Search Results

Search found 3640 results on 146 pages for 'django csrf'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 102/146 | < Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >

  • Django database - how to add this column in raw SQL.

    - by alex
    Suppose I have my models set up already. class books(models.Model): title = models.CharField... ISBN = models.Integer... What if I want to add this column to my table? user = models.ForeignKey(User, unique=True) How would I write the raw SQL in my database so that this column works?

    Read the article

  • what is the 'extra' mean in this django code..

    - by zjm1126
    TOPIC_COUNT_SQL = """ SELECT COUNT(*) FROM topics_topic WHERE topics_topic.object_id = maps_map.id AND topics_topic.content_type_id = %s """ MEMBER_COUNT_SQL = """ SELECT COUNT(*) FROM maps_map_members WHERE maps_map_members.map_id = maps_map.id """ maps = maps.extra(select=SortedDict([ ('member_count', MEMBER_COUNT_SQL), ('topic_count', TOPIC_COUNT_SQL), ]), select_params=(content_type.id,)) i don't know this mean, thanks

    Read the article

  • Django - Problem with models/manager to organise a query...

    - by user296644
    Hi, I have an application to count the number of access to an object for each website in a same database. class SimpleHit(models.Model): """ Hit is the hit counter of a given object """ content_type = models.ForeignKey(ContentType) object_id = models.PositiveIntegerField() content_object = generic.GenericForeignKey('content_type', 'object_id') site = models.ForeignKey(Site) hits_total = models.PositiveIntegerField(default=0, blank=True) [...] class SimpleHitManager(models.Manager): def get_query_set(self): print self.model._meta.fields qset = super(SimpleHitManager, self).get_query_set() qset = qset.filter(hits__site=settings.SITE_ID) return qset class SimpleHitBase(models.Model): hits = generic.GenericRelation(SimpleHit) objects = SimpleHitManager() _hits = None def _db_get_hits(self, only=None): if self._hits == None: try: self._hits = self.hits.get(site=settings.SITE_ID) except SimpleHit.DoesNotExist: self._hits = SimpleHit() return self._hits @property def hits_total(self): return self._db_get_hits().hits_total [...] class Meta: abstract = True And I have a model like: class Model(SimpleHitBase): name = models.CharField(max_length=255) url = models.CharField(max_length=255) rss = models.CharField(max_length=255) creation = AutoNowAddDateTimeField() update = AutoNowDateTimeField() So, my problem is this one: when I call Model.objects.all(), I would like to have one request for the SQL (not two). In this case: one for Model in order to have information and one for the hits in order to have the counter (hits_total). This is because I cannot call directly hits.hits_total (due to SITE_ID?). I have tried select_related, but it seems to do not work... Question: - How can I add column automatically like (SELECT hits.hits_total, model.* FROM [...]) to the queryset? - Or use a functional select_related with my models? I want this model could be plugable on all other existing model. Thank you, Best regards.

    Read the article

  • Django date filter: how come the format used is different from the one in datetime library?

    - by sebpiq
    For formatting a date using date filter you must use the following format : {{ my_date|date:"Y-m-d" }} If you use strftime from the standard datetime, you have to use the following : my_date.strftime("%Y-%m-%d") So my question is ... isn't it ugly (I guess it is because of the % that is used also for tags, and therefore is escaped or something) ? But that's not the main question ... I would like to use the same DATE_FORMAT parametrized in settings.py all over the project, but it therefore seems that I cannot ! Is there a work around (for example a filter that removes the % after the date has been formatted like {{ my_date|date|dream_filter }}, because if I just use DATE_FORMAT = "%Y-%m-%d" I got something like %2001-%6-%12)?

    Read the article

  • How do I set up gaeunit 2.0a with my Django app?

    - by J. Frankenstein
    I am trying to set up Google App Engine unit testing for my web application. I downloaded the file from here. I followed the instructions in the readmen by copying the directory gaeunit into the directory with the rest of my apps and registering 'gaeunit' in settings.py. This didn't seem sufficient to actually get things going. I also stuck url('^test(.*)', include('gaeunit.urls')) into my urls.py file. When I go to the url http://localhost:8000/test, I get the following error: [Errno 2] No such file or directory: '../../gaeunit/test' Any suggestions? I'm not sure what I've done wrong. Thanks!

