[Zope-dev] Re: [Zope] Lobbying (was: [Zope] html_quote in python methods?)
From: Chris Withers [EMAIL PROTECTED]
Only if you add security declarations to expose functionality from
xmlrpclib.
Is that hacky and nasty? :-S
In Zope 2.3, you place the following code somewhere that it will get
executed at startup (a custom Product's __init__ is the best bet):
from AccessControl import ModuleSecurityInfo
security = ModuleSecurityInfo('xmlrpclib')
security.declarePublic('Server')
# or security.setDefaultAccess(1), if you feel lucky.
Cheers,
Evan @ digicool 4-am
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
[Zope] Lobbying (was: [Zope] html_quote in python methods?)
Jim Washington writes: Can I keep this from happening? html_quote does not seem to be in the Python Method namespace. Please help lobbying that the functionality of all "dtml-var" attributes are exposed as standard functions. The functions are there already, just not exposed to DTML and PythonScripts. Dieter ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Lobbying (was: [Zope] html_quote in python methods?)
Dieter Maurer wrote: Jim Washington writes: Can I keep this from happening? html_quote does not seem to be in the Python Method namespace. Please help lobbying that the functionality of all "dtml-var" attributes are exposed as standard functions. The functions are there already, just not exposed to DTML and PythonScripts. I'll second this. It'd be _so_ nice... ever wanted to do: dtml-call "somemethod(absolute_url()+urlquote(_.getitem(id))" :-) Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Lobbying (was: [Zope] html_quote in python methods?)
[Chris Withers] | I'll second this. It'd be _so_ nice... | | ever wanted to do: | | dtml-call "somemethod(absolute_url()+urlquote(_.getitem(id))" I totally agree. -Morten ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Lobbying (was: [Zope] html_quote in python methods?)
Erik Enge wrote: [Chris Withers] | dtml-call "somemethod(absolute_url()+urlquote(_.getitem(id))" What about security issues? Wouldn't this also allow those methods to be called TTW by any user? No. Even if it did, what harm would it do? cheers, Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Lobbying (was: [Zope] html_quote in python methods?)
[Chris Withers] | dtml-call "somemethod(absolute_url()+urlquote(_.getitem(id))" What about security issues? Wouldn't this also allow those methods to be called TTW by any user? ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Lobbying (was: [Zope] html_quote in python methods?)
[Chris Withers] | Even if it did, what harm would it do? Denial of Service attacks was what I though of. But it's a non-issue I guess. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Lobbying (was: [Zope] html_quote in python methods?)
From: Chris Withers [EMAIL PROTECTED]
dtml-call "somemethod(absolute_url()+urlquote(_.getitem(id))"
Well, in Python Scripts at least, you can do::
from Products.PythonScripts.standard import special_formats
url_quote = special_formats['url-quote']
return url_quote("OK?")
It's not great, but it's something.
Cheers,
Evan @ digicool 4-am
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Lobbying (was: [Zope] html_quote in python methods?)
Evan Simpson wrote: From: Chris Withers [EMAIL PROTECTED] dtml-call "somemethod(absolute_url()+urlquote(_.getitem(id))" Well, in Python Scripts at least, you can do:: from Products.PythonScripts.standard import special_formats Hmmm... can you do something similar to perform an XML-RPC call into another Zope instance? cheers, Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] html_quote in python methods?
Thanks, Andy, Dieter, Chris, Evan for the discussion What I ended up doing was making a DTML Method called htmlquote_newlineToBr that looks like: dtml-var theitem html_quote newline_to_br then calling it from a Python Method like so: hqnl = self.htmlquote_newlineToBr myitem=self.fixedLoc['varLoc1']['varLoc2'] print 'table' print 'trtd%s/td/tr' % hqnl(theitem=myitem.property1) print 'table' It turned out to be a bit better code than I thought I wanted :) -- Jim Washington - Original Message - From: "Jim Washington" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 02, 2001 6:32 AM Subject: [Zope] html_quote in python methods? I am using Python Methods a lot now. Good: no more dtml-with to get to the objects I need. Yay! no more worrying about closing blocks. Yay! OK, when I make a syntax error, there is no help in the traceback. My Python is getting better and better as a result. To give something back, I have a hint that took me a while to figure out: print 'td width="33%"%s/td' % (self.thevariable) will not work. The first % needs to be escaped like so: print 'td width="33%%"%s/td' % (self.thevariable) Now, can I use html_quote in a Python Method? I am letting people enter data for redisplay, and I know some Bozo (TM) will somehow put in "table" and break the page. Can I keep this from happening? html_quote does not seem to be in the Python Method namespace. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] html_quote in python methods?
I am using Python Methods a lot now. Good: no more dtml-with to get to the objects I need. Yay! no more worrying about closing blocks. Yay! OK, when I make a syntax error, there is no help in the traceback. My Python is getting better and better as a result. To give something back, I have a hint that took me a while to figure out: print 'td width="33%"%s/td' % (self.thevariable) will not work. The first % needs to be escaped like so: print 'td width="33%%"%s/td' % (self.thevariable) Now, can I use html_quote in a Python Method? I am letting people enter data for redisplay, and I know some Bozo (TM) will somehow put in "table" and break the page. Can I keep this from happening? html_quote does not seem to be in the Python Method namespace. Regards, -- Jim Washington ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] html_quote in python methods?
Can you do an import in python methods? Still have to install and play with them. If so you can: from DT_Util import html_quote Theres probably a better way... as per DT_var.py -- Andy McKay, Developer. ActiveState. - Original Message - From: "Jim Washington" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 02, 2001 6:32 AM Subject: [Zope] html_quote in python methods? I am using Python Methods a lot now. Good: no more dtml-with to get to the objects I need. Yay! no more worrying about closing blocks. Yay! OK, when I make a syntax error, there is no help in the traceback. My Python is getting better and better as a result. To give something back, I have a hint that took me a while to figure out: print 'td width="33%"%s/td' % (self.thevariable) will not work. The first % needs to be escaped like so: print 'td width="33%%"%s/td' % (self.thevariable) Now, can I use html_quote in a Python Method? I am letting people enter data for redisplay, and I know some Bozo (TM) will somehow put in "table" and break the page. Can I keep this from happening? html_quote does not seem to be in the Python Method namespace. Regards, -- Jim Washington ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
