I know this is going to sound silly but I can't find what's wrong.
I am using the built in views for user auth and logging in and loggin out respectively switches the language to the non default language for the current session.
I have two languages, setup according to documentation on Djangoproject site i.e. in locale folder and there are .mo files and everything. Fine.
I have a form based language switch that enables language switch for any user that posts to /i18n/setlang
So, my question is, how come it seems to "POST" to switch language when I do a logout or a login (which I guess are both POST's as well).
Thanks for shedding any light possible on this.
EDIT: I should add that it never switches back. It only switches languages in one direction i.e. to the language that is not default.
EDIT2: Not that I think it will attract any more answers but here's the code for my language switcher (it switches on the fly via jQuery. The problems is STILL that it goes to Deutch language and stays there whenever I logout (logout is handled by the logout view in Django).
<ul>
<li>
<form name="setLangen" action="/i18n/setlang/" method="POST"><div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='871Y71JyfG9WcieiKr8jjwe4j37IkIfq' /></div>
<input name="next" type="hidden" value="/" />
<input type="hidden" name="language" value="en" />
English
</form>
</li>
<li>
<form name="setLangde" action="/i18n/setlang/" method="POST"><div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='871Y71JyfG9WcieiKr8jjwe4j37IkIfq' /></div>
<input name="next" type="hidden" value="/" />
<input type="hidden" name="language" value="de" />
Deutch
</form>
</li>
</ul>
I would guess that you keep language setting in the session, and when user logs out, session is gone and you're back to default lang.
OK. So here's the answer. I thought I'd write it down since someone else CAN end up in this situation.
The problem was that I had switched the order between django locale middleware and the middleware own my own that takes away the brwoser selected language. Need to keep your own interception before Django takes it over and sets the language to whatever the browser tells it to (which is a really weird default behavior in any case).
Hope it helps someone.
'myapp.middleware.ForceDefaultLanguageMiddleware', # <-- BEFORE django locale!!
'django.middleware.locale.LocaleMiddleware',
Related
I need help with some concepts.
In my Django web app, users write content and other users upvote/downvote the said content. Standard stuff.
The voting used to happen via POST. E.g. something akin to this:
<form method="POST" action="{% url 'vote' %}" class="vote_form">
{% csrf_token %}
<input type="hidden" id="id_link" name="link" class="hidden_id" value="{{ link.pk }}">
<input type="hidden" id="id_voter" name="voter" class="hidden_id" value="{{ user.pk }}">
<input type="hidden" id="id_page" name="section_number" value="{{ forloop.counter }}">
<input class="voting" type="submit" name="val" value="upvote"><br>
<input class="voting" type="submit" name="val" value="downvote">
</form>
The voting now happens via simply the following:
upvote<br>
downvote
My two questions are:
1) All else equal (ceteris paribus), is there any difference in these two methods in terms of security? I ran Wapiti (a security scanner) on my website; the latter method popped several security risks (SQL injection, Blind SQL injection, etc) whereas the former method comes out completely clean (but yes, I did change some underlying code as well).
2) The former method left a POST log entry in nginx logs. How would the latter method show up in nginx logs? GET?
There's nothing insecure in your code, but that still doesn't make it a good idea.
Generally you should avoid doing actions that affect the database on a GET. One possible consequence is that if a search engine crawled your site, it would follow the voting links and cause votes to actually be registered; this wouldn't happen with your original code, because search engines don't submit forms.
When working with Coldfusion 9 and cfform with a HTML format, I place a cfinput on a page with a label, it displays the label to the right of the text box. I have tried using the tag, with and without it but no matter what I do, the label is always to the right of the box.
<cfform method="post" name="mfForm" >
<label for="campaign">Mailfile ID:</label>
<cfinput type="text" name="campaign" id="campaign">
<cfinput type="submit" name="submit" value="Submit" id="submit">
</cfform>
Don't ever remember having this problem before recently. I would just use an HTML form, but want to take advantage of cf's autosuggest.
I hate to say it, but frankly quirks like this are why many people suggest ditching the built-in ajax features and using the underlying libraries (or some jQuery alternative) directly. You will have greater control, more choices, not to mention you will not be tied to whatever version ships with ColdFusion. Most of these libraries are updated frequently, so within a year the ones bundled with CF are often out of date. ExtJS is a good example. The public version is already up to version 4.2.1, but CF9 still uses 3.1.0.
Anyway, getting back to your question ... if you do a view source you will see CF generates several div tags, one of which contains the style="float:left" directive, which could explain the behavior you are seeing.
