MYMESSAGE = "<div>Hello</div><p></p>Hello"
send_mail("testing",MYMESSAGE,"[email protected]",['[email protected]'],fail_silently=False)
However, this message doesn't get the HTML mime type when it is sent. In my outlook, I see the code...
Hi,
I have an application to count the number of access to an object for each website in a same database.
class SimpleHit(models.Model):
"""
Hit is the hit counter of a given object
"""
content_type = models.ForeignKey(ContentType)
object_id = models.PositiveIntegerField()
content_object = generic.GenericForeignKey('content_type', 'object_id')
site = models.ForeignKey(Site)
hits_total = models.PositiveIntegerField(default=0, blank=True)
[...]
class SimpleHitManager(models.Manager):
def get_query_set(self):
print self.model._meta.fields
qset = super(SimpleHitManager, self).get_query_set()
qset = qset.filter(hits__site=settings.SITE_ID)
return qset
class SimpleHitBase(models.Model):
hits = generic.GenericRelation(SimpleHit)
objects = SimpleHitManager()
_hits = None
def _db_get_hits(self, only=None):
if self._hits == None:
try:
self._hits = self.hits.get(site=settings.SITE_ID)
except SimpleHit.DoesNotExist:
self._hits = SimpleHit()
return self._hits
@property
def hits_total(self):
return self._db_get_hits().hits_total
[...]
class Meta:
abstract = True
And I have a model like:
class Model(SimpleHitBase):
name = models.CharField(max_length=255)
url = models.CharField(max_length=255)
rss = models.CharField(max_length=255)
creation = AutoNowAddDateTimeField()
update = AutoNowDateTimeField()
So, my problem is this one: when I call Model.objects.all(), I would like to have one request for the SQL (not two). In this case: one for Model in order to have information and one for the hits in order to have the counter (hits_total). This is because I cannot call directly hits.hits_total (due to SITE_ID?). I have tried select_related, but it seems to do not work...
Question:
- How can I add column automatically like (SELECT hits.hits_total, model.* FROM [...]) to the queryset?
- Or use a functional select_related with my models?
I want this model could be plugable on all other existing model.
Thank you,
Best regards.
Suppose I have my models set up already.
class books(models.Model):
title = models.CharField...
ISBN = models.Integer...
What if I want to add this column to my table?
user = models.ForeignKey(User, unique=True)
How would I write the raw SQL in my database so that this column works?
For formatting a date using date filter you must use the following format :
{{ my_date|date:"Y-m-d" }}
If you use strftime from the standard datetime, you have to use the following :
my_date.strftime("%Y-%m-%d")
So my question is ... isn't it ugly (I guess it is because of the % that is used also for tags, and therefore is escaped or something) ?
But that's not the main question ... I would like to use the same DATE_FORMAT parametrized in settings.py all over the project, but it therefore seems that I cannot ! Is there a work around (for example a filter that removes the % after the date has been formatted like {{ my_date|date|dream_filter }}, because if I just use DATE_FORMAT = "%Y-%m-%d" I got something like %2001-%6-%12)?
Suppose this is my URL route:
(r'^test/?$','hello.life.views.test'),
How do I make it so that people can do .json, .xml, and it would pass a variable to my views.test, so that I know to make json or xml?
I am trying to set up Google App Engine unit testing for my web application. I downloaded the file from here.
I followed the instructions in the readmen by copying the directory gaeunit into the directory with the rest of my apps and registering 'gaeunit' in settings.py. This didn't seem sufficient to actually get things going. I also stuck url('^test(.*)', include('gaeunit.urls')) into my urls.py file.
When I go to the url http://localhost:8000/test, I get the following error:
[Errno 2] No such file or directory: '../../gaeunit/test'
Any suggestions? I'm not sure what I've done wrong. Thanks!
I have this error:
'people' is an invalid keyword argument for this function
class Passage(models.Model):
name= models.CharField(max_length = 255)
who = models.ForeignKey(UserProfil)
class UserPassage(models.Model):
passage = models.ForeignKey(Passage)
people = models.ManyToManyField(UserProfil, null=True)
class UserProfil(models.Model):
user = models.OneToOneField(User)
name = models.CharField(max_length=50)
I try:
def join(request):
user = request.user
user_profil = UserProfil.objects.get(user=user)
passage = Passage.objects.get(id=2)
#line with error
up = UserPassage.objects.create(people= user_profil, passage=passage)
return render_to_response('thanks.html')
How to do correctly?
