widelands-dev team mailing list archive
-
widelands-dev team
-
Mailing list archive
-
Message #08485
Re: [Merge] lp:~widelands-dev/widelands-website/fix_REMOTE_ADDR into lp:widelands-website
> Thanks for pointing me to dict.get().... i am too stupid :-S
you are quite harsh on yourself. missing something in the huge pile of documentation that is django + python is really quite easy.
> Regarding the tracking app: It's just my personal view... i don't like shipping an app with the widelands code when much code of it is potentially unused.
I agree. Unused code should be deleted. But I think there are more useful things in the homepage than removing unused code - that said, if you want to do it I will gladly review it :)
> request variables
A bit of googling says you are probably right: https://www.djangoproject.com/weblog/2009/jul/28/security/#secondary-issue
We cannot rely on any of these variables to be set or even correct. I suggest we return a known false IP that we can recognize in the database instead. For example 192.168.23.42 or something like this. And we should probably not use the IP for anything besides what we maybe require for SPAM services.
--
https://code.launchpad.net/~widelands-dev/widelands-website/fix_REMOTE_ADDR/+merge/308337
Your team Widelands Developers is subscribed to branch lp:widelands-website.
References