November archive

"OR" query support

November 30, 2005

We've added "OR" query support to the Django database API, in the Django development version.

It supported OR queries previously, but it wasn't documented because it wasn't elegant enough. We're happy with the new solution, which was discussed by a bunch of people and implemented by Hugo. Thanks, Hugo!

Read all about it here.

How to contribute to Django

November 28, 2005

One of the most gratifying aspects of open-source is seeing all the amazing contributions roll in from the community — the AUTHORS file mentions almost 60 names! We're eager to keep this level of community involvement going, so we've added some information on how to contribute to Django.

This document covers a number of points, including:

We hope this will make it even easier for people to make the jump from Django users to Django developers — it's a wonderful community, so come on in!

Simpler URLconfs

November 28, 2005

In case you missed it in yesterday's "week in review" entry, we've made an improvement to the URLconf-parsing system so that you can specify URLs using non-named groups as an alternative to named groups.

For example, here's how the old (but still supported) syntax looked:

urlpatterns = patterns('',
    (r'^articles/2003/$', 'news.views.special_case_2003'),
    (r'^articles/(?P<year>\d{4})/$', 'news.views.year_archive'),
    (r'^articles/(?P<year>\d{4})/(?P<month>\d\d)/$', 'news.views.month_archive'),
    (r'^articles/(?P<year>\d{4})/(?P<month>\d\d)/(?P<day>\d\d)/$', 'news.views.article_detail'),

And here's the equivalent using the new non-named group syntax:

urlpatterns = patterns('',
    (r'^articles/2003/$', 'news.views.special_case_2003'),
    (r'^articles/(\d{4})/$', 'news.views.year_archive'),
    (r'^articles/(\d{4})/(\d\d)/$', 'news.views.month_archive'),
    (r'^articles/(\d{4})/(\d\d)/(\d\d)/$', 'news.views.article_detail'),

To capture something, just put parenthesis around it. Of course, you can still use named groups.

If your URLconf uses non-named groups (with simple parenthesis, as in the second example), the captured values will be passed to your view as positional arguments -- so you'll need to make sure the arguments to your view function are in the same order as they appear in the URL. If your URLconf uses named groups (as in the first example), the captured values will be passed as keyword arguments -- so the order doesn't matter.

Read the full documentation.

Thanks to Aaron Swartz for originally suggesting this improvement!

Week in review

November 27, 2005

Here are the highlights of Django improvements this week, in chronological order. There were quite a few big improvements; momentum has never been better, and things are moving very quickly!

  • Revision 1331 -- The static.serve view no longer opens files in text mode (which was a Windows bug). Thanks, Eugene.
  • Revision 1349 -- Added an {% include %} template tag, which lets you include other templates. See the full documentation. Thanks, Robert Wittams.
  • Revision 1351 -- Changed debug views to use text/html mime-type instead of DEFAULT_CONTENT_TYPE. Thanks, Sune.
  • Revision 1354 -- Added The "contrib" add-ons documentation.
  • Revision 1355 -- The middleware loader now throws a better error for a MIDDLEWARE_CLASSES value without a dot. Thanks, Noah Slater.
  • Revision 1374 -- The timesince utility (and accompanying template tag) now supports microseconds. Thanks, Aaron Swartz.
  • Revision 1376 -- Added better error handling for trailing periods in URLconf include()s.
  • Revision 1379 -- Added pretty template errors. See the weblog entry. Thanks, Robert.
  • Revision 1400 -- Added a "Template-loader postmortem" section on pretty debug pages when TemplateDoesNotExist is raised. Thanks for the idea, David Ascher.
  • Revision 1402 -- Fixed Windows-specific path bug in static.serve view. Thanks, Thanks, Petar Marić and nesh.
  • Revision 1410 -- Added template tag decorators simple_tag and inclusion_tag, which make it easy to create custom tags. Thanks, Robert.
  • Revision 1428 -- Added an AUTHORS file, which is inevitably incomplete.
  • Revision 1429 -- Fixed bug when doing django-admin.py sqlclear with SQLite. Thanks, ye7cakf02.
  • Revision 1434 -- Merged the new-admin branch! This essentially makes it easy to customize the admin and reuse parts of it in your own apps. Look for more information in an upcoming blog entry.
  • Revision 1438 -- Made a more helpful error for a list_filter error. Thanks, Tom Tobin.
  • Revision 1440 -- Added a "login_url" argument to the user_passes_test view decorator. See the docs.
  • Revision 1442 -- Made the WSGI handler tolerant of no QUERY_STRING in os.environ. Thanks, michael.mcewan.
  • Revision 1443 -- Made the template system scoped to the parser instead of the template module. Also changed the way tags/filters are registered and added support for multiple arguments to {% load %} tag. This is a backwards-incompatible change for people who have created custom template tags or filters. See the backwards-incompatible changes page for upgrade information.
  • Revision 1454 -- Added How to serve static files documentation.
  • Revision 1470 -- URLconf regex captures no longer have to be named groups -- you can use simple parenthesis rather than named groups. Old URLconfs (with named groups) still work. See the docs. This is backwards-incompatible if you've defined custom middleware with a process_view function. See the backwards-incompatible changes page for upgrade information.
  • Revision 1474 -- Added optional arguments to "django-admin.py createsuperuser", so you can create users noninteractively in shell scripts. Thanks for the patch, bjorn.

