We've just issued the final release of Quixote 0.6.
With this release, 0.6 becomes the new stable version.
The changes from 0.6beta6 are minor:
* Added a 'pass' to setup.py to make it easier to comment out the C
extension.
* Simplified 'From:' header in traceback e-mails from
"Quixote on " to just "".
If you've already been running 0.6b6, there's no pressing hurry to
upgrade to 0.6.
Please squawk if you find any problems in the 0.6final release; in a
few days I'll announce the release more widely, and it would be nice
to catch any silly bugs first.
The change list from 0.5.1 is extensive, of course. To remind you:
* A new and preferred syntax for declaring PTL templates has been added.
Instead of 'template func(): ...', the new form is 'def func [plain] ()'.
This uses a notation that's been suggested for adding type
information to Python functions. The Emacs Python mode already handles
this properly, and it may be more compatible with future versions of
Python.
The 'template' keyword is still supported, but we encourage you
to switch to the new syntax when you get a chance.
* Rename _q_getname() to _q_lookup(). The name '_q_getname' is still
supported, but will log a warning whenever it's encountered.
This change will require users to modify their applications.
* Quixote now supports a new kind of template that automatically performs
HTML escaping. Here's an example. (Notice that the '[plain]'
annotation is changed to '[html]' to enable this feature.)
def header [html] (title):
"%s" % title
If the 'title' argument is something like "R&D", it will
automatically be converted to "R&D" following the rules
for escaping HTML special characters. The aim is to avoid cross-site
scripting attacks by automatically
See doc/PTL.txt for more information about how this works.
This escaping is implemented using either a Python 'htmltext'
class or a C implementation. Both implementations have seen
production use on our web site.
* The form framework now uses automatic HTML escaping. This
means that applications using the form framework will have
to either be changed to use automatic HTML escaping themselves,
or to use str() to convert 'htmltext' instances back to Python
strings.
As part of this change, form/form.py and form/form_templates.ptl
were merged into form/form.py.
See doc/upgrading.txt for more information.
* Added a new hook, _q_resolve(), that can be used to delay
importing modules until they're actually accessed. Consult
doc/programming.txt for an explanation. (Original
suggestion and patch by Jon Corbet. In the process of adding it,
Publisher.get_component() was rearranged to clarify the logic.)
* Make Quixote a bit more friendly to multi-threaded applications
by allowing multiple simultaneous requests (patch by Titus Brown).
* Make util.xmlrpc() return an HTTP 405 Method Not Allowed error
if the method isn't a POST.
* Added demo/run_cgi.py, a script that makes it easy to write one
file CGI applications that use Quixote. See the comments at the
top of the demo/run_cgi.py file for instructions.
* Added StaticFile and StaticDirectory classes to quixote.util.
Consult doc/static-files.txt for examples. (Contributed and
documented by Hamish Lawson.)
* Added quixote.server.twisted_http, which serves a Quixote application
using the Twisted event-driven framework (www.twistedmatrix.com).
Contributed by Graham Fawcett. We don't use this code ourselves,
but patches and bug fixes from Twisted users will be gratefully
accepted.
* If Quixote looks for _q_index() in a namespace and doesn't find
it, it raises AccessError (resulting in an HTTP 403 Forbidden error)
rather than failing with an ImportError. A minor side effect of
this change: Quixote will never attempt to import a module named
'_q_index', nor will it pass '_q_index' to any _q_resolve() function.
We don't expect this to be a backward compatibility problem .
* Factored out the traverse_url() and get_component() method
from the Publisher class.
* Fix generation of temporary filenames in upload.py: filename
collisions should be impossible now.
* Documented _q_exception_handler().
--amk (www.amk.ca)
ROSALIND: O, how full of briers is this working-day world!
-- _As You Like It_, I, iii