Feeds:
Posts
Comments

Posts Tagged ‘django’

Updates from django-licenses:

Enjoy.

Advertisements

Read Full Post »

django-licenses is my first contribution to the django open source community! Check you the examples.

Hooray 🙂

Read Full Post »

I recently switched from the django svn trunk to the newforms-admin branch — mainly because I wanted more control over the querysets, which are used in the admin interface. In the end I had to patch the code myself to get it working, but the newforms-admin has a few other advantages (and disadvantages).

Advantages

Everything is written in newforms. For administrative purposes this doesn’t really makes any difference, but for django.contrib.auth it does. Till now login and password reset/change forms where using oldforms too and that was very annoying. With the newforms branch you can easily add all this nice admin features to your page.

For example, to add a “Password forgotten” feature, all you have to do is add some URL patterns:

File: yourproject/urls.py

from django.conf.urls.defaults import *
from django.contrib.auth.views import *
urlpatterns = patterns('',
    # ...
    url(r'^password/reset/$', password_reset, name='reset_password'),
    url(r'^password/reset/done/$', password_reset_done),
)

And make you own template:

File: registration/password_reset_form.html

{% extends "base.html" %}
{% block content %}
    <form action="." method="post">
        <table>
            {{ form.as_table }}
        </table>
        <p><input type="submit" value="Reset password" /></p>
    </form>
{% endblock %}

You’ll also need a registration/password_reset_done.html template and if you don’t like the default message a registration/password_reset_email.html template.

Done.

Disadvantages

Since the Admin class is decoupled from the model classes, you’ll have to change all your models to get them working with the new system. Sounds harder than it is. All you have to do is make a new class, register it with the administration system and copy the contents of you model’s Admin subclass to the new one:

from django.contrib import admin
class BlogAdmin(admin.ModelAdmin):
    prepopulated_fields = {'slug': ('title',)}
    list_display = ('title', 'author')
    date_hierarchy = 'published'
admin.site.register(Blog, BlogAdmin)

If you use third party add-ons like django-tagging or django-registration they will not appear in you administration, but they will still work. Only a few apps are backwards incompatible.

Here’s a list of apps that I use:

App Compatible Admin Support
django.contrib.* yes yes
django-registration yes no¹
django-tagging yes no¹
django-robots no² no²

¹ There is no newforms-admin support, but with this app you don’t really need one.
² I submitted a patch to introduce newforms-admin support.

Apps that don’t use models are always compatible and, obviously, don’t need the admin interface.

See also:

Read Full Post »

A little demonstration how to use textile and djangos (free)comment system to “take over” a site:

%{display: block; position: absolute !important; top: 25px; left: 25px; z-index: 100; background-color: red; font-size: 50px;}Your text here ... site hacked%

Textile allows CSS per default -> you can do anything with CSS -> so it’s quite easy to position any amount of HTML code anywhere on the site… Bad textile!!! Give it a try and post the code example from above on your favorite textile powered site.

Apart of being a fun hack, it could be used to exploit users by overloading links, so that they point to phishing sites.  So don’t allow untrusted people to use textile markup!

Read Full Post »

textile hacked, part 1

While writing my little django blog, I first encountered textile. So far so good. Very nice. But not perfect 🙂 So the first of my hacks was to implement a django template filter version of textile that supported head_offset.

If you want it too, simply change django/contrib/markup/templatetags/markup.py from

return mark_safe(force_unicode(textile.textile(smart_str(value), encoding='utf-8', output='utf-8')))

to

return mark_safe(force_unicode(textile.textile(smart_str(value), encoding='utf-8', output='utf-8', head_offset=settings.MARKUP_HEAD_OFFSET)))

Don’t forget to set something like MARKUP_HEAD_OFFSET = 2 in your settings.py.

voilà!

Read Full Post »