Re: [Zope-dev] [ZODB-Dev] Bug (?) in zope/publisher/publish.py:unwrapMethod
Le mardi 25 janvier 2011 19:08:11, Tres Seaver a écrit : The Zope2-specific version of 'mapply()' (in 'ZPublisher.mapply') is the right place to fix this issue, if it is to be fixed: Thanks for the info. P.S. This issue is off-topic for the ZODB list: I have cross-posted to 'zope-dev': please follow up there. Woops, lazy typing and wrong mail client completion. I indeed intended it for zope-dev. For some reason, I didn't see your mail on zope-dev (I checked the archives too, but they might be lagging). -- Vincent Pelletier ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZODB-Dev] Bug (?) in zope/publisher/publish.py:unwrapMethod
Le mercredi 26 janvier 2011 08:54:02, Vincent Pelletier a écrit : For some reason, I didn't see your mail on zope-dev As this mail reached the list, I think Tres' mail got caught by some filter. Original mail was: In publish.py[1], unwrapMethod tried to find what can be used to publish an object. In a site, I had someone create a very-badly-named func_code external method in a place accessible by acquisition from every page on the site (this bad by itself, and I corrected it already). This caused unwrapMethod to think it can use any object directly for publishing, because of: elif getattr(unwrapped, 'func_code', None) is not None: break and unwrapped is still in an acquisition context. Shouldn't the checks be done on unