Pylons Changelog ================ 1.0.2 (July 21, 2015) * In the event of a NilAccept for the language, request.languages() would throw an AttributeError exception. Fixes #24. * Encode Location HTTP header in redirect responses in UTF-8. Per RFC 3987. Refers to #15. * Remove "Post Traceback" as it was a possible XSS vector with prior versions of WebError, and the PylonsHQ site is no longer in existence to support them. 1.0.1 (August 13th, 2012) * No changes since RC1. 1.0.1RC1 (December 12, 2011) * WARNING: pylons.lib.decorators has had two functions removed: ``determine_response_charset`` and ``encode_formencode_errors``. * Updated dependencies to latest versions of Paste, PasteDeploy, and compatibility for the latest WebOb 1.2 betas. * authenticate_form allows for GET. Patch by Domen Kožar. * jsonify now properly sets charset to utf-8. * Add ability for jsonify to handle objects with a __json__ attribute using custom JSONEncoder class similar to TG2. Patch by Bob Farrell. * Added ability for __before__ to reference a callable function. Patch contributed by mverdone. * Pulled in JSON-RPC support from agentultra's pylons fork. * Apply patch for proper pylons.__version__ under Windows. Contributed by Christoph Zwerschke. * Utilize MarkupSafe for faster HTML escaping. * Fix signed cookies by using standard base64 alphabet, and prevent timing attacks on signature comparison. * Added setup of app_globals and config to Pylons config.init_app to ensure as long as the Pylons application is loaded, the app_globals and config will be appropriately initialized. * Documentation updates. 1.0 (May 27, 2010) * Minor tweak to allow proper importing of pylons. 1.0RC1 (March 1, 2010) * Switched to using Routes 1.12 with support for no longer using the odd routes singleton. * Removed pylons.middleware.StaticJavascripts, this is not used anymore. * Added more unit tests. 1.0b1 (February 5, 2010) * Removed CacheMiddleware. cache object is now setup as an attribute on the app_globals object for use where needed. * WARNING: config only supports dict access * WARNING: Method arguments no longer assigned to 'tmpl_context' by default. * WARNING: Changed default to strict_tmpl_context. * WARNING: Removed legacy pylons.c and pylons.g globals. * WARNING: Removed legacy pylons.database module. * WARNING: Removed legacy pylons.config module. * WARNING: Removed Buffet options, setup, and legacy render/render_response function from pylons.templating. This also means config no longer accepts the add_template_engine option. * WARNING: Removed legacy redirect_to function. * WARNING: @https decorator no longer accepts url_for-like arguments. * Add a "paster routes" command. This prints the mapper, which from Routes 1.12 onwards gives sensibly formatted output. * Fix unit tests on Windows * Prepare for Routes 1.12, ensure tests don't assume implicit routing 0.10 (May 27, 2010) * Fix legacy warning replacement. 0.10RC1 (March 1, 2010) * No changes to Pylons core since b1. 0.10b1 (February 5, 2010) * redirect_to is now deprecated, use redirect(url(*args, **kwargs)) instead. * url_for like args to the https decorator are now deprecated, pass it a url or a callable returning a url instead. * Changed 1.0 deprecated pylons.c, pylons.g, pylons.buffet instances to throw deprecation warnings. * Fixed etag_cache matching when the If-None-Match header contains a comma separated list of etags. Fixes #557. Thanks magicbronson. * Added tests for restcontroller with sub-directory, and fixed generated unit tests. Patches supplied by Michael van Tellingen, fixes #571. * Retain the original controller exception when thrown under environ['pylons.controller.exception'] for use in the error controller. * Fixed bug with unit tests running the app load twice during testing. Fixes #620. * Updated project templates to use actual config instance, rather than the StackedObjectProxy classes. * Changed PylonsConfig to be dict subclass, rather than DispatchingConfig subclass. 0.9.7 (February 23, 2009) * WARNING: A new option is available to determine whether or not an actions arguments should be automatically attached to 'c'. To turn off this implicit behavior in environment.py: config['pylons.c_attach_args'] = False This is set to True by default. * WARNING: Fixed a minor security hole in the default Pylons error page that could result in an XSS security hole. * WARNING: Fixed a security hole in the default project template to use the StaticURLParser to ensure arbitrary files can't be sent. * WARNING: Refactored PylonsApp to remove legacy PylonsApp, moved session/cache and routes middleware into the project template. This will require projects to be updated to include those 3 middleware in the projects middleware.py. * Added redirect, preferred over redirect_to. Takes an explicit url instead of url_for like arguments * Changed to using WebTest instead of paste.fixture for app testing. * Added render_mako_def to render def blocks within a mako template. * Changes to cache_decorator and cached_template to support Beaker API changes in version 1.1. 