On 20 Mrz., 03:48, Malcolm Tredinnick
wrote:
> I was one of the original people in favour of making this change, but
> since it was decided not to go down that path (disappointingly, it
> seems, mostly through apathy at the time), I think we shouldn't change
> it now. the fact that it will eith
On Thu, 2009-03-19 at 19:30 -0700, Ulrich Petri wrote:
> Hi,
>
> since #9666 (SSI-tag variable resolving) got accepted by Jacob lately
> I would like to restart discussion about the same functionality for
> the url template tag (as was already proposed in #7917).
>
> Pro arguments:
> - The url t
Hi,
since #9666 (SSI-tag variable resolving) got accepted by Jacob lately
I would like to restart discussion about the same functionality for
the url template tag (as was already proposed in #7917).
Pro arguments:
- The url tag is one of the few remaining tags that doesn't accept a
variable as i
> GIS is a bit of a special case; Justin Bronn is the maintainer there,
> and he and the rest of the GeoDjango contributors develop somewhat
> independently of the rest of Django.
>
> That said, they don't get any special exemptions in terms of timeline,
> so GeoDjango feature freeze is this week
On Mar 19, 2009, at 5:47 PM, Preston Timmons wrote:
> Might somebody be able to review the patch and tests for this ticket
> to see if they are acceptable? I am hoping it can get in as a bug fix
> for 1.1. If something is lacking here I would like to try to fix it.
The patch looks generally acc
On Wed, Mar 18, 2009 at 10:59 AM, Jacob Kaplan-Moss
wrote:
> I'm a somewhat reluctant +0 on this -- the content re-writing that the
> CSRF middleware does has always rubbed me the wrong way. For one,
> it'll make implementing streaming responses quite a bit more
> difficult. But more importantly
Ticket #9122 Inline admin on generic relations ignores exclude and
max_num
http://code.djangoproject.com/ticket/9122
Might somebody be able to review the patch and tests for this ticket
to see if they are acceptable? I am hoping it can get in as a bug fix
for 1.1. If something is lacking here I w
On Thu, 2009-03-19 at 05:17 -0700, Vitaly wrote:
> I wanted json serialize a tree of django model objects: Schedule ->
> Player -> django.models.User.
> django.core.serializers.serialize does shallow serialization of
> QuerySet but I want a deep one. Next, I looked at QuerySet.values()
> plus simp
Thanks, Bob. Added comment to the ticket.
On Mar 19, 12:03 pm, Bob Thomas wrote:
> On Mar 19, 8:17 am, Vitaly wrote:
>
> > I wanted json serialize a tree of django model objects: Schedule ->
> > Player -> django.models.User.
> > django.core.serializers.serialize does shallow serialization of
>
Hi folks --
I promise this one won't be as long as the previous one!
If you'd like to mentor a Summer of Code project, you can apply through
Google's web app right now. Please also add your name here:
http://code.djangoproject.com/wiki/SummerOfCode2009
However, the quality of mentors is even mo
Hi folks --
It's that time of year again: Google's announced the Summer of Code 2009, and
Django is again one of the participating projects. Jannis Leidel will be
running things this year, and I'll be backing him up.
For those who aren't aware: Summer of Code is Google's program to pay students
On Thu, Mar 19, 2009 at 6:11 PM, Antoni Aloy wrote:
>
> 2009/3/18 Jacob Kaplan-Moss :
> >
> > Hi folks --
> >
> > Quick reminder that Django 1.1 beta is due to drop Friday. This means
> > feature freeze -- any feature additions not completed by the beta
> > timeline won't make it into 1.1. Realis
2009/3/18 Jacob Kaplan-Moss :
>
> Hi folks --
>
> Quick reminder that Django 1.1 beta is due to drop Friday. This means
> feature freeze -- any feature additions not completed by the beta
> timeline won't make it into 1.1. Realistically that means that any
> feature addition not already "close" to
On Thursday 19 March 2009 19:18:19 Bob Thomas wrote:
> On Mar 19, 2:49 pm, Luke Plant wrote:
> > The hard work isn't the template tag, it's:
> >
> > - tests (the existing ones are in django/contrib/csrf/tests.py)
> > - documentation
> > - converting the admin (I really think this needs to be d
Definite +1. The lack of fieldsets has tripped me up plenty of times.
On Mar 19, 10:06 am, Jari Pennanen wrote:
> WTForm is simple implementation built on top of existing (new)forms to
> help create fieldsets, and by judging django snippets alone one can
> see it's a huge hole in Django. Everyon
On Thu, Mar 19, 2009 at 4:20 PM, Jacob Kaplan-Moss
wrote:
...
>
> /me looks meaningfully at Justin.
FWIW, I've been a terrible contributor on GIS. All praise to Justin's
great work.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to th
On Thu, Mar 19, 2009 at 4:09 PM, Bob Thomas wrote:
> One trend I noticed was that there were quite a few GIS tickets that
> aren't really in that grey area at all. Without a champion, they seem
> most likely to miss 1.1 (assuming contrib apps are subject to the same
> strict definition of "bug" a
>
> also, please note that even if GET requests are mostly readonly,
> if they return JSON, they can be still read by a CSRF attack,
> so those have to be secured ( usually be verifying
> the special header set by ajax requests ).
>
> gabor
That's more of a "JSON hijacking" attack than CSRF. It
On Thu, Mar 19, 2009 at 9:53 AM, Thomas Guettler wrote:
>
> The CSRF middleware inserts a hidden input element in every form.