Thanks!
I'd like everything to function correctly, except when it's mobile, the entire site will used a set of specific templates.
Also, I'd like to autodetect if it's mobile. If so, then use that set of templates throughout the entire site.
I have a handful of users on a server. After updating the site, they don't see the new pages. Is there a way to globally force their browsers and providers to display the new page? Maybe from settings.py? I see there are decorators that look like they do this on a function level.
I am trying to get a list of all existing model fields and properties for a given object. Is there a clean way to instrospect an object so that I can get a dict of fields and properties.
class MyModel(Model)
url = models.TextField()
def _get_location(self):
return "%s/jobs/%d"%(url, self.id)
location = property(_get_location)
What I want is something that returns a dict that looks like this:
{
'id' : 1,
'url':'http://foo',
'location' : 'http://foo/jobs/1'
}
I can use model._meta.fields to get the model fields, but this doesn't give me things that are properties but not real DB fields.
Sometimes the best way to debug something is to print some stuff to the page, and exit(), how can I do this in a Python/Django site?
e.g. in PHP:
echo $var;
exit();
Thanks
As far as I understand, the "Getting Started" guide of GAE with Python uses the webapp framework. However, it seems like it uses Django to render templates.
Does that mean that I can use the Django template engine without using its application framework?
There are a ton of questions like this, but they are mostly very generalized, so I'd like to get some views on my specific usage.
General:
I'm building a new project on my own in Django. It's focus will be on small businesses. I'd like to make it somewhat customizble for my clients so they can add to their customer/invoice/employee/whatever items. My models would reflect boilerplate items that all ModelX might have. For example:
first name
last name
email
address
...
Then my user's would be able to add fields for whatever data they might like. I'm still in design phase and am building this myself, so I've got some options.
Working on...
Right now the 'extra items' models have a FK to the generic model (Customer and CustomerDataPoints for example). All values in the extra data points are stored as char and will be coerced/parced into their actual format at view building. In this build the user could theoretically add whatever values they want, group them in sets and generally access them at will from the views relavent to that model.
Pros: Low storage overhead, very extensible, searchable
Cons: More sql joins
My other option is to use some type of markup, or key-value pairing stored directly onto the boilerplate models. This coul essentially just be any low-overhead method weather XML or literal strings. The view and form generated from the stored data would be taking control of validation and reoganizing on updates. Then it would just dump the data back in as a char/blob/whatever.
Something like:
<datapoint type='char' value='something' required='true' />
<datapoint type='date' value='01/01/2001' required='false' />
...
Pros: No joins needed, Updates for validation and views are decoupled from data
Cons: Much higher storage overhead, limited capacity to search on extra content
So my question is:
If you didn't live in the contraints impose by your company what method would you use? Why? What benefits or pitfalls do you see down the road for me as a small business trying to help other small businesses?
Just to clarify, I am not asking about custom UI elements, those I can handle with forms and template snippets. I'm asking primarily about data storage and retreival of non standardized data relative to a boilerplate model.
I am developing a mathematics site using Asp.Net MVC 3 + Razor + MathJax.
MathJax is a javascript library to render TeX or LaTeX codes on the web browser.
And TeX or LaTeX codes represent mathematics contents such as an inline math $y=mx+c$ and a displayed math \[y=mx+c\].
Right now my site can accept input, for example, $x<y$. However it cannot accept $x<y>z$ because the framework regards this input is vulnerable to XSS and XSRF.
Shortly speaking, what I should do to accomplish what I want but it does not open security vulnerability.
I have included Zend_Form_Element_Hash into a form multiplecheckbox form. I have jQuery set to fire off an AJAX request when a checkbox is clicked, I pass the token with this AJAX request. The first AJAX request works great, but the subsequent ones fail.
I suspect it may be once the token has been validated it is then removed from the session (hop = 1).
What would be your plan of attack for securing a form with Zend Framework Hash yet using AJAX to complete some of these requests?
I’m having problems with the AntiForgeryToken in ASP.Net MVC. If I do an iisreset on my web server and a user continues with their session they get bounced to a login page. Not terrible but then the AntiForgery token blows up and the only way to get going again is to blow away the cookie on the browser.