1.0.3 is still supported. * Fix HEAD requests causing an Exception as if no content was returned by the controller. Fixes #507. Thanks mvtellingen, Petr Kobalicek. * Fix a crash when returning the result of ``etag_cache`` in a controller. Fixes #508. * "response" flag has been removed from pylons.decorators.cache.beaker_cache, as it sends all headers along unconditionally including cookies; additionally, the flag was taking effect in all cases previously so prior versions of beaker_cache are not secure. In its place, a new option "cache_headers" is provided, which is a tuple of specific header names to be cached. It defaults to ('content-type','content-length'). * "invalidate_on_startup" flag added to beaker_cache, which provides a "starttime" to the cache such that when the application is started or restarted, the cache entry is invalidated. * Updating host to use 127.0.0.1 for development binding. * Added option to specify the controller name with a __controller__ variable in the controller's module. This name will be used for the controller class rather than the default naming scheme. * setup.py egg_info now restores projects' paster_plugins.txt, allowing paster shell to work again after the egg-info directory was lost. fixes #282. Thanks sevkin. * The paste_deploy_config.ini_tmpl template is now located at package/config/deployment.ini_tmpl for new projects. * Project's default test fixtures no longer hardcode test.ini; the ini file used can now be specified via the nosetests --with-pylons argument (defaults to test.ini in setup.cfg). fixes #400. * @validate now defaults to translating FormEncode error messages via Pylons' gettext catalog, then falls back to FormEncode's. fixes #296. Thanks Max Ischenko. * Fixed SQLAlchemy logging not working in paster shell. Fixes #363. Thanks Christoph Haas. * Added optionally engine initialization, to prevent Buffet from loading if there's no 'buffet.template_engines' in the config. * Updated minimal template to work with Tempita and other new templating changes. * Fixed websetup to parse location config file properly when the section isn't 'main'. Fixes #399. * Added default Mako filter of escape for all template rendering. * Fixed template for Session.remove inclusion when using SA. Fixed render_genshi to properly use fragment/format options. Thanks Antonin Enfrun. * Remove template engine from load_environment call. * Removing template controller from projects. Fixes #383. * Added signed_cookie method to WebOb Request/Response sub-classes. * Updated project template to setup appropriate template loader and controller template to doc how to import render. * Added documentation for render functions in pylons.templating. * Adding specific render functions that don't require Buffet. * Added forward controller.util function for forwarding the request to WSGI apps. Fixes #355. * Added default input encoding for Mako to utf-8. Suggested in #348. * Fixed paster controller to raise an error if the controller for it already exists. Fixes #279. * Added __init__.py to template dir in project template if the template engine is genshi or kid. Fixes #353. * Fixed jsonify to use application/json as its the proper mime-type and now used all over the net. * Fixed minimal template not replacing variables properly. Fixes #377. * Fixed @validate decorator to no longer catch exceptions should they be raised in the action that is supposed to display a form. Fixes #374. * Fixed paster shell command to no longer search for egg_info dir. Allows usage of paster shell with installed packages. Suggested by Gavin Carothers. * Added mimetype function and MIMETypes class for registering mimetypes. * WARNING: Usage of pylons.Response is now deprecated. Please use pylons.response instead. * Removed use of WSGIRequest/WSGIResponse and replaced with WebOb subclasses that implement methods to make it backwards compatible with the Paste wsgiwrappers. * Fixed missing import in template controller. * Deprecated function uses string substitution to avoid Nonetype error when Python optimization is on. Fixes #334. * E-tag cache no longer returns Content-Type in the headers. Fixes #323. * XMLRPCController now properly includes the Content-Length of the response. Fixes #310, thanks Nicholas. * Added SQLAlchemy option to template, which adds SQLAlchemy setup to the project template. * Switched project templating to use Tempita. * Updated abort/redirect_to to use appropriate Response object when WebOb is used. * Updated so that 404's properly return as Response objects when WebOb is in use instead of WSGIResponse. * Added beaker_cache option to avoid caching/restoring global Response values that were present during the first cache operation. * Adding StatusCodeRedirect to handle internal redirects based on the status code returned by the app. This replaces the use of ErrorDocuments in projects. * Refactored error exceptions to use WebError. * WSGIController now uses the environ references to response, request, and the c object for higher performance. * Added optional use of WebOb instead of paste.wsgiwrapper objects. * Fixed bug with beaker_cache defaulting to dbm rather than the beaker cache app-wide default. * The --with-pylons nose plugin no longer requires a project to have been registered with setuptools to work. * The config object is now included in the template namespace. * StaticJavascripts now accepts keyword arguments for StaticURLParser. Suggested by Marcin Kasperski. * Fix pylons.database.AutoConnectHub's doInTransaction not automatically connecting when necessary. Fixes #327. 