    Read the article

  • Django. Invalid keyword argument for this function. ManyToMany

    - by sagem_tetra
    I have this error: 'people' is an invalid keyword argument for this function class Passage(models.Model): name= models.CharField(max_length = 255) who = models.ForeignKey(UserProfil) class UserPassage(models.Model): passage = models.ForeignKey(Passage) people = models.ManyToManyField(UserProfil, null=True) class UserProfil(models.Model): user = models.OneToOneField(User) name = models.CharField(max_length=50) I try: def join(request): user = request.user user_profil = UserProfil.objects.get(user=user) passage = Passage.objects.get(id=2) #line with error up = UserPassage.objects.create(people= user_profil, passage=passage) return render_to_response('thanks.html') How to do correctly? Thanks!

    Read the article

  • how can i introspect properties and model fields in django?

    - by shreddd
    I am trying to get a list of all existing model fields and properties for a given object. Is there a clean way to instrospect an object so that I can get a dict of fields and properties. class MyModel(Model) url = models.TextField() def _get_location(self): return "%s/jobs/%d"%(url, self.id) location = property(_get_location) What I want is something that returns a dict that looks like this: { 'id' : 1, 'url':'http://foo', 'location' : 'http://foo/jobs/1' } I can use model._meta.fields to get the model fields, but this doesn't give me things that are properties but not real DB fields.

    Read the article

  • webapp and django framework

    - by Joel
    As far as I understand, the "Getting Started" guide of GAE with Python uses the webapp framework. However, it seems like it uses Django to render templates. Does that mean that I can use the Django template engine without using its application framework?

    Read the article

  • Should custom data elements be stored as XML or database entries?

    - by meteorainer
    There are a ton of questions like this, but they are mostly very generalized, so I'd like to get some views on my specific usage. General: I'm building a new project on my own in Django. It's focus will be on small businesses. I'd like to make it somewhat customizble for my clients so they can add to their customer/invoice/employee/whatever items. My models would reflect boilerplate items that all ModelX might have. For example: first name last name email address ... Then my user's would be able to add fields for whatever data they might like. I'm still in design phase and am building this myself, so I've got some options. Working on... Right now the 'extra items' models have a FK to the generic model (Customer and CustomerDataPoints for example). All values in the extra data points are stored as char and will be coerced/parced into their actual format at view building. In this build the user could theoretically add whatever values they want, group them in sets and generally access them at will from the views relavent to that model. Pros: Low storage overhead, very extensible, searchable Cons: More sql joins My other option is to use some type of markup, or key-value pairing stored directly onto the boilerplate models. This coul essentially just be any low-overhead method weather XML or literal strings. The view and form generated from the stored data would be taking control of validation and reoganizing on updates. Then it would just dump the data back in as a char/blob/whatever. Something like: <datapoint type='char' value='something' required='true' /> <datapoint type='date' value='01/01/2001' required='false' /> ... Pros: No joins needed, Updates for validation and views are decoupled from data Cons: Much higher storage overhead, limited capacity to search on extra content So my question is: If you didn't live in the contraints impose by your company what method would you use? Why? What benefits or pitfalls do you see down the road for me as a small business trying to help other small businesses? Just to clarify, I am not asking about custom UI elements, those I can handle with forms and template snippets. I'm asking primarily about data storage and retreival of non standardized data relative to a boilerplate model.

    Read the article

  • How to allow my Asp.net MVC 3 web app using MathJax to accept user input $x<y>z$ ?

    - by Recycle Bin
    I am developing a mathematics site using Asp.Net MVC 3 + Razor + MathJax. MathJax is a javascript library to render TeX or LaTeX codes on the web browser. And TeX or LaTeX codes represent mathematics contents such as an inline math $y=mx+c$ and a displayed math \[y=mx+c\]. Right now my site can accept input, for example, $x<y$. However it cannot accept $x<y>z$ because the framework regards this input is vulnerable to XSS and XSRF. Shortly speaking, what I should do to accomplish what I want but it does not open security vulnerability.

    Read the article

  • How to use Zend Framework Form Hash (token) with AJAX

    - by nvoyageur
    I have included Zend_Form_Element_Hash into a form multiplecheckbox form. I have jQuery set to fire off an AJAX request when a checkbox is clicked, I pass the token with this AJAX request. The first AJAX request works great, but the subsequent ones fail. I suspect it may be once the token has been validated it is then removed from the session (hop = 1). What would be your plan of attack for securing a form with Zend Framework Hash yet using AJAX to complete some of these requests?

    Read the article

  • How do I solve an AntiForgeryToken exception that occurs after an iisreset in my ASP.Net MVC app?

