![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
Quixote CHANGES
0.4.7 (18 Apr 2002):
* Move ACCESS_TIME_RESOLUTION to SessionManager class. This was another
embarrassing bug introduced in 0.4.5.
* In http_request.py, make the test that prevents stdin from being consumed
less restrictive (e.g. for PUT methods).
* Add some simple test code.
0.4.6 (12 Apr 2002):
* a last-minute patch to http_request.py just before release 0.4.5 broke
extracting form data from GET requests -- fixed that
0.4.5 (11 Apr 2002):
* The meaning of the DISPLAY_EXCEPTIONS configuration variable has
changed. It's no longer a Boolean, and instead can take three
different values:
None (or any false value) [default]
an "Internal Server Error" page that exposes no information
about the traceback
'plain'
a plain text page showing the traceback and the request variables
'html'
a more elaborate HTML display showing the local variables and a
few lines of context for each level of the traceback. (This
setting requires the cgitb module that comes with Python 2.2.)
(Idea and first version of the patch by David Ascher)
* Fixed SessionManager.expire_session() method so it actually works
(spotted by Robin Wohler).
* Fixed docs so they don't refer to the obsolete URL_PREFIX
configuration variable (spotted by Robin Wohler).
* Various other documentation tweaks and improvements.
* Fixed sample Apache rewrite rules in demo.txt and web-server.txt
(spotted by Joel Shprentz).
* Generate new form tokens when rendering a form rather then when
intializing it. This prevents an extra token from being created when
processing a valid form (suggested by Robin Wohler).
* Ensure filenames are included in SyntaxError tracebacks from PTL modules.
* Changed format of session cookies: they're now just random 64-bit
numbers in hex.
* Use HTTP 1.1 cache control headers ("Date" and "Expires") instead
of the older "Pragma: no-cache".
* In the form/widget library: make some effort to generate HTML that
is XHTML-compliant.
* New method: HTTPRequest.get_accepted_types() returns the
MIME content types a client will accept as a dictionary mapping
MIME type to the quality factor. (Example: {'text/html':1.0,
'text/plain':0.5, ...})
* Changed escape hatch for XML-RPC handlers; standard input will
only be consumed when the HTTP method is POST and the Content-Type
is either application/x-www-form-urlencoded or multipart/form-data.
* Added quixote.util module to contain various miscellaneous utility
functions. Right now, it contains a single function for
processing requests as XML-RPC invocations.
0.4.4 (29 Jan 2002):
* Simplify munging of SCRIPT_NAME variable, fixing a bug.
Depending on how Quixote was called, the path could have been
appended to SCRIPT_NAME without a separating slash. (Found by
Quinn Dunkan.)
* On Windows, set mode of sys.stdout to binary. This is important
because responses may contain binary data. Also, EOL translation
can throw off content length calculations. (Found by David Ascher)
* Added a demonstration of the form framework. (Neil)
* Added an escape hatch for XML-RPC handlers;
http_request.process_inputs() will no longer consume all of standard
input when the Content-Type is text/xml.
* Removed a debug print from form.widget.
0.4.3 (17 Dec 2001):
* Removed the URL_PREFIX configuration variable; it's not actually
needed anywhere, and caused some user confusion.
* Added FORM_TOKENS configuration variable to enable/disable
unique form identifiers. (These are useful as a measure against
cross-site request forgery [CSRF] attacks, but disabled by default
because some form of persistent session management is required,
which is not currently included with Quixote.)
* Added demonstration and documentation for the widget classes
(the first part of the Quixote Form Library).
* Added HTTPResponse.set_content_type() method.
* Fixed some minor bugs in the widget library.
* Fixed to work with Python 2.2.
* Greatly reduced the set of symbols imported by
"from quixote import *" -- it's useful for interactive sessions.
0.4.2 (14 Nov 2001):
* Made the quixote.sendmail module a bit more flexible and robust.
* Fix so it doesn't blow up under Windows if debug logging is disabled
(ie. write to NUL, not /dev/null).
* Clarified some documenation inconsistencies, and added description
of logging to doc/programming.txt.
* Fixed some places that we forgot to update when the PTL-related
modules were renamed.
* Fixed ptl_compile.py so PTL tracebacks include the full path of
source file(s).
* Fixed bug where a missing _q_index() triggered a confusing
ImportError; now it triggers a TraversalError, as expected.
* Various fixes and improvements to the Config class.
* Miscellaneous fixes to session.py.
* Miscellaneous fixes to widget classes.
* Reorganized internal PTL methods of the Form class.
* Removed the "test" directory from the distribution, since it's not
used for anything -- ie., there's no formal test suite yet ;-(
0.4.1 (10 Oct 2001):
* Made access logging a little more portable (don't depend on Apache's
REQUEST_URI environment variable).
* Work around the broken value of PATH_INFO returned by IIS.
* Work around IIS weird handling of SERVER_SECURE_PORT (for non-SSL
requests, it is set to "0").