0.9.6.1 (September 27th, 2007) * Fixed validate decorator to resume pre-0.9.6 behavior of only validating POST requests by default. Added option to validate during GET as well and a recursion avoidance check to prevent validate from running more than once. * WARNING: Fixed a security hole allowing private controller methods (those beginning with an underscore) to be accessed from the outside. Found by Tomasz Nazar. * Added nose plugin '--with-pylons=test.ini' option to load the Pylons app before scanning for unit tests. This enables Pylons apps to be unit tested with doc tests. * PylonsBaseWSGIApp now caches controller lookup and the effective logging level for a little better performance. 0.9.6 (September 8th, 2007) * Updated requirements for newer WebHelpers for SQLAlchemy 0.4 compatibility. Fixes #300. * Fixed pylons.templating to not pull session objects if there are none in use for the request. Thanks Bob Ippolito. * Catch UnicodeEncodeErrors when finding the Controller action method and fail gracefully. Thanks max. Fixes #298. * Allow passing of a state keyword to the validate decorator for the to_python methods. Fixes #297. * paster shell now configures logging from the config file, like paster serve and setup-app. This can be disabled via the -q option. Thanks Yannick Gingras. 0.9.6rc3 (August 18, 2007) * Fixed controllers.core to allow responses of None (empty bodies). Logs a message indicating the response was empty. * pylons.helpers has been moved to pylons.controllers.util, to differentiate between controller utility functions and projects' helpers modules. * Fixed non-basestring/generator/WSGIResponse objects returned from Controllers not being set as the response content. Thanks Alex Conrad. * development.ini now configures the app's Logger level to DEBUG by default. Thanks Christoph Haas 0.9.6rc2 (August 2, 2007) * Projects now include a MANIFEST.in file: it directs distutils to recursively include all files in the project's public/ and templates/ dir. This fixes these dirs not being included in dists unless they were checked into an RCS recognized by setuptools. This is at the expense of dists now globbing all files in those dirs (even those not checked into your RCS). Thanks Christoph Haas. * Fixed the validate decorator not setting c.form_errors in certain circumstances. Thanks max. Fixes #286. * email_to lines commented out in development.ini and test.ini files to avoid emails being sent to a non-existent address by mistake. If an error occurs it is logged but no email is sent unless email_to is specified. * [paste.app_factory] entry points changed to point to the actual make_app() function to make it simpler for someone to work out how Pylons works (tests updated accordingly too). * All use of the ez_setup module is now tested by an ImportError to make Pylons compatible with Buildout. Note: Tags and releases should be made using an svn export and an svn add to ensure a real copy of the ez_setup module is included and not just an svn:external so that the module is tied to time of the release. * More full-featured README.txt included. * Updated beaker_cache to cache global response cookies/status/headers. Fixes #280. * Fixed missing abort name import in restrict rest decorator. Fixes #281. * Added cheetah as a supported template language for template_engine option. * Fixed public/ and templates/ directories not being created with paster create. 0.9.6rc1 (July 15, 2007) * Fixed cookie header addition to use add instead of append. Thanks to anonymous patcher. Fixes #268, again. * Added ability to pass _code option to specify the status code type for redirect_to. * Fixed redirect_to to not copy all headers into redirect for old _response usage. Fixes #268. * WARNING: By default, the Pylons request object now returns unicode parameter (pylons.GET/POST/params) values (and assumes those parameters were sent to Pylons as utf-8). Unicode parameters can cause major problems if your application is not setup to handle unicode. To disable unicode parameters (0.9.5 default behavior), add the following to your load_environment function (0.9.6 syntax): config['request_options']['charset'] = None or, if still using the deprecated pre-0.9.6 pylons.config syntax, add: request_settings = pylons.config.request_defaults.copy() request_settings['charset'] = None return pylons.config.Config(tmpl_options, map, paths, request_settings=request_settings) * WARNING: Template names beginning with a / (or the OS's path separator) will now result in the name not having the separator's replaced with '.'s for the template engine. This shouldn't affect most projects as they usually assume a dot