On Wed, 2011-03-02 at 02:21 -0800, Georges Dubus wrote: > > On 1 mar, 23:00, Tres Seaver <tsea...@palladion.com> wrote: > > > > I'm afraid the example doesn't defend against relative '..' at all. > > > > That's what I would have thought, but http://localhost:6543/../ > redirects to http://localhost:6543/ (sorry, typo in the previous > message). I thought this had something to do with virginia, but it > seems that the ".." is interpreted earlier in the framework. I fact, > it looks like it's the expected behaviour for an url ( just try : > http://groups.google.com/group/pylons-devel/../../.. )
In a traversal-based application, Pyramid recomputes all '..' segments from the path at ingress, computing a traversal path before the application ever sees it. > > > > The pattern of registering views and adapters against interfaces, rather > > than directly against classes, goes back to our Zope-ish roots. I think > > some of those interfaces are actually left over from the time when Chris > > re-wrote 'repoze.kiss' to function as a BFG-based application: in > > 'repoze.kiss', there were real views registered for all the interfaces. > > > Historical reasons ? That's what I thought. But, as it's used as an > example application, wouldn't it be less confusing for newcomers to > "clean" the application from the bits that aren't useful any more, in > order to get a minimal working example ? If that's a good, idea, I > volonteer. That'd be fine by me, if you can work up a pull request. - C -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To post to this group, send email to pylons-devel@googlegroups.com. To unsubscribe from this group, send email to pylons-devel+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en.
