Re: Are there use cases for storing null bytes in CharField/TextField?
Hi,
I would guess that one could use null byte to denote "empty field" in
Oracle for example. (I recall seeing such a convention in one of our
non-django apps). And that's to overcome limitation that Oracle doesn't
have real concept of empty string so we stored single null byte to mark
that.
On 15.05.2017 18:54, Tim Graham wrote:
Does anyone know of a use case for using null bytes in
CharField/TextField?
psycopg2 2.7+ raises ValueError("A string literal cannot contain NUL
(0x00) characters.") when trying to save null bytes [0] and this
exception is unhandled in Django which allow malicious form
submissions to crash [1]. With psycopg2 < 2.7, there is no exception
and null bytes are silently truncated by PostgreSQL. Other databases
that I tested (SQLite, MySQL, Oracle) allow saving null bytes. This
creates possible cross-database compatibility problems when moving
data from those databases to PostgreSQL, e.g.[2].
I propose to have CharField and TextField strip null bytes from the
value either a) only on PostgreSQL or b) on all databases. Please
indicate your preference or suggest another solution.
[0] https://github.com/psycopg/psycopg2/issues/420
[1] https://code.djangoproject.com/ticket/28201 - Saving a
Char/TextField with psycopg2 2.7+ raises ValueError: A string literal
cannot contain NUL (0x00) characters is unhandled
[2] https://code.djangoproject.com/ticket/28117 - loaddata raises
ValueError with psycopg2 backend when data contains null bytes
--
You received this message because you are subscribed to the Google
Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to django-developers+unsubscr...@googlegroups.com
.
To post to this group, send email to
django-developers@googlegroups.com
.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/9897126d-b6ef-48f1-9f19-96ed98ce10e5%40googlegroups.com
.
For more options, visit https://groups.google.com/d/optout.
--
Jani Tiainen
--
You received this message because you are subscribed to the Google Groups "Django
developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/22fac845-6870-de4e-6fbe-eab247b8853a%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Contribution
Hi Everyone, I'm fairly new here , I have been using Django for past year and would like to contribute. Could someone give me any key advice on where to start. Thank you -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/e71b3009-d2ea-4196-bb34-16cef3855b21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Contribution
Hi Martin, have you read the contributing documentation? https://docs.djangoproject.com/en/dev/internals/contributing/new-contributors/ On Tuesday, May 16, 2017 at 8:34:30 AM UTC-4, Martin Gauthier wrote: > > Hi Everyone, > > I'm fairly new here , I have been using Django for past year and would > like to contribute. > > Could someone give me any key advice on where to start. > > Thank you > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/2eb7c8d9-899b-4641-ad74-1383ae2d8dbd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Contribution
Thank you ! On Tuesday, May 16, 2017 at 8:37:02 AM UTC-4, Tim Graham wrote: > > Hi Martin, have you read the contributing documentation? > > > https://docs.djangoproject.com/en/dev/internals/contributing/new-contributors/ > > On Tuesday, May 16, 2017 at 8:34:30 AM UTC-4, Martin Gauthier wrote: >> >> Hi Everyone, >> >> I'm fairly new here , I have been using Django for past year and would >> like to contribute. >> >> Could someone give me any key advice on where to start. >> >> Thank you >> > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/3c4d9b9a-67aa-4e15-8e04-818a71035226%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Django and CSP strict-dynamic
Hi Adam, thanks for your comments. > Given that it's still a W3C draft I am not sure it should be added to Django core yet. I agree; note however, that nonces are part of CSP Level 2, which is in "W3C Recommendation" status. Since support for nonces is a prerequisite for any of this, I'll refocus on just that part (in a separate message). After it's possible to handle the nonces, supporting strict-dynamic becomes possible. either in Django itself or in a third-party app. > However it does seem that without a centralized solution for CSP nonces, they won't be usable with third party apps as you found with django-debug-toolbar. Yes, this is the part where involvement from the framework is strictly required, I think. > So I'm wondering, is your code public? Not currently, I will polish it when I have time and publish it. However, as I said, it is very trivial, and doesn't do anything besides what I described in the post. > And do you think it is worth trying to merge into django-csp, or would it be better as a standalone app? It can certainly be added to django-csp, for visibility if nothing else, but in my opinion a standalone app would be nicer: 1. Whitelist policies and strict-dynamic are almost orthogonal; they cannot be combined in a single policy, since 'strict-dynamic' causes the whitelist directives in 'script-src' to be ignored. The django-csp configuration DSL is *mostly* useless for strict-dynamic. 2. I imagine a standalone package to have a simple "read short README, annotate
Re: Django and CSP strict-dynamic
OK, so to refocus the issue: Using CSP nonces requires the following: any
Transifex organisation
Hello, Is anyone responsible for managing the transifex organisation? A colleague of mine applied to join the Django organisation to contribute greek translations for the admin, but his application is currently pending and has been for a while. Are there any special requirements for joining the Transifex org and contributing requirements? If not could someone enable him to contribute? -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAFNZOJPO75rHFMdBMyMfs5s4TM%2BCJxxEjp0RayuR%3DWA%2BC9ZS5w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: Transifex organisation
Le mardi 16 mai 2017 23:52:31 UTC+2, Tom Forbes a écrit : > > Hello, > Is anyone responsible for managing the transifex organisation? A colleague > of mine applied to join the Django organisation to contribute greek > translations for the admin, but his application is currently pending and > has been for a while. > > Are there any special requirements for joining the Transifex org and > contributing requirements? If not could someone enable him to contribute? > Hello Tom, Each language team in the Django Transifex organisation is autonomous. I would say that the steps to join is first asking to join with the usual Transifex method, then after some weeks without reaction try to contact the language coordinators, and eventually discuss a possible language coordinatorship change on the django-i18n mailing list. Also note that Greek translations for Django are currently 100% translated. https://www.transifex.com/django/django/language/el/ Regards, Claude -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/34c23c49-b5d1-4cd1-9a8c-1fff268fd368%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