notation will be used with dot notation template engines (Kid, Genshi, etc.). This change allows template engines that can take filename paths to function properly. Fixes #233. * WARNING: The pylons.util.get_prefix(environ) function is deprecated. Please use: environ.get('SCRIPT_NAME', '') instead (the get_prefix function is used in the default ErrorController). Fixes #243. * WARNING: The paths dictionary's 'root_path' has moved to the less redundant 'root'. * Fixed the Error Documents/EvalException css referencing non-existent images. Thanks Shannon -jj Behrens. Fixes #238. * Added ability to pass _code option to specify the status code type for redirect_to. * Fixed redirect_to to not copy all headers into redirect for old _response usage. Fixes #268. * Added logging statements throughout Pylons code, added logging setup to default template. Fixes #98. * Refactored global response to be setup in wsgiapp along with the other globals. Updated WSGIController to copy in global response headers and cookies into a WSGI app's output. * Added global pylons.response object. Thanks Shannon -jj Behrens and Damjan Georgievski. Fixes #268 and #201. * Updated default project template files for new configuration layout. Options to handle config now just in environment.py, and middleware.py handling just middleware. Fixes #203. * Removing mako tests, as its now the default. Default test changed from Myghty to Mako. * Changing default templating to mako. * Added the https decorator. It requires an action to be loaded via https. Patch by ido. Fixes #241. * Added upgrade instructions, and posted a copy on the wiki. Fixes #230. * Added deprecation warnings for usage of the Pylons Controller class, all controllers should inherit from WSGIController instead. Fixes #239. * Removed deprecated attach_locals function from Controller class. * Added an authenticate_form decorator for use with WebHelpers' secure_form_tag functions for preventing CSRF attacks. Original patch by David Turner. Fixes #157. * Fix Buffet's include_pylons_variables not being upheld. Thanks Jonathan LaCour. * The validate decorator now accepts extra keyword arguments (**htmlfill_kwargs) to pass along to formencode's htmlfill.render function. * Removed POST-only restriction on validate decorator, now handles GET requests. No form arg required during a GET request, which will run the current action with c.form_errors set to the errors. Fixes #246. * Added PylonsConfig, which gets accessed as pylons.config dict. Contains all the merged ini options, in addition to the Config options such as 'routes.map', 'pylons.paths', 'buffet.template_options', etc. Check the pylons.config docs on PylonsConfig for dict keys populated by it. * Split up resolution stages in wsgiapp, so that controller lookup is a separate function making it easier to subclass. PylonsApp now takes a base_wsgi_app argument which is then used for the BaseWSGIApp instead of the one from wsgiapp.py. * Added mako template render tests. * Added storage of the action func used to handle a call, for later code that might need a reference to the action that originally handled the request. Fixes #253. * Updated config object to optionally take a single merged conf dict, updated project templates to pass around the single merged conf dict. * Changed project template to use new Beaker session keys. * Changed default routing for raw template matching to not unicode decode the route argument. Fixes #242. * Catch any exceptions raised by template engine entry points and emit a warning instead of crashing. Thanks markbradley. Fixes #249 * Fixed the validate decorator not working with formencode's CompoundValidators when variable_decode=False. Fixes #209. * Fixed the validate decorator failing with a KeyError when no value is specified to validate against for separate validators (as opposed to a schema). Reported by Graham Stratton. * Fixed paster shell not merging app_conf and global_conf into the main CONFIG dict namespace. Original patch by David Smith. Fixes #244. * Added logging to decorators. Refs #98. * Fixed paster restcontroller to test for lib.base and only add that import statement when its present. This fixes the restcontroller template when used with minimal Pylons project templates. Fixes #237. * Fixed the EvalException debugger showing broken links and buttons when the app's ErrorController was broken (such as when BaseController's __before__ raises an exception). Suggested by Ian Bicking. Fixes #228. * paster create now accepts a 'template_engine' option to setup the new project's default template engine. E.g. to create a new project that uses Genshi by default, use: paster create --template=pylons mygenshiproj template_engine=genshi Suggested by Ian Bicking. Fixes #141. * Fixed the validate decorator triggering the following error with FormEncode>=0.7 and non-ascii rendered form content: UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 10: ordinal not in range(128) the form was passed in as an encoded string, but some data or error messages were unicode strings; the form should be passed in as a unicode