In other Django news:

Serving static files

November 27, 2005

A commonly asked question is how to serve static files with Django. Here's the answer, finally documented.

Check out the new How to serve static files documentation.

Django presentation made available

November 25, 2005

As we mentioned last week, Simon Willison presented Django in London. It went quite well, by all accounts, and Simon has made his presentation available.

Here's a direct link to the presentation, which is a PDF file.

Pretty template error pages

November 23, 2005

Thanks to Django ninja Robert Wittams and our resident design guru Wilson Miner, Django now has pretty error pages for template syntax errors.

You probably already know that Django displays pretty error pages for tracebacks if your DEBUG setting is set to True. We added this about a week ago.

Now, we've added a TEMPLATE_DEBUG setting. Set it to True, and the pretty error pages will display a relevant template snippet, with the offending line highlighted, for any TemplateSyntaxError.

Of course, note this change applies to the Django development version. It'll be rolled into 0.91 when that's released.

Django at PyCon

November 22, 2005

The next PyCon, to be held in Dallas in February 2006, will feature two Django talks:

Also, the "Agile Documentation: using tests as documentation" session will present Django's automatically-generated documentation/testing system.

Jacob, Simon and I were all at PyCon last year and had a blast. We highly recommend it!

Week in review

November 20, 2005

This week saw our first official release and a host of improvements. Here are the highlights of what happened, in chronological order.

  • Revision 1233: Django's 404 and 500 (server error) pages in debug mode are now beautiful and much more informative than before.
  • Revision 1247:: Added a direct_to_template generic view, which simply renders a given template and passes it parameters from the URL. See the docs.
  • Revision 1249: Added a redirect_to view, which simply redirects to a given page. See the docs.
  • Revision 1253: Improved the FormWrapper class so that iteration through formfields is now possible.
  • Revision 1258: Changed the django-admin.py startapp command to create a views.py file instead of a views package. This keeps things simpler. Of course, you can still put views inside a views package, or in any other Python module on your Python path.
  • Released Django 0.90!
  • Revision 1274: Fixed a bug in quoting of the "select" keyword in the database API. Thanks, Hugo.
  • Revision 1275: For admin list_display functions without a short_description, Django now converts underscores to spaces. Thanks, Aaron Swartz.
  • Revision 1281: Added some handy RSS configurations for the as-of-yet-undocumented comments framework.
  • Revision 1291: Beefed up the URLconf docs. Give 'em a read!
  • Revision 1296: Changed the flatpages app so that it doesn't throw a 404 exception when DEBUG=True. Thanks, Hugo.
  • Revision 1297: Fixed a namespace bug in the new 500 error view. Thanks, rjwittams.
  • Revision 1303: Added a SESSION_SAVE_EVERY_REQUEST setting.
  • Revision 1313: Fixed the long-standing bug with OneToOneFields.
  • Revisions 1314 and 1323: Improved the model validator to validate FloatFields and unique_together, respectively.
  • Revision 1326: Fixed a bug in the treatment of underscores and percent signs in the SQLite backend.
  • Revision 1327: Improved the password security in the authentication framework. See the weblog entry.

In other Django news:

Extra security for passwords

November 20, 2005

We've added extra security to the stored passwords in Django's authentication system. Thanks to a patch from GomoX, passwords are now stored with a salt and use SHA-1 encryption instead of MD5.

This change is backwards-incompatible, because two things have changed: the name of the database field (changed from "password_md5" to "password") and the length of the field (from 32 to 128). See the backwards-incompatible changes page for information on how to change your database. It's an easy update.

Of course, the password data itself is backwards-compatible. If Django finds a password in the old format (encrypted as MD5), it will transparently change the password's encryption to the new format (salted SHA-1) the first time user.check_password() is successfully called.

See the new Passwords section of the authentication docs for full information.

Finally, note that this change applies only to the Django development version. If you're using Django 0.90, you won't see this change until the next release.

Chicago Django/Rails meetup

November 17, 2005

If you're in the area, you should come to Snakes and Rubies, a meeting of Python and Ruby Web programmers on Dec. 3 in Chicago.

David Heinemeier Hansson of Ruby on Rails will be presenting his creation, and I'll be presenting Django. We'll have spirited discussion, answer questions, etc. It should be quite fun.

I don't believe pre-registration is necessary; you can just show up.

UPDATE: Django developer Jacob Kaplan-Moss is coming up from Kansas to be there, too!

Introducing Django 0.90

November 16, 2005

Since we made Django open source, we've had an amazingly productive couple of months. But the code has always been in development status -- available only via revision control.

Now, our first release is ready.

Django 0.90, available as a tarball or as a Python egg, is the current Django code, packaged up for distribution.

See the install guide.

We're especially excited that getting Django no longer requires installing Subversion. :-)

Note that there's still no guarantee of backwards-compatibility between Django releases at this point. Our goal is to knock off the major items on this list, then launch version 1.0 with a backwards-compatibility guarantee.

With that said, I should point out that migration information for each backwards-incompatible change will be documented in excruciating detail, as we've already been doing.

Feel free to ask questions on the django-users mailing list.


Week in review

November 13, 2005

It was another huge week in Django development. Here are the highlights of Django improvements this past week:

  • Revision 1224: Django now quotes all names in SQL queries. This allows you to use SQL reserved keywords as table names and column names, and it allows you to use characters such as the hyphen in your database column names. Thanks, Robin Munn and Sune.
  • Revision 1127: Added the authentication docs.
  • Various revisions: Added Bengali, Icelandic, Romanian, Swedish and Welsh translations, and updated several existing translations. Thanks to all translators and to Hugo for keeping things up-to-date!
  • Revision 1149: Improved the admin-site changelog so that it HTML-escapes items. Thanks, Tom Tobin.
  • Revision 1150: Explicitly separated the designations of "database column" and "Python model attribute" in Django models. Now, you always, use whatever name you give your columns. Before, the presence of a db_column attribute caused model object instances to use the db_column as the attribute name.
  • Revision 1151: django-admin.py sqlreset and sqlclear no longer assume the admin app is installed. Thanks, davidschein.
  • Revision 1155: Ensured get_next_by_FOO() and get_previous_by_FOO() methods don't skip or duplicate any records in the case of duplicate values. Thanks, mattycakes.
  • Revision 1158: Made the cache system fault-tolerant of OSError in unpickling session objects. Thanks, Sune.
  • Revision 1163: Entries in INSTALLED_APPS can now be of the form "django.contrib.*", which means every app under "django.contrib", one level deep.
  • Revision 1166: Moved flatpages and redirects to standalone apps in django.contrib that are NOT installed by default. See the blog entry.
  • Revision 1170: Added the Outputting CSV with Django docs.
  • Revision 1173: Changed django-admin.py to display help if invoked with no arguments. Thanks, sopel.
  • Revision 1174: Custom methods in admin.list_display can now have an allow_tags attribute, which doesn't strip tags in the methods' output. Thanks, plisk.
  • Revision 1185: Fixed a problem where errors in settings files were masked for some users in some cases. Thanks, Hugo.
  • Revision 1194: Added the shiny-new syndication (RSS and Atom) framework. See the docs and blog entry.
  • Revision 1202: Improved the isExistingURL validator not to raise ValidationError for URLs that exist but require authorization. Thanks for the report, lakin wrecker.
  • Revision 1204: Languages for language-selection can now be restricted by setting the LANGUAGES setting to some subset of the global_settings-provided list. Thanks, Hugo.

In other Django news:

London presentation this Thursday

November 13, 2005

Django cocreator Simon Willison, now a Yahoo employee, will be presenting Django to 200+ people in London on Thursday. Here's more information.

Looks like two other frameworks will also be presented: Perl's Catalyst framework, and some Ruby thing.

New RSS/Atom framework

November 11, 2005

We've added a syndication framework to Django. It makes generating RSS and Atom feeds very easy.

Man, it's so easy it probably shouldn't even be legal.

"svn update" your code to get access to it, and read all about it at the brand-new syndication-framework docs.

Here's a quick sample. This Python class creates an RSS feed of the latest entries of this weblog:

class LatestEntries(Feed):
    title = "The Django weblog"
    link = "/weblog/"
    description = "Latest news about Django, the Python Web framework."
    def items(self):
        return entries.get_list(limit=10)

This example is super-simple, but the framework is quite dynamic and allows for significant complexity.

The previous RSS framework, which was completely undocumented, has been removed/refactored completely. If you hacked things around, reverse-engineered, etc., and were actually using the previous RSS framework, your feeds will no longer work. I've documented the changes on the backwards-incompatible changes page.

Thanks to alastair, ismael, hugo, eric moritz and garthk for various patches and ideas. Enjoy!

Django desktops

November 11, 2005

Let anyone who happens to be standing over your shoulder know what kind of a programmer you are.

