diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index cd0c5da4..b0c9a359 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -18,6 +18,7 @@ jobs: - "3.9" - "3.10" - "3.11" + - "3.12" steps: - uses: actions/checkout@v3 diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 74a5dc1b..27a68900 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -6,7 +6,21 @@ Change log `Next version`_ ~~~~~~~~~~~~~~~ -.. _Next version: https://github.com/feincms/feincms/compare/v23.8.0...main +v24.4.0 (2024-04-08) +~~~~~~~~~~~~~~~~~~~~~ + +- Fetched the CSRF token value from the input field instead of from the cookie. + This allows making the CSRF cookie ``httponly``. Thanks to Samuel Lin for the + contribution! + + +v23.12.0 (2023-12-22) +~~~~~~~~~~~~~~~~~~~~~ + +- Added Python 3.12, Django 5.0. +- Closed images after reading their dimensions. Raised the logging level to + exception when thumbnailing fails. Thanks to Jeroen Pulles for those two + contributions! `v23.8.0`_ (2023-08-07) diff --git a/feincms/__init__.py b/feincms/__init__.py index b3462a34..8edbdbb1 100644 --- a/feincms/__init__.py +++ b/feincms/__init__.py @@ -1,4 +1,4 @@ -VERSION = (23, 8, 0) +VERSION = (24, 4, 0) __version__ = ".".join(map(str, VERSION)) diff --git a/feincms/module/medialibrary/modeladmins.py b/feincms/module/medialibrary/modeladmins.py index 64fe8db7..721b97c0 100644 --- a/feincms/module/medialibrary/modeladmins.py +++ b/feincms/module/medialibrary/modeladmins.py @@ -169,7 +169,7 @@ def file_type(self, obj): except NotImplementedError: return t try: - d = get_image_dimensions(obj.file.file) + d = get_image_dimensions(obj.file.file, close=True) if d: t += " %d×%d" % (d[0], d[1]) except (OSError, TypeError, ValueError) as e: diff --git a/feincms/static/feincms/tree_editor.js b/feincms/static/feincms/tree_editor.js index 8f69c9c6..e9773172 100755 --- a/feincms/static/feincms/tree_editor.js +++ b/feincms/static/feincms/tree_editor.js @@ -9,7 +9,7 @@ feincms.jQuery.ajaxSetup({ crossDomain: false, // obviates need for sameOrigin test beforeSend(xhr, settings) { if (!/^(GET|HEAD|OPTIONS|TRACE)$/.test(settings.type)) { - xhr.setRequestHeader("X-CSRFToken", Cookies.get("csrftoken")) + xhr.setRequestHeader("X-CSRFToken", document.querySelector('input[name="csrfmiddlewaretoken"]').value); } }, }) diff --git a/feincms/templatetags/feincms_thumbnail.py b/feincms/templatetags/feincms_thumbnail.py index de4cd9a2..c284392a 100644 --- a/feincms/templatetags/feincms_thumbnail.py +++ b/feincms/templatetags/feincms_thumbnail.py @@ -97,12 +97,7 @@ def __str__(self): miniature=miniature, ) except Exception as exc: - logger.warning( - "Rendering a thumbnail failed: %r", - exc, - exc_info=True, - extra={"stack": True, "exception": exc}, - ) + logger.exception("Rendering a thumbnail failed: %s", exc) # PIL raises a plethora of Exceptions if reading the image # is not possible. Since we cannot be sure what Exception will # happen, catch them all so the thumbnailer will never fail. diff --git a/setup.cfg b/setup.cfg index a3656273..bdee4d2e 100644 --- a/setup.cfg +++ b/setup.cfg @@ -19,11 +19,11 @@ classifiers = Operating System :: OS Independent Programming Language :: Python Programming Language :: Python :: 3 - Programming Language :: Python :: 3.6 - Programming Language :: Python :: 3.7 Programming Language :: Python :: 3.8 Programming Language :: Python :: 3.9 Programming Language :: Python :: 3.10 + Programming Language :: Python :: 3.11 + Programming Language :: Python :: 3.12 Programming Language :: Python :: Implementation :: CPython Topic :: Internet :: WWW/HTTP :: Dynamic Content Topic :: Software Development diff --git a/tox.ini b/tox.ini index 3fd4055b..bc00879a 100644 --- a/tox.ini +++ b/tox.ini @@ -2,6 +2,7 @@ envlist = py{38,39,310}-dj{32,41,42} py{310,311}-dj{32,41,42,main} + py{312}-dj{42,50,main} [testenv] usedevelop = true @@ -13,4 +14,5 @@ deps = dj32: Django>=3.2,<4.0 dj41: Django>=4.1,<4.2 dj42: Django>=4.2,<5.0 + dj50: Django>=5.0,<5.1 djmain: https://github.com/django/django/archive/main.tar.gz