string Reported by Christoph Haas. * HTTPExceptions are now converted to Response objects (for __after__), making the httpexceptions middleware no longer required. * Added Warning to jsonify to warn about cross-site attacks when returning a list as the outer-most element to jsonify. Fixes #232. * Fixed beaker_cache decorator to take optional keyword arguments intended for the backend cache container (such as url for memcached). * Fixed paster controller assuming the minimal template was in use when the lib.base module existed but raised an exception. * Fixed bug in XMLRPC Controller not setting proper Content-Type. Fixes #236. * Added the '-d' ('--disable-ipython') option to paster shell for disabling IPython. * Allow creation of controllers named 'setup' via paster controller. Reported by Matt Good. * Added support for generic arguments to SQLAlchemy's create_engine of the form sqlalchemy.* from the PasteDeploy config file. 0.9.5 (Apr 11th, 2007) * Fixed a Python 2.3 incompatibility with paster shell, causing the Exception: File "Pylons-0.9.5-py2.3.egg/pylons/commands.py", line 357, in command locs.update([(name, getattr(base, name)) for name in base_public]) AttributeError: keys * Fixed paster shell breaking for projects where the base package was not the first package listed in top_level.txt. Patch from Alberto Valverde. Fixes #229. * Fixed doc references to config['app_conf']. Fixes #116. * Changed `get_engine_conf` to properly evaluate sqlalchemy echo statement when its 'debug'. Fixes #226. * make_session and create_engine now accept keyword arguments to pass to SQLAlchemy's create_engine. * make_session now accepts the keyword argument 'session_kwargs' to pass to SQLAlchemy's create_session. * Fixed _inspect_call to call function with keyword arguments instead of list args. Corrects issue with action defaults that caused the value for the latter args to be in the wrong spots. Spotted by Topher. Fixes #223. * Added the allow_none option (passed to xmlrpc.dumps) to XMLRPCController. Suggested by Jaroslaw Zabiello. * Updated XMLRPC Controller with patch for name lookup and additional unit tests for the patch. Fixes #216. * Updated docs for validate decorator to more clearly illustrate what the post_only args apply to. Fixes #221. * Added ability to return strings in the WSGIController. Fixes #218. * Added lazy i18n translation functions. Patch from David Smith. Fixes #181. * Added fix for XMLRPCController system.methodHelp function and unit test. Patch and unit test submitted by Graham Higgins. * Fixed bug in validate decorator with new UnicodeMultiDict response content not properly retaining form content as unicode for formencode's htmlfill. * Fixed bug in XMLRPC Controller with xmlrpclib Faults not being properly transformed into a WSGI response within the controller. * WARNING: Pylons now requires the decorator module: it no longer packages it as pylons.decorator. Code relying on the pylons.decorator.decorator function will trigger a deprecation warning and should be changed to use decorator.decorator. * WARNING: pylons.h was deprecated for using projects' lib.helpers module directly in 0.9.3. pylons.h is now formally deprecated (emits DeprecationWarnings). Projects still accessing pylons.h must change the following import: from pylons import h to: import MYPROJ.lib.helpers as h * pylons.jsonify and pylons.Controller references have been deprecated (they are misplaced references). They continue to be available at pylons.decorators.jsonify and pylons.controllers.Controller, as they always have been. * Updated templating Buffet to recognize format parameter and properly pass it to the template engine. * Updated LICENSE for new year and to indicate license covering templates generated. Fixes #188. * Interactive debugger now supports Mako. After r1780 if you are using a custom theme you will need to change '%(myghty_data)s' to '%(template_data)s' in your template. If you are using JavaScript the tab id is now "template_data". * Fixed bug in WSGIController with private function attempts not returning a valid WSGI response. * Added full unit test coverage of cache decorator. * Adding messages binary file, enabling i18n unit tests. Updating pylons.i18n to import LanguageError. Fixes #193. * Adding i18n tests, not active yet as they're waiting on a binary file from a patch. Refs #193. * Updated tests so that they now work with nose, removing py.test requirement. * Switching config setup to load keys into main config dict with app_conf and global_conf keys set for any code looking for those keys. Fixes #116. * PylonsInstaller is now the default paste.app_install entry point for new projects: this makes Cheetah no longer required for the paster make-config command. (Thanks Alexander Schremmer, Ian Bicking) * Added custom redirect_to function in pylons.helpers that will take an optional _response arg to pull headers and cookies out for preservation during a redirect. Fixes #136. * Changed config.Config.