On Wed, Apr 29, 2009 at 6:37 AM, Jorge Vargas <jorge.var...@gmail.com> wrote:
> On Mon, Apr 27, 2009 at 5:15 AM, Gustavo Narea <m...@gustavonarea.net> wrote:
>> Hola, Jorge.
>>
>> On Monday April 27, 2009 10:42:35 Jorge Vargas wrote:
> by the way from repoze.what.plugins.pylonshq import is_met is not the
> correct path.
>
apparently the correct syntax is in_group('clients').is_met(request.environ)>> http://code.gustavonarea.net/repoze.what-pylons/Manual/Misc.html#boolean-predicates >> > could you please explain why this warning? I'm really shock here. are > you telling us that the default way TG is using repoze.what will break > your security? last time I read the ticket regarding this > implementation it was never mention that this will be a security > issue. > I just looked at this again and it's really interesting. The only reason this is a "monkey patch" is because you implemented it as such with the "booleanze_predicates" function according to the python documentation http://docs.python.org/reference/datamodel.html?highlight=__nonzero__#object.__nonzero__ and I don't see why request.environ will have problems evaluating the values from third-part. as for the non-pylons this has something to do with the SOPs? it is my understanding you are evaluating the request on each call so why is this a problem? _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