Choose a size

If you've got a widescreen display, just pick one that's wide enough and make sure it's centered.

Flatpages and redirects factored out

November 10, 2005

As of a code update today, flatpages and redirects, two features that have been installed with Django by default but had not been documented, are now optional add-ons. This is a backwards-incompatible change, so all Django users are advised to follow the instructions in the "Separated flatpages and redirects into standalone, optional apps" section of the backwards-incompatible changes page.

This change makes Django leaner and meaner: It cuts a bit of functionality that Django did by default but not everybody wanted to take advantage of.

If you do want to use flatpages and redirects, check out these two new pieces of documentation:

Authentication docs

November 9, 2005

We've added docs on Django's authentication system -- users, groups, permissions and messages.

It includes information on how to require user-login for a particular page, or pages, of your Django-powered site.

This has been a frequently requested piece of documentation, so we're happy to have made it available.

Of course, just like our code, we're always trying to make our documentation better. So, if you have questions, find errors or want to contribute tips/advice that you think were left out, just post a comment to the bottom of the document.

Week in review

November 6, 2005

Here are the highlights of Django improvements this past week:

  • Revision 1068: Added internationalization support! See the related blog entry and documentation. Many thanks to Hugo for this one.
  • Revision 1035: Added support for "expires" in cookies. Thanks to mark at junklight dot com.
  • Revision 1036: "contains", "startswith" and "endswith" are now case-sensitive in MySQL. Thanks to Simon Willison.
  • Revision 1037: The "ssi" template tag now displays an error message instead of failing silently, if the DEBUG setting is set to True. Thanks to Manuzhai.
  • Revision 1092: Added a "list_select_related" option to meta.Admin(). It specifies to use select_related in the change-list query. See the docs.
  • Revision 1097: The "prepopulate_from" option now does the Right Thing with funky characters that can't be in URLs: It removes 'em. Thanks to ozamosi.
  • Revision 1099: Made the session-data unpickler fault-tolerant, in case of funky pickled data. Thanks to kieranholland.
  • Revision 1106: Made e-mail address validation much more strict and accurate. Thanks to Peter Havens for digging up the monstrous, awe-inspiring regex.
  • Revision 1115: Added DATE_FORMAT, DATETIME_FORMAT and TIME_FORMAT settings, which let you specify how dates in the Django admin should be formatted. Thanks to Manuzhai again.
  • Revision 1119: Site objects are now editable in the admin.

In other Django news:

  • Ian Holsman wrote a piece of middleware that lets you hook into Apache's authentication to set the user in any Django app.
  • Yet another Django development job in the Real World got filled. Congrats to Matt Croydon for his new gig at World Online, writing Django apps on a daily basis.
  • And congrats to the folks at grono.net, a 420,000-user social-networking portal in Poland, which began its switch from Java to Django and has been thrilled with the result. Look for a detailed writeup on this soon.
  • Hugo's been working on a test framework for Django.
  • Luke Plant wrote CsrfMiddleware -- simple Cross Site Request Forgery protection. Chances are, this'll get included within Django core sooner rather than later.

Internationalization support!

November 4, 2005

It's been weeks in the making, and it's finally here: Outstanding internationalization support in Django.

Thanks to Hugo and a number of other community members, Django now has:

  • Full support for specifying translation strings -- both in Python code and in Django templates.
  • Full support for detecting users' language preferences and using the appropriate translation.
  • Support for 12 languages in validation messages, core Django models and the automatically created Django admin site.

This update is fully backwards-compatible.

We're grateful that translators have submitted translations for the following languages:

  • cs (Czech)
  • de (German)
  • en (English)
  • es (Spanish)
  • fr (French)
  • gl (Galician)
  • it (Italian)
  • no (Norwegian)
  • pt-br (Brazilian)
  • ru (Russian)
  • sr (Serbian)
  • zh-cn (Simplified Chinese)

To get started, just update your Django code and read the full internationalization docs.

If you want a quick flash of coolness, turn on the new LocaleMiddleware, change your browser's language settings to any of the other supported languages, and launch your Django admin site. Warning: Its coolness will blow your mind.

If wishes were frameworks...

November 1, 2005

A Django site.

Let's face it. Not everyone has access to clean, pragmatic frameworks.

In some parts of the world IT departments are still forcing developers to use bloated "enterprise" application servers and adhere to outdated development processes designed for an age when software development teams needed their own zip code, and agility was something only athletes and ballerinas cared about.

And in a world where shared hosting customers can wait years for their providers to install vital updates to critical packages, even independent developers aren't free to choose their own tools.

We're not going to solve this problem overnight. But we can start raising awareness now.

Even if you can't use Django, now you can show your support for change by placing one of these banners on your site.

Every click makes a difference.