[Zope-dev] [Problem] Zope/Python2.x incompatibility
Dear Zopistas, I just met the following problem caused by a misfortunate name clash between Python2.x and Zope: DTML-Document: &dtml-p; When this document is rendered, Shane's wonderful ZDebug tool reports: Error type: Unauthorized Error value: Access denied for because its container, 'title', has no security assertions. Innermost method: /Test/wt/Target Namespace Stack (innermost entry at top) ID Type (N/A) mapping with keys: ['p'] ? InstanceDict ? DocumentTemplate.DT_InSV.sequence_variables (N/A) mapping with keys: ['propertyIds'] (N/A) mapping with keys: ['document_id', 'document_title'] TargetInstanceDict TargetInstanceDict REQUEST ZPublisher.HTTPRequest.HTTPRequest problem in "_[p]". What happens here? "dtml-in" pushes the property id "title" (a string) onto the namespace stack. It is the next-to top "InstanceDict" entry. Starting with Python 2.0 (maybe 1.6), string objects have methods, among them "title". When "title" is looked up in the namespace, the "title" of the string object is found and not the one of the DTML Document. This wrong "title" method gives an "Unauthorized" exception because string objects do not participate in Zope's security mechanism. Danger Any string object on the namespace can prevent access to the "title" property. Propably only "dtml-in" and (if used wrongly) "dtml-with" are affected. Thank you Shane for the wonderfull "ZDebug". Without it, it would have been much more difficult to analyse this problem. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] XXXPythonScripts release 1.0
After seeing the demand for this in a thread on ZopeZen, I've decided to release XXXPythonScripts, at: http://www.zope.org/Members/4am/XXXPythonScripts This Product adds a new Script meta-type: "Script (Python, unsafe)". You can only create or edit these objects when your Zope has been started with a special environment variable set. The envar name is whimsical, but this isn't a joke; By using this Product you add a risk to your system equivalent to using Telnet to log in as the Zope user. If somebody sniffs/guesses your login and this is turned on, they can write Scripts to do whatever the Zope process user can do! These are compatible with Zope 2.3.x only. I have no immediate plans to make them work with 2.4.x, but it shouldn't be hard. Cheers, Evan @ digicool & 4-am ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZCVSFolder not running on windows
Hi Robert, Sorry.. ZCVSFolder is not supported for Windows. Patches accepted! -steve Robert Rottermann wrote: > > Hi there, > > I installed the newest version of ZCVSMFolder on my windowsbox. > > As it uses fork it can not work. However I used a former version under > windows. Is this not possible anymore? > > thanks for any insigth > > Robert > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )