News ==== .. contents:: svn trunk --------- * **Backward incompatible change**: ``paste.fileapp.FileApp`` properly supports request methods, including HEAD. If you were subclassing ``FileApp`` or ``DataApp`` and overriding ``__call__()`` you may have to subclass ``get()`` instead. * paste.httpheaders now parses the HTTP Accept-Language header and returns a list of languages the browser supports in the order it prefers them. * paste.mimeparse module added that handles parsing HTTP Accept headers for quality and mime-types. * ``paste.request.construct_url`` was adding ``SERVER_PORT`` to ``HTTP_HOST``; but ``HTTP_HOST`` (from the Host header) generally contains a port when necessary, and ``SERVER_PORT`` should only be used with ``SERVER_NAME``. * Added entry point for ``paste.registry.RegistryManager`` (``egg:Paste#registry``). * ``paste.request.HeaderDict`` fixed to know that ``Content-Length`` maps to ``CONTENT_LENGTH``. * Can use ``paste.urlparser.StaticURLParser`` with sub-instances other than ``paste.fileapp.FileApp`` (if you subclass and override ``make_app``) * ``paste.fixture.TestApp.get(status=X)`` takes a list of allowed status codes for ``X``. * Added a small templating system for internal use (``paste.util.template``) * Removed a bunch of long-deprecated modules (generally modules that have been moved to other names). In paste.wsgiwrappers ~~~~~~~~~~~~~~~~~~~~~ * ``paste.wsgiwrappers.WSGIRequest`` has match_accept() function to screen incoming HTPT Accept values against a list of mime-types. * ``paste.wsgiwrappers.WSGIRequest.defaults`` now accepts a new key: ``language``: The i18n language that should be used as the fallback should a translation not occur in a language file. See docs for details. * ``paste.wsgiwrappers.WSGIRequest`` can now optionally decode form parameters to unicode when it has a ``charset`` value set. * Deprecated the ``paste.wsgiwrappers.settings`` StackedObjectProxy dictionary for ``paste.wsgiwrappers.WSGIResponse.defaults``. In paste.httpserver ~~~~~~~~~~~~~~~~~~~ * Regression in 1.1 fixed, where Paste's HTTP server would drop trailing slashes from paths. * ``paste.httpserver`` now puts a key in the environment when using a thread pool that allows you to track the thread pool and see any wedged threads. ``egg:Paste#watch_threads`` is an application that can display this information. * ``paste.httpserver`` now accepts all request methods, not just ``GET``, ``PUT``, etc. (Methods like ``MKCOL`` were previously rejected.) * ``paste.httpserver`` has a ``wsgi.input`` that now does not block if you try to read past the end (it is limited to returning the number of bytes given in ``Content-Length``). Double-reading from ``wsgi.input`` won't give you the same data, but it won't cause blocking. 1.1.1 ----- * Fixed major issue with serving static files on Windows (a regression in Paste 1.1 where most static files would return 404 Not Found). * Fixed ``parse_dict_querystring`` returning empty dicts instead of ``MultiDict``\ s. * Added ``paste.config``, a rewrite of ``paste.deploy.config`` using ``paste.registry``. This version of ``ConfigMiddleware`` will enable use of ``paste.config.CONFIG`` within the ``EvalException`` interactive debugger. * Fixed problem where ``paste.recursive`` would leave ``wsgi.input`` and ``CONTENT_LENGTH`` set for recursive requests. * Changed the static file servers to give 404 Not Found responses when you have extra parts after a static file, instead of 400 Bad Request (like when you request ``/file.html/extra/path``) 1.1 --- * Security fix for ``paste.urlparser.StaticURLParser``. The problem allowed escaping the root (and reading files) when used with ``paste.httpserver`` (this does not effect other servers, and does not apply when proxying requests from Apache to ``paste.httpserver``). * ``paste.httpserver`` and ``paste.fixture.TestApp`` url-unquote ``SCRIPT_NAME`` and ``PATH_INFO``, as specified in the CGI spec. Thanks to Jon Nelson for pointing out both these issues. * ``paste.registry`` now works within the ``EvalException`` interactive debugger. * Fixed ``paste.auth.open_id`` failures not returning a correct response. * Changed ``paste.httpexceptions.HTTPUnauthorized`` so that the ``WWW-Authenticate`` header is not required. 401 responses don't *have* to have that header. * In ``paste.fixture.TestApp``: ``