* Reassign sys.stderr so all application output to stderr goes to the
Quixote error log.
0.4 (4 Oct 2001):
* TraversalError now takes a public and a private message, instead of
just a single message string. The private message is shown if
SECURE_ERRORS is false; otherwise, the public message is shown. See
the class docstring for TraversalError for more details.
* Add the Quixote Form Library, a basic form and widget framework
for HTML.
* Allow classes and functions inside PTL modules.
* Return a string object from templates rather than a TemplateIO
instance.
* Improve the security of session cookies.
* Don't save empty sessions.
* Detect expired sessions.
* Add the quixote.sendmail module, useful for applications that need
to send outgoing mail (as many web apps do).
* Code reorganization -- various modules moved or renamed:
quixote.util.fcgi -> quixote.fcgi
quixote.compile_template -> quixote.ptl_compile
quixote.imphooks -> quixote.ptl_import
quixote.dumpptlc -> quixote.ptcl_dump
* More code reorganization: the quixote.zope package is gone, as are
the BaseRequest and BaseResponse modules. Only HTTPRequest and
HTTPResponse survive, in the quixote.http_request and
quixote.http_response modules. All remaining Zope-isms have been
removed, so the code now looks much like the rest of Quixote. Many
internal interfaces changed.
* Added the quixote.mod_python module, contributed by Erno Kuusela
<erno@iki.fi>. Allows Quixote applications to be driven by the
Apache module mod_python, so no CGI or or FastCGI driver script is
required.
0.3 (11 Jun 2001):
* Now supports Python 2.1.
* Names of the form __*__ are reserved for Python, and 2.1 is
beginning to enforce this rule. Accordingly the Quixote special
methods have been renamed:
__access__ -> _q_access
__exports__ -> _q_exports
__getname__ -> _q_getname
index -> _q_index
* Massive changes to quixote.publisher and quixote.config, to make the
publishing loop more flexible and more easily changed by
applications. For example, it's now possible to catch the ZODB's
ConflictErrors and retry an operation.
* Added an ACCESS_LOG configuration setting, which allows setting up a
file logging every call made to Quixote.
* The error log now contains the time of each error, and a dump of the
user's session object.
* Added handy functions for getting request, session, user, etc.:
quixote.get_publisher(), quixote.get_request(),
quixote.get_session(), quixote.get_user().
* quixote.publish can now gzip-compress its output if the browser
claims to support it. Only the 'gzip' and 'x-gzip' content
encodings are supported; 'deflate' isn't because we couldn't get it
to work reliably. Compression can be enabled by setting the
'compress_pages' config option to true.
* Some fixes and minor optimizations to the FCGI code.
* Added HTTPRequest.get_encoding() method to find the encodings a
client accepts.
0.2 (16 Jan 2001):
* Only pass HTTPRequest object to published functions. The
HTTPResponse object is available as an attribute of the request.
* Removed more unused Zope code from HTTPRequest. Add redirect()
method to HTTPRequest.
* Simplify HTTPResponse. __init__() no longer requires the server
name. redirect() requires a full URL.
* Fix a bug in the PTL compiler. PTL modules can now have doc
strings.
* Added a config parser. Individual Quixote applications can now have
their own configuration settings (overriding the Quixote defaults).
See the config.py module for details.
* Re-wrote the exception handling code for exceptions raised inside of
published functions.
* Non-empty PATH_INFO is no longer supported. __getname__ or query
strings are a cleaner solution.
* Add FIX_TRAILING_SLASH option and make code changes to carefully
preserve trailing slashes (ie. an empty component on the end of
paths).
* Session management has been over-hauled. DummySessionManager can be
used for applications that don't require sessions.
* Set Content-length header correctly in HTTPResponse object
* Added a demo application.
0.1:
* Officially given a license (the Python 1.6 license, so it's free
software).
* Added SECURE_ERRORS variable to prevent exception tracebacks from
being returned to the Web browser
* Added a __getname__() function to traversal, which is called if the
current name isn't in the current namespace's export list. This
allows interpolation of arbitrary user object IDs into the URL,
which is why it has to circumvent the __exports__ check: the object
IDs won't be known until runtime, so it would be silly to add them
to __exports__. Very useful and powerful feature, but it has
security implications, so be careful!
* compile_template.py should now work for both Python 1.5.2 or 2.0.
* Better reporting of syntax errors in PTL
* Always assume regular CGI on Windows
0.02 (12 Aug 2000):
* Neil Schemenauer has completely rewritten the PTL compiler and
changed the syntax to match Python's. The compiler now relies on
Jeremy Hylton's compiler code from the Python 2.0 CVS tree.
* Added functions to quixote.sessions: get_session(), has_session(),
get_app_state()
* Simplified reload-checking logic
* Added .browser_version() method to HTTPRequest
* Various bugfixes
* session classes slightly tweaked, so you can subclass them
* Added .session attribute to request object
* Added quixote.errors module to hold exceptions
0.01:
* Initial release.