>
> Since GET Requests are mostly readonly, the bad guy needs a POST
> request to do some evil.
>
> If the bad guy can make a POST request
> with the user's browser, the b
On Mar 19, 4:59 pm, Jacob Kaplan-Moss
wrote:
> On Thu, Mar 19, 2009 at 3:54 PM, Bob Thomas wrote:
> > Digging through the (huge) 1.1 milestone list a bit, the following
> > seem to be closer to improvements than bugs (IMO). If you have any
> > favorites in here, they should probably be looked
This has been discussed extensively, both on this list and the ticket
at http://code.djangoproject.com/ticket/3011
It's been rejected for 1.1 (now is not really a good time to be
proposing features), but you can try mentioning this again when 1.2
planning starts.
-bob
--~--~-~--~~---
On Thu, Mar 19, 2009 at 3:54 PM, Bob Thomas wrote:
> Digging through the (huge) 1.1 milestone list a bit, the following
> seem to be closer to improvements than bugs (IMO). If you have any
> favorites in here, they should probably be looked at for last-minute
> additions to 1.1 beta, or they may
Digging through the (huge) 1.1 milestone list a bit, the following
seem to be closer to improvements than bugs (IMO). If you have any
favorites in here, they should probably be looked at for last-minute
additions to 1.1 beta, or they may be in danger of missing 1.1
entirely:
http://code.djangopro
In a project I've been working on, I've been feeling that the method
django uses to store additional information about users in "user
profiles" is cumbersome and inconvenient. I felt that being able to
extend the django.contrib.auth User model would be a good solution for
the problems I was runni
On Mar 19, 3:42 pm, Jacob Kaplan-Moss
wrote:
> On Thu, Mar 19, 2009 at 2:18 PM, Bob Thomas wrote:
> > So, if the template tag wasn't hard enough to write, it's not helpful?
>
> Um. That's not what I read from what Luke's saying.
>
That's what I read, though.
> Again, that's not at all what I
On Mar 19, 8:58 am, stout.el...@gmail.com wrote:
> Hi, I've got it working a couple months ago, just with basic
> funcionality, without the features Ivan put it
> inhttp://code.google.com/p/django-firebird/.
>
> It's not finished or clean, but if you want i can send you later.
I will create an
On Thu, Mar 19, 2009 at 2:18 PM, Bob Thomas wrote:
> So, if the template tag wasn't hard enough to write, it's not helpful?
Um. That's not what I read from what Luke's saying.
> I'm not sure how I missed the tests, though. I think I was just
> looking at the regression tests for the built-in ta
On Mar 19, 2:49 pm, Luke Plant wrote:
> The hard work isn't the template tag, it's:
>
> - tests (the existing ones are in django/contrib/csrf/tests.py)
> - documentation
> - converting the admin (I really think this needs to be done
> before we can check this in, because we want to depreca
On Thu, Mar 19, 2009 at 2:43 PM, Zachary Voase wrote:
>
> I spoke about this on here a while ago, but seeing as the 1.1 feature
> freeze is looming, I thought it would be a good idea if I brought it
> up again.
>
> I think it's a good idea to have some support for using Python's
> decorator syntax
I spoke about this on here a while ago, but seeing as the 1.1 feature
freeze is looming, I thought it would be a good idea if I brought it
up again.
I think it's a good idea to have some support for using Python's
decorator syntax on signal receivers; seeing as Django's probably
going to switch t
On Thursday 19 March 2009 15:55:35 Bob Thomas wrote:
> On Mar 18, 1:25 pm, Luke Plant wrote:
> > Yep, agreed. I plan to replace the content re-writing stuff with
> > a template tag which hopefully won't be too nasty. It's just I
> > haven't had time yet, and I'd rather fix the security hole now,
On Mar 19, 8:17 am, Vitaly wrote:
> I wanted json serialize a tree of django model objects: Schedule ->
> Player -> django.models.User.
> django.core.serializers.serialize does shallow serialization of
> QuerySet but I want a deep one. Next, I looked at QuerySet.values()
> plus simplejson but al
On Mar 18, 1:25 pm, Luke Plant wrote:
>
> Yep, agreed. I plan to replace the content re-writing stuff with a
> template tag which hopefully won't be too nasty. It's just I haven't
> had time yet, and I'd rather fix the security hole now, and improve
> the implementation later. The exception me
Hi, I've got it working a couple months ago, just with basic
funcionality, without the features Ivan put it in
http://code.google.com/p/django-firebird/.
It's not finished or clean, but if you want i can send you later.
Regards,
David Elias
On Mar 18, 4:07 pm, mariuz wrote:
> On Mar 16, 4:34
I wanted json serialize a tree of django model objects: Schedule ->
Player -> django.models.User.
django.core.serializers.serialize does shallow serialization of
QuerySet but I want a deep one. Next, I looked at QuerySet.values()
plus simplejson but alas the shallow copy again.
On Mar 18, 9:55 p
On Thursday 19 March 2009 08:53:06 Thomas Guettler wrote:
> The CSRF middleware inserts a hidden input element in every form.
>
> Since GET Requests are mostly readonly, the bad guy needs a POST
> request to do some evil.
>
> If the bad guy can make a POST request
> with the user's browser, the b
The CSRF middleware inserts a hidden input element in every form.
Since GET Requests are mostly readonly, the bad guy needs a POST
request to do some evil.
If the bad guy can make a POST request
with the user's browser, the bad guy might make a GET request with javascript
first , read the hidden
37 matches
Mail list logo
