_date makes this more difficult.

I can also think of use cases where I want the versioning to track both
date and time since I would expect multiple changes on the same day.

Maybe these could also be options?


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---

Re: HttpResponseSendFile

2006-06-15 Thread Adrian Holovaty 

On 6/14/06, SmileyChris <[EMAIL PROTECTED]> wrote:
> I realise there are better ways to send most files. I ask about this
> because I'm looking at implementing that "special case" soon
> (authenticating files via logged in user in Django), and I was just
> wondering about ways to do it.

May I interest you in the "Authenticating against Django's user
database from Apache" document?

http://www.djangoproject.com/documentation/apache_auth/

Adrian

-- 
Adrian Holovaty
holovaty.com | djangoproject.com

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---

Re: Proposal: default escaping

2006-06-15 Thread Gary Wilson 

gabor wrote:
> is it true, that people usually forget to escape dangerous variables?
>
>
> a) if no (people do not forget):
> means people are already using 'escape' when needed. in this case, this
> block-level tag is a welcome addition, because it makes it
> simpler/more-convenient to toggle escaping.
>
>
> b) if yes (people do forget):
> a block level tag will not help. people will forget to use them the same
> way they forget to use the 'escape' filter.
>
> my guess is (b)

or

c) people don't know what XSS is and are clueless about the need to
escape.  A good case for turning escaping on by default.


What would you rather have:
"Help, help!  How do I turn off escaping?"
or
"Help, help! H4a0r s+0l3|> my Dj4|\|g0111"


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---

Re: Proposal: default escaping

2006-06-15 Thread James Bennett 

On 6/15/06, Gary Wilson <[EMAIL PROTECTED]> wrote:
> What would you rather have:
> "Help, help!  How do I turn off escaping?"

I don't know... memories are stirring of my PHP days and the horror of
magic_quotes...


-- 
"May the forces of evil become confused on the way to your house."
  -- George Carlin

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---

delete file of File/ImageUploadFields

2006-06-15 Thread Norman Harman 
For my ImageUploadFields I ignore the filename provided by user and 
and name it something specific.  I got real tired of the save_file 
method appending underscores when it found a file with that name 
already existed.

So, added this delete_fieldname_file().  Works like save_filename_file 
but deletes any file named get_fieldname_file.

Maybe somemone else likes it.  It should be added to mr.

patch attached, I hope...


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---
Index: django/db/models/base.py
===
--- django/db/models/base.py(revision 3131)
+++ django/db/models/base.py(working copy)
@@ -307,6 +307,11 @@
 def _get_FIELD_size(self, field):
 return os.path.getsize(self._get_FIELD_filename(field))
 
+def _delete_FIELD_file(self, field):
+filename = self._get_FIELD_filename(field)
+if os.path.isfile(filename):
+os.remove(filename)
+
 def _save_FIELD_file(self, field, filename, raw_contents):
 directory = field.get_directory_name()
 try: # Create the date-based directory if it doesn't exist.
Index: django/db/models/fields/__init__.py
===
--- django/db/models/fields/__init__.py (revision 3131)
+++ django/db/models/fields/__init__.py (working copy)
@@ -571,6 +571,7 @@
 setattr(cls, 'get_%s_filename' % self.name, 
curry(cls._get_FIELD_filename, field=self))
 setattr(cls, 'get_%s_url' % self.name, curry(cls._get_FIELD_url, 
field=self))
 setattr(cls, 'get_%s_size' % self.name, curry(cls._get_FIELD_size, 
field=self))
+setattr(cls, 'delete_%s_file' % self.name, lambda instance: 
instance._delete_FIELD_file(self))
 setattr(cls, 'save_%s_file' % self.name, lambda instance, filename, 
raw_contents: instance._save_FIELD_file(self, filename, raw_contents))
 dispatcher.connect(self.delete_file, signal=signals.post_delete, 
sender=cls)

Custom template paths for syndication framework

2006-06-15 Thread James Wheare 

Hi chaps,

In short, the syndication framework doesn't allow custom template paths
for the title and description of feeds.

I made a trac report detailing the issue and added a patch that works
but I'm sure could be improved.

http://code.djangoproject.com/ticket/2158

Mind taking a look?

Cheers,
- James


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---

Re: Proposal: default escaping

2006-06-15 Thread Rowan Kerr 

On 6/15/06, James Bennett <[EMAIL PROTECTED]> wrote:
> I don't know... memories are stirring of my PHP days and the horror of
> magic_quotes...

As long as the data is only escaped on final output (and here escaping
should actually be intelligent as to whether it's outputting html, or
some mime-encoded email). magic_quotes mangled all your data no matter
where it was from or where it was going.

-Rowan

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers
-~--~~~~--~~--~--~---