    - by Colin Newell
    I’m having problems with the AntiForgeryToken in ASP.Net MVC. If I do an iisreset on my web server and a user continues with their session they get bounced to a login page. Not terrible but then the AntiForgery token blows up and the only way to get going again is to blow away the cookie on the browser. With the beta version of version 1 it used to go wrong when reading the cookie back in for me so I used to scrub it before asking for a validation token but that was fixed when it was released. For now I think I’ll roll back to my code that fixed the beta problem but I can’t help but think I’m missing something. Is there a simpler solution, heck should I just drop their helper and create a new one from scratch? I get the feeling that a lot of the problem is the fact that it’s tied so deeply into the old ASP.Net pipeline and is trying to kludge it into doing something it wasn’t really designed to do. I had a look in the source code for the ASP.Net MVC 2 RC and it doesn't look like the code has changed much so while I haven't tried it, I don't think there are any answers there. Here is the relevant part of the stack trace of the exception. Edit: I just realised I didn't mention that this is just trying to insert the token on the GET request. This isn't the validation that occurs when you do a POST kicking off. System.Web.Mvc.HttpAntiForgeryException: A required anti-forgery token was not supplied or was invalid. ---> System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster. ---> System.Web.UI.ViewStateException: Invalid viewstate. Client IP: 127.0.0.1 Port: 4991 User-Agent: scrubbed ViewState: scrubbed Referer: blah Path: /oursite/Account/Login ---> System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed. at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) --- End of inner exception stack trace --- --- End of inner exception stack trace --- at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) at System.Web.UI.ViewStateException.ThrowMacValidationError(Exception inner, String persistedState) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) at System.Web.Mvc.AntiForgeryDataSerializer.Deserialize(String serializedToken) --- End of inner exception stack trace --- at System.Web.Mvc.AntiForgeryDataSerializer.Deserialize(String serializedToken) at System.Web.Mvc.HtmlHelper.GetAntiForgeryTokenAndSetCookie(String salt, String domain, String path) at System.Web.Mvc.HtmlHelper.AntiForgeryToken(String salt, String domain, String path)

    Read the article

  • runtime loading of ValidateAntiForgeryToken Salt value

    - by p.campbell
    Consider an ASP.NET MVC application using the Salt parameter in the [ValidateAntiForgeryToken] directive. The scenario is such that the app will be used by many customers. It's not terribly desirable to have the Salt known at compile time. The current strategy is to locate the Salt value in the web.config. [ValidateAntiForgeryToken(Salt = Config.AppSalt)] //Config.AppSalt is a static property that reads the web.config. This leads to a compile-time exception suggesting that the Salt must be a const at compile time. An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type How can I modify the application to allow for a runtime loading of the Salt so that the app doesn't have to be re-salted and recompiled for each customer? Consider that the Salt won't change frequently, if at all, thereby removing the possibility of invalidating form

    Read the article

  • Is using GET with a tokenID for security a good idea?

    - by acidzombie24
    I was thinking about this and it appears POST only a little less vulnerable and somewhat harder (do to requiring the user to click something). I read about token ids and double submitted cookies and i am not sure what the difference is http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Disclosure_of_Token_in_URL http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies Right now i have the user id (PK in my table) and a session id so you cant simply change your cookie ID and act like someone else. Now it seems like i put the session id as a token in each of my forms and check them bc attackers cant guess these tokens. However i dislike the idea of putting the session id into the page for ppl to see. But really, is there a problem with that? short of having the user copy/pasting the html is there any attacks that can happen due to the session id being in plain view in html?

    Read the article

  • Apache2 Modpython : IOError: Write failed, client closed connection.

    - by llazzaro
    This is the error : [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] mod_python (pid=9528, interpreter='realpage.com', phase='PythonHandler', handler='django.core.handlers.modpython'): Application error [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] ServerName: 'realpage.dom' [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] DocumentRoot: '/htdocs' [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] URI: '/' [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] Location: '/' [Mon Mar 01 12:19:50 2010] [error] [client XXX.XX.248.60] Directory: None [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] Filename: '/htdocs' [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] PathInfo: '/' [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] Traceback (most recent call last): [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line 1537, in HandlerDispatch\n default=default_handler, arg=req, silent=hlist.silent) [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line 1229, in _process_target\n result = _execute_target(config, req, object, arg) [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line 1128, in _execute_target\n result = object(arg) [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] File "/usr/lib/python2.5/site-packages/django/core/handlers/modpython.py", line 228, in handler\n return ModPythonHandler()(req) [Mon Mar 01 12:19:50 2010] [error] [client XXX.XXX.248.60] File "/usr/lib/python2.5/site-packages/django/core/handlers/modpython.py", line 220, in call\n req.write(chunk) [Mon Mar 01 12:19:50 2010] [error] [client XXX.XX.248.60] IOError: Write failed, client closed connection. Please! I am sure you need more information in order to find the bug, please tell me what and how to get it. The error is throwing every time!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 98 99 100 101 102 103 104 105 106 107 108 109  | Next Page >