__init__ to take all options as keyword args so unused args can be skipped. Fixes #162. * The request object can now automatically decode GET/POST/params vars to unicode, when its charset attribute is set. * Added a new request_settings keyword arg to Config's constructor. Allows setting the default charset and errors values of of the request object. * Deprecated Config constructor's default_charset keyword arg. Use Config's response_settings keyword arg instead. * Fixed paster controller to test for lib.base and only add that import statement when its present. This fixes the controller template when used with minimal Pylons project templates. Fixes #140 and fixes #139. * Fixed the paster shell error: KeyError: 'pylons.routes_dict' when calling app.get and app.post. * Fixed paster shell not working on projects with names containing hyphens. * Fixed the config directive 'sqlalchemy.echo' set to False being interpreted as True. Patch by Alex Conrad. * Fixed paster shell not restoring CONFIG['global_conf']. 0.9.4.1 (Jan. 5th, 2007) * Added restcontroller command that generates a RESTful controller template and provides the appropriate map.resource command to add. Suggested by Matthew Scott. * Fixed SQLObject pylons.database.PackageHub error: exceptions.NameError: global name 'CONFIG' is not defined * Fixed pylons.database.session_context not working outside of requests (such as in websetup.py). * Updated template options config to take template options for multiple engines for less binding to Myghty. * Fixed paster shell incorrectly importing the the tuple (model,) as the model object. 0.9.4 (Dec. 29th, 2006) * WARNING: Removed the lang_extract and lang_compile commands. They used pygettext.py and its associated msgfmt.py, which lacked the ability to extract ngettext style function calls and had issues with unicode strings. The new I18NToolBox project aims to provide this functionality (and more) via the gettext command line utilities. http://i18ntoolbox.ufsoft.org * All Pylons special objects are now available within paster shell (not just h and g). * WARNING: Myghty's allow_globals config var has changed, causing the following when running pre-compiled templates: Error(TypeError): do_run_component() takes exactly 13 non-keyword arguments (5 given) Delete the compiled Myghty templates directory (specified by cache_dir or myghty_data_dir in the config file) to resolve the error. * Changed i18n functions in templates to use proxy objects so that using set_lang in a template works right. Fixes #153. * Now allowing any template plugin to overwrite global PYLONS_VARS (such as c, g), not just pylonsmyghty. * Adding SQLAlchemy support to the database.py file. Saves the session engine to g to maintain it during the apps lifetime. Uses SessionContext plugin for management of the current session. * Updated config object so that init_app can take an optional template engine argument to declare the default template engine. * Updated Myghty plugin to use extra_vars_func when passed in. * Fixed Buffet to use extra_vars_func properly. * Fixed the validate decorator when there are validation errors and variable_decode=True: now passing the original params to htmlfill.render instead of the varable_decode'd version. Patch by FlimFlamMan. * Added ungettext function for use with pluralized i18n, and the N_ function (gettext_noop) to mark global strings for translation. Added ungettext, N_ and translator objects to be globals for templates. Refs #126. * WARNING: The localization function '_' now uses ugettext (returns unicode strings) instead of gettext. To preserve the old behavior, append the following line to your project's lib.base and lib.helpers imports: from pylons.helpers import gettext as _ * Pylons special objects are now available within the interactive debugger (deprecating _attach_locals). * Added setup-app run before unit tests run so that webapp has proper setup tasks handled. Fixes #113. * Added paste.deploy.CONFIG setup to middleware.py, websetup.py and testing files in the Pylons project templates. Closes #112. * Added security policy doc to index for use as Pylons security policy. Closes #91. * Improved the repr() of the c context object to show attributes. * Set environ['paste.testing_variables'] whenever that key is available, not just in testing mode. * Added capability to have an action be a generator function. * Added introspection capability to XMLRPCController and signature checking. * Updated Controller to use additional arg lookup scheme so that the source of the function args for _inspect_call can be easily overridden. * Updated RPCController, renamed to XMLRPCController. XMLRPCController now functions properly and will automatically return proper xmlrpc responses. * Added test configuration ini file to default template. Closes #114. * Fixed problem with pylons.database.PackageHub.