Re: how safe is the template engine

2010-10-18 Thread Jonathan S 
Be careful,
Don't forget that users will be able to execute random templatetags,
which may be able to do read/write to the database as well.



On 16 oct, 18:06, "Henrik Genssen"  wrote:
> Hi,
>
> can I safely use the template engine to produce user configured output?
> If I use the template engine like it is done in the RSSFeed:
>
> title_tmp = Template('{% load i18n %}' + userInput)
> ctx = Context({'dstart': date.dstart, 
>
> where userInput is something a user can fill in.
> So far, the only point seems to be:
> protect functions of objects one uses in the context, so nobody can delete 
> items or do something else...
>
> Am I overlooking something?
>
> regards
>
> Henrik

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

psycopg2 and Binary

2011-09-07 Thread Jonathan S 
Hi django users,

Not sure whether this is a bug or configuration issue.

I have a postgres with postgis setup. It works perfect on a postgres
8.4 machine, but it doesn't on a postgres 9.1 machine.

The problem is when constructing GIS queries.
django.contrib.gis relies on psycopg2.Binary for encoding binary data
like polygons.

When connected to the postgres 8.4 machine, output is double-quoted,
like  \\000\\000, but when connected to the 9.1 machine, the output of
Binary is only single quoted, like \000\000. This causes of course
encoding issues, because it conflicts with the null-termination.

Any help?

Thanks,
Jonathan

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: psycopg2 and Binary

2011-09-07 Thread Jonathan S 
So, it works if I patch
django.contrib.gis.db.backends.postgis.adapter. But that's obviously
*not* the way to go...


class PostGISAdapter(object):
...
def getquoted(self):
"Returns a properly quoted string for use in PostgreSQL/
PostGIS."
# Want to use WKB, so wrap with psycopg2 Binary() to quote
properly.
return 'ST_GeomFromEWKB(E%s)' %
unicode(Binary(self.ewkb)).replace('\\', '')

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Python Decorators

2011-04-06 Thread Jonathan S 
Your code looks perfect. Following does print 'True'.


def widget(widget_switch, as_string=False):
def decorator(func):
def wrapper(*args, **kwargs):
# logic in here can access the value of 'widget_switch'
but 'as_string' is not defined?
print as_string
return func(*args, **kwargs)
return wrapper
return decorator

@widget('', as_string=True)
def test():
pass

test()

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

A better "manage.py shell" with syntax highlighting and multiline editing.

2014-10-13 Thread Jonathan S 
Hi all,

Two weeks ago I released the python-prompt-toolkit library with the 
"ptpython" REPL. That is a nice python interactive shell with decent 
multiline editing, syntax highlighting and autocompletion.
For a list of all the features, see: 
http://github.com/jonathanslenders/python-prompt-toolkit

Now django-extensions its "shell_plus" is supporting this as a front-end.
Do:

pip install -U django-extensions
pip install -U prompt-toolkit

then add 'django_extensions' to your INSTALLED_APPS in your django settings.

If you run "django manage.py shell_plus", then you'll get your new shell.
If you love IPython and you have IPython installed, then this should 
automatically use IPython as the back-end.

Prompt-toolkit is still beta, but already used by many people, and it 
should feel stable, if you experience any issues, please report at github:
http://github.com/jonathanslenders/python-prompt-toolkit
Feature requests are very welcome.

Enjoy!
Jonathan

django-extensions: https://github.com/django-extensions/django-extensions

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/76b1f82a-e8bc-4f4d-a6aa-2d7e0868b39d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.