I did a quick search and happened upon a note in the the CF8 docs which suggest a hack for datefields which may also apply here:
To correctly display label text next to the control in both Internet Explorer and Firefox, you must surround the label text in a
<div style="float:left;"> tag and put three <br> tags between each
line.
Simply adding the div seems to work for me with the sample you posted:
<cfform method="post" name="mfForm" >
<div style="float:left;">
<label for="campaign">Mailfile ID:</label>
</div>
<cfinput type="text" name="campaign" id="campaign" autosuggest="AA,BBB,CCC,DDD">
<cfinput type="submit" name="submit" value="Submit" id="submit">
</cfform>
But again, you might want to consider using the javascript libraries directly instead of relying on the built-in ajax features, so you can avoid weirdness like this.
I'm just getting started with Django, and I'm trying to use built-in features as much as possible. As such, for user login, I'm using the built-in login view, and assigning it to the base url of my site:
urlpatterns=patterns('django.contrib.auth.views',
url(r'^/$','login',{'template':'mytemplate.html'}),
mytemplate.html looks something like this:
<!DOCTYPE html>
<html>
<body>
{%if form.errors %}
<p> Invalid username/password combination, please try again </p>
{% endif %}
<h1>Welcome to My Site!</h1>
<form action="{% url django.contrib.auth.views.login %}" method="post">
{% csrf_token %}
{{form.username.label_tag}}{{form.username}}
{{form.password.label_tag}}{{form.password}}
<input type="submit" id="submit" name="submit" value="Sign in" />
<input type="hidden" name="next" value="{{ next }}" />
</form>
forgot username/password<br />
new user
</body>
</html>
my problem is, the template doesn't appear to be getting passed any of the context it's supposed to. In the rendered HTML, all of my variable tags simply disappear (i.e. rather than being replaced by the appropriate values, thay are replaced with nothing).
I imagine I'm skipping some critical step, but I can't figure out what it is. Any ideas?
You need to change from 'template' to 'template_name'
urlpatterns=patterns('django.contrib.auth.views',
url(r'^/$','login',{'template_name':'mytemplate.html'}),
https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.login
Try removing the template name from your url configuration. Django will then fall back to a standard template, that way you can see if you screwed up the template somehow or if something else is wrong.
My next guess would be to check your settings for the TEMPLATE_CONTEXT_PROCESSORS. If you have defined any of them, be sure to include
"django.contrib.auth.context_processors.auth",
If you haven't defined any, django will use a standard tuple, which allready includes the auth processor.
I'm trying to do some pretty basic form posts with Django, but whenever I try to click on the button to submit the information nothing happens. No errors or messages of any kind show up in terminal or in developer in Chrome. There is no JS on this page just straight html:
<form method="post" action="/">
{% csrf_token %}
<input type="text" id="name" name="name"/>
<input type="text" id="password" name="password"/>
<input type="button" value="Sign Up!"/>
</form>
My view for this page is pretty straightforward as well:
def sign_up(request):
return render_to_response('portal/signup.html', context_instance=RequestContext(request))
I'm really baffled as to what is going on, I've been following this to learn authentication. Everything works but I thought adding a "create user" would be a next step. I can't seem to get any form of any kind to work on other pages as well.
Any help would be great, I'm going crazy!
I think that your problem is that you're using
<input type="button" value="Sign Up!"/>
instead of
<input type="submit" value="Sign Up!"/>
the input submit will send all the form data to the server, the input button won't.
You can learn a little bit more about forms here : http://www.w3schools.com/html/html_forms.asp
I try to post value of input buttons in Django but I couldn't
This is my template
<form id="ReviewRateForm" method="post" action="/review/post/rate/">
<input type="button" hint="V1" title="V" value="1" id="radio{{ forloop.counter }}-1" type="button" name="qid[{{forloop.counter}}]"></input>
<input type="button" hint="V1" title="V" value="2" id="radio{{ forloop.counter }}-1" type="button" name="qid[{{forloop.counter}}]"></input>
<input type="button" hint="V1" title="V" value="1" id="radio{{ forloop.counter }}-1" type="button" name="qid[{{forloop.counter}}]"></input>
</form>
However, when I debug it I couldn't reach the values of that input buttons in my view.
What is the problem or how can I overcome it?
The values can be accessed by the name of the input from request.POST. However, you're dynamically naming the inputs, which is going to make things more complicated when you go to retrieve those values.
Example without taking into consideration the dynamic naming:
quid1 = request.POST.get('quid1')
The problem might be with your browser rather than with django.
If you use the button element in an HTML form, different browsers will submit different values. Internet Explorer will submit the text between the <button> and </button> tags, while other browsers will submit the content of the value attribute.
Update: Oh, you are not using <button> elements, I read too fast. Sorry. Then this answer is not relevant.