__get__ raising errors other than AttributeError when the database isn't configured. Added new UnconfiguredConnectionError exception, instead of just KeyError or TypeError (depending on what part of the configuration failed). * Fixed default g init, since bare object has no init method. Reported by Ian Bicking. * Fixed issue with SQLObject method override having wrong name. Reported by climbus with patch. Fixes #133. * Moved log function to pylons.helpers and translation functions to pylons.i18n. using pylons.util purely for Pylons internal util functions. * WARNING: Removed 0.8.x legacy code and backwards compatibility functions. * PylonsApp now has option to not use Routes middleware, default resolving uses new wsgi.org routing_args spec. * Refactored routes dispatching to use new Routes middleware. * Fixed paster shell command to properly acquire mapper object without relying on the template being configured in a specific manner. * Added keyword argument pool_connection to pylons.database.PackageHub; if set to false then SQLObject connections won't use pooled database connections (a new connection will be opened for each request). 0.9.3 (Nov 1st, 2006) * Updated project template to support full_stack option to make it easier to use Pylons apps within larger WSGI stacks. * Added deprecation warnings to legacy objects and for 1.0 functionality that will change. * Added cache decorator and Cheetah template functional tests. Patch and unit tests provided by Climbus. * Fixed readline support in the stock interactive console paster shell. Reported by Alex Conrad. * A controller's __after__ method will now be called after actions invoke redirect_to (or raise any HTTPException). Reported by David Turner. * Fixed config to use myghty_data_dir instead of cache_dir setting if its set as well. Reported by Shannon -jj Behrens. * Added traceback hiding so that more of the traceback relating to Pylons code is removed from the default traceback making it easier to focus on the code in an app that actually caused the problem. Closes #119. * Added ability to use '_' translation method directly from templates and in the controller without having to use it under h._. * Added 's' and 'l' Myghty escaping flags to default project templates. Suggested by Jamie Wilkinson. Closes #110. * Fixed SCGI bug with QUERY_STRING test when WSGI states it doesn't have to exist. Reported by Riklaunim. * Added pylons_minimal template, prone to fine-tuning. * Added option for PylonsApp to take a globals object to avoid checking a hardcoded path for a Globals object. * Removed old Helpers legacy object entirely, replaced pylons.h with proper StackedObjectProxy. Cleaned up PylonsApp and PylonsBaseApp to accept a helpers reference so that Pylons can be ignorant of where the helpers came from. * Fixed bug with lang app_conf option being set improperly. Reported by Laurent. * Fixed pylons.h to work proper with new and old-style helper imports. * Fixed render functions always passing disable_unicode=False to Myghty. 0.9.2 (Sept. 7th, 2006) * Fixed problem with dashes in controller names, resolves #107. * Updated default ini file to use localhost from address. Refs #104. * Updated default development.ini to use a single cache_dir setting which is the base dir that cache files, session files, and template caching will be saved in. Config object now looks to cache_dir setting properly for Myghty templates. Fixes #104. * Updated default template controller to provide better example of directly serving Myghty templates. * Fixed legacy (0.8) controller methods' **ARGS (also m.request_args and pylons.params) to be of the expected mixed dictionary instead of MultiDict. * Fixed _attach_locals not attaching g and cache objects. * Added g object to the shell. Works as long as the Pylons app can respond to a path of '/'. The pylons.g variable will also be setup properly for use in the shell. * Myghty template options are now passed properly to the template creation, and allow_globals now works to add Myghty template globals. * Re-organized helpers, switched Helpers class to use static methods to reduce code duplication. * Helpers cleanup: - Old-style Helper object uses StackedObjectProxy just like the new scheme, thus avoiding possible WSGI stack issues. - New project templates use new-style Helpers scheme. - Updated wsgiapp to utilize new Helpers cleanup style. The 'h' object is now friendlier to use, and maps directly to a projects lib.helpers file. No more wacky Helpers object proxying to it. - Added translator global to __init__.py for use with new Helpers cleanup. - Copied Helpers function methods directly into util so they can be used stand-alone. - Deprecated h.lang (for h.set_lang/h.get_lang) * Moved the 'default_charset' option from PylonsApp's constructor to Config's. * Added 'error' controller route to the top of the Pylons template to avoid the common issue people discover when removing the generic default route. * Changing validate decorator to have variable_decode option, which will also run formencode's variable_decode function over the form input. * Switched to using Context obj classes instead of RequestLocal which is being phased out. * Added an 'encode_variables' option to the validate decorator. * Switched all current_obj calls to _current_obj to avoid triggering deprecation warnings. * Added is_xhr to Request object in Paste. * Bumping up dependency to latest Paste. * Switching back to prior controller