With the beta version of version 1 it used to go wrong when reading the cookie back in for me so I used to scrub it before asking for a validation token but that was fixed when it was released.
For now I think I’ll roll back to my code that fixed the beta problem but I can’t help but think I’m missing something. Is there a simpler solution, heck should I just drop their helper and create a new one from scratch? I get the feeling that a lot of the problem is the fact that it’s tied so deeply into the old ASP.Net pipeline and is trying to kludge it into doing something it wasn’t really designed to do.
I had a look in the source code for the ASP.Net MVC 2 RC and it doesn't look like the code has changed much so while I haven't tried it, I don't think there are any answers there.
Here is the relevant part of the stack trace of the exception.
Edit: I just realised I didn't mention that this is just trying to insert the token on the GET request. This isn't the validation that occurs when you do a POST kicking off.
System.Web.Mvc.HttpAntiForgeryException: A required anti-forgery token was not supplied or was invalid. ---> System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. ---> System.Web.UI.ViewStateException: Invalid viewstate.
Client IP: 127.0.0.1
Port: 4991
User-Agent: scrubbed
ViewState: scrubbed
Referer: blah
Path: /oursite/Account/Login ---> System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo)
at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString)
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError)
at System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState)
at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString)
at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState)
at System.Web.Mvc.AntiForgeryDataSerializer.Deserialize(String serializedToken)
--- End of inner exception stack trace ---
at System.Web.Mvc.AntiForgeryDataSerializer.Deserialize(String serializedToken)
at System.Web.Mvc.HtmlHelper.GetAntiForgeryTokenAndSetCookie(String salt, String domain, String path)
at System.Web.Mvc.HtmlHelper.AntiForgeryToken(String salt, String domain, String path)
Consider an ASP.NET MVC application using the Salt parameter in the [ValidateAntiForgeryToken] directive.
The scenario is such that the app will be used by many customers. It's not terribly desirable to have the Salt known at compile time.
The current strategy is to locate the Salt value in the web.config.
[ValidateAntiForgeryToken(Salt = Config.AppSalt)]
//Config.AppSalt is a static property that reads the web.config.
This leads to a compile-time exception suggesting that the Salt must be a const at compile time.
An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type
How can I modify the application to allow for a runtime loading of the Salt so that the app doesn't have to be re-salted and recompiled for each customer?
Consider that the Salt won't change frequently, if at all, thereby removing the possibility of invalidating form
I was thinking about this and it appears POST only a little less vulnerable and somewhat harder (do to requiring the user to click something).
I read about token ids and double submitted cookies and i am not sure what the difference is
http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Disclosure_of_Token_in_URL
http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies
Right now i have the user id (PK in my table) and a session id so you cant simply change your cookie ID and act like someone else. Now it seems like i put the session id as a token in each of my forms and check them bc attackers cant guess these tokens. However i dislike the idea of putting the session id into the page for ppl to see. But really, is there a problem with that? short of having the user copy/pasting the html is there any attacks that can happen due to the session id being in plain view in html?
This is the error :
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] mod_python (pid=9528, interpreter='realpage.com', phase='PythonHandler', handler='django.core.handlers.modpython'): Application error
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] ServerName: 'realpage.dom'
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] DocumentRoot: '/htdocs'
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] URI: '/'
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] Location: '/'
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XX.248.60] Directory: None
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] Filename: '/htdocs'
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] PathInfo: '/'
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] Traceback (most recent call last):
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line 1537, in HandlerDispatch\n default=default_handler, arg=req, silent=hlist.silent)
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line 1229, in _process_target\n result = _execute_target(config, req, object, arg)
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line 1128, in _execute_target\n result = object(arg)
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] File "/usr/lib/python2.5/site-packages/django/core/handlers/modpython.py", line 228, in handler\n return ModPythonHandler()(req)
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] File "/usr/lib/python2.5/site-packages/django/core/handlers/modpython.py", line 220, in call\n req.write(chunk)
[Mon Mar 01 12:19:50 2010] [error] [client XXX.XX.248.60] IOError: Write failed, client closed connection.
Please! I am sure you need more information in order to find the bug, please tell me what and how to get it.
The error is throwing every time!