From aacde745f78f2a88e023ad7a4560136d2722bd5e Mon Sep 17 00:00:00 2001 From: Jeroen Pulles Date: Fri, 22 Dec 2023 14:39:56 +0100 Subject: [PATCH 1/6] Close image after reading dimensions. (#709) The mediafile admin page triggers a ResourceWarning; The warning you get to see after viewing a mediafile webpage is:: ResourceWarning: unclosed file <_io.BufferedReader name='/***/helloworld.png'> ResourceWarning: Enable tracemalloc to get the object allocation traceback Django's get_image_dimensions() leaves the file open unless you call close=True; Alternatively the admin code could do add a finally clause to the try/except and do a obj.file.close() there. But this change seems to be in the spirit of get_image_dimensions(). Co-authored-by: Jeroen Pulles --- feincms/module/medialibrary/modeladmins.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/feincms/module/medialibrary/modeladmins.py b/feincms/module/medialibrary/modeladmins.py index 64fe8db7..721b97c0 100644 --- a/feincms/module/medialibrary/modeladmins.py +++ b/feincms/module/medialibrary/modeladmins.py @@ -169,7 +169,7 @@ def file_type(self, obj): except NotImplementedError: return t try: - d = get_image_dimensions(obj.file.file) + d = get_image_dimensions(obj.file.file, close=True) if d: t += " %d×%d" % (d[0], d[1]) except (OSError, TypeError, ValueError) as e: From aa3844a76e47957292be041c523f6d4930d80893 Mon Sep 17 00:00:00 2001 From: Jeroen Pulles Date: Fri, 22 Dec 2023 14:40:09 +0100 Subject: [PATCH 2/6] Log exceptions at the exception level, instead of warning. (#708) It took me a while to notice that a Pillow upgrade went bad; If this was an exception level log statement I would have been alerted in my log watches. Co-authored-by: Jeroen Pulles --- feincms/templatetags/feincms_thumbnail.py | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/feincms/templatetags/feincms_thumbnail.py b/feincms/templatetags/feincms_thumbnail.py index 9f1b9d5d..01fa469e 100644 --- a/feincms/templatetags/feincms_thumbnail.py +++ b/feincms/templatetags/feincms_thumbnail.py @@ -97,12 +97,7 @@ def __str__(self): miniature=miniature, ) except Exception as exc: - logger.warning( - "Rendering a thumbnail failed: %r", - exc, - exc_info=True, - extra={"stack": True, "exception": exc}, - ) + logger.exception("Rendering a thumbnail failed: %s", exc) # PIL raises a plethora of Exceptions if reading the image # is not possible. Since we cannot be sure what Exception will # happen, catch them all so the thumbnailer will never fail. From 44a84b90f645645e0b43e598ac6c131e9f99fc07 Mon Sep 17 00:00:00 2001 From: Matthias Kestenholz Date: Fri, 22 Dec 2023 14:52:16 +0100 Subject: [PATCH 3/6] Add Python 3.12, Django 5.0 (#710) --- .github/workflows/tests.yml | 1 + setup.cfg | 4 ++-- tox.ini | 2 ++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index cd0c5da4..b0c9a359 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -18,6 +18,7 @@ jobs: - "3.9" - "3.10" - "3.11" + - "3.12" steps: - uses: actions/checkout@v3 diff --git a/setup.cfg b/setup.cfg index a3656273..bdee4d2e 100644 --- a/setup.cfg +++ b/setup.cfg @@ -19,11 +19,11 @@ classifiers = Operating System :: OS Independent Programming Language :: Python Programming Language :: Python :: 3 - Programming Language :: Python :: 3.6 - Programming Language :: Python :: 3.7 Programming Language :: Python :: 3.8 Programming Language :: Python :: 3.9 Programming Language :: Python :: 3.10 + Programming Language :: Python :: 3.11 + Programming Language :: Python :: 3.12 Programming Language :: Python :: Implementation :: CPython Topic :: Internet :: WWW/HTTP :: Dynamic Content Topic :: Software Development diff --git a/tox.ini b/tox.ini index 3fd4055b..bc00879a 100644 --- a/tox.ini +++ b/tox.ini @@ -2,6 +2,7 @@ envlist = py{38,39,310}-dj{32,41,42} py{310,311}-dj{32,41,42,main} + py{312}-dj{42,50,main} [testenv] usedevelop = true @@ -13,4 +14,5 @@ deps = dj32: Django>=3.2,<4.0 dj41: Django>=4.1,<4.2 dj42: Django>=4.2,<5.0 + dj50: Django>=5.0,<5.1 djmain: https://github.com/django/django/archive/main.tar.gz From ce68bdd371b6bb38005ce3b78c7969d317174f13 Mon Sep 17 00:00:00 2001 From: Matthias Kestenholz Date: Fri, 22 Dec 2023 14:54:05 +0100 Subject: [PATCH 4/6] FeinCMS v23.12.0 --- CHANGELOG.rst | 8 +++++++- feincms/__init__.py | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 74a5dc1b..c7bde06d 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -6,7 +6,13 @@ Change log `Next version`_ ~~~~~~~~~~~~~~~ -.. _Next version: https://github.com/feincms/feincms/compare/v23.8.0...main +v23.12.0 (2023-12-22) +~~~~~~~~~~~~~~~~~~~~~ + +- Added Python 3.12, Django 5.0. +- Closed images after reading their dimensions. Raised the logging level to + exception when thumbnailing fails. Thanks to Jeroen Pulles for those two + contributions! `v23.8.0`_ (2023-08-07) diff --git a/feincms/__init__.py b/feincms/__init__.py index b3462a34..944fd8de 100644 --- a/feincms/__init__.py +++ b/feincms/__init__.py @@ -1,4 +1,4 @@ -VERSION = (23, 8, 0) +VERSION = (23, 12, 0) __version__ = ".".join(map(str, VERSION)) From 3e497e4f094f618c86d4d54830486f2538b2c076 Mon Sep 17 00:00:00 2001 From: Samuel Lim Date: Mon, 8 Apr 2024 16:04:33 +0200 Subject: [PATCH 5/6] Use csrftoken on webpage instead of cookie. This allows the setting CSRF_HTTP_ONLY = True. (#711) Co-authored-by: Samuel Lim --- feincms/static/feincms/tree_editor.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/feincms/static/feincms/tree_editor.js b/feincms/static/feincms/tree_editor.js index 8f69c9c6..e9773172 100755 --- a/feincms/static/feincms/tree_editor.js +++ b/feincms/static/feincms/tree_editor.js @@ -9,7 +9,7 @@ feincms.jQuery.ajaxSetup({ crossDomain: false, // obviates need for sameOrigin test beforeSend(xhr, settings) { if (!/^(GET|HEAD|OPTIONS|TRACE)$/.test(settings.type)) { - xhr.setRequestHeader("X-CSRFToken", Cookies.get("csrftoken")) + xhr.setRequestHeader("X-CSRFToken", document.querySelector('input[name="csrfmiddlewaretoken"]').value); } }, }) From 962cc014c0eaab44903f7c649b364bd3bb9f8bc3 Mon Sep 17 00:00:00 2001 From: Matthias Kestenholz Date: Mon, 8 Apr 2024 16:06:13 +0200 Subject: [PATCH 6/6] FeinCMS v24.4.0 --- CHANGELOG.rst | 8 ++++++++ feincms/__init__.py | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c7bde06d..27a68900 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -6,6 +6,14 @@ Change log `Next version`_ ~~~~~~~~~~~~~~~ +v24.4.0 (2024-04-08) +~~~~~~~~~~~~~~~~~~~~~ + +- Fetched the CSRF token value from the input field instead of from the cookie. + This allows making the CSRF cookie ``httponly``. Thanks to Samuel Lin for the + contribution! + + v23.12.0 (2023-12-22) ~~~~~~~~~~~~~~~~~~~~~ diff --git a/feincms/__init__.py b/feincms/__init__.py index 944fd8de..8edbdbb1 100644 --- a/feincms/__init__.py +++ b/feincms/__init__.py @@ -1,4 +1,4 @@ -VERSION = (23, 12, 0) +VERSION = (24, 4, 0) __version__ = ".".join(map(str, VERSION))