import check, throwing a more detailed error with a suggest fix should the user really want a URL with that name in it. (refs #67) * Fixes bug with prior fix for #67. Wasn't properly testing the full package name to include the current project which would incorrectly restrict valid controller names (refs #67). * Fixed '_method_' checking to test in a more efficient manner. * Added deprecation warning for legacy mode activation. Not necessary to update multiple files, as all of legacy mode is enabled via the Legacy WSGI app. Fixes #89. * Fixed controller command to check controller name and refuse to create controllers that have name clashes with existing modules that could be imported. Reported (with patch) by Chuck Adams. Fixes #67. * Added capability for 'c' object to throw an exception when an attribute is used that doesn't exist. Closes #84. * Fix for endless error document call when an error document controller wants to throw a error that the error_mapper catches. 0.9.1 (August 11th, 2006) * Fixed __all__ export typo in templating.py. Added example of render with a template. * Fixed issue with set_lang not using proper CONFIG var. * Minor tweaks to update docs in pylons.helpers and move remaining legacy code into legacy module. Updated wsgiapp to refer to new locations of legacy compatibility objects. * The interactive debugger's 'full traceback' link is now only displayed when the full traceback differs from the regular (includes hidden frames). * Providing an optional text version of exception tracebacks and the associated extra data within the interactive debugger. * The 'Debug at: http://hostname/_debug/view/XXXXX' URLs now display the interactive debugger properly skinned. * Fixed issue in PasteScript with new controller sub-directories lacking a __init__.py file. This fixes an import error when using the controller. PasteScript dependency updated to fixed version. Reported by Artur Lew. * Removed lowercasing of the module name during resolver import. * Removed [full] recommendation from docs. 0.9 (July 28th, 2006) * config file option 'debug' now defaults to false when undefined * Removed the components directory from the template * Updated paste.errordocuments support * Fix for multi-word controller names such that front_page / FrontPageController can be used as a controller name. Patch contributed by Timo Mihaljov. * Cleaned up imports in wsgiapp and new project to better reflect where things really come from. * Removed unnecessary myghty usage from wsgiapp for url unescaping, now uses urllib as the myghty function did. * Removing 'response' to import, sticking with Response as its more consistent with the fact that Response is a class/factory and not an instance like request, and the other lower-case objects. * Added redirect_to under pylons.helpers, and added import from helpers directly into lib/base.py for use in controllers. * Consolidated legacy objects into legacy module. * Adding abort method that raises the appropriate exception for the status code. * Removing form_fill, obsolete by the validate decorator. * Relocated 'params' object to only take effect in legacy mode. * Updated Pylons template to use WSGIController as the new default Controller. * Altered the wsgi dispatch to examine the controller, and instantiate it if it's just a class. Otherwise, if the controller is a subclass of Controller but not of WSGIController, it assumes its an older Controller class that may return a WSGIResponse, and calls it appropriately. * Dispatch now fixes up environ to move 'path_info' Route var into the WSGI PATH_INFO, and the rest is pushed into SCRIPT_NAME. This is for use with other WSGI apps under controller mount points. * Added WSGIController which takes a normal WSGI interface call and returns the appropriate WSGI response. * Added automatic copying of Route variables declared in an action's function definition to the 'c' object. * WebHelpers' .js files are now automatically published under the '/javascripts/' URL path. Individual WebHelpers' .js files can be overridden by other .js files inside the project's 'public/javascripts' directory * Added exception toss when a template engine doesn't exist. * Added alias option to Buffet to support aliasing more template engines to other engine names * Buffet enhancements to support caching of any template with any template engine * All render commands processed through Buffet * Backwards compatibility 'm' object for use with legacy projects * Added use of Beaker middleware for session and caching functionality * Fixed error traceback and updated template to use proper error images and stylesheets. 0.8.2 (**dev**) * Fixed default controller to allow for actions with - in them. The - will be replaced with an underscore, while the original action name in the mapper dict is unchanged. Patch by Thomas Sidwick. 0.8.1 (May 10th, 2006) * Added REST decorators and re-arranged decorator layout to support more styles of decorators for future expansion. * Fixed dependency requirement bug that had Pylons locked to simplejson 1.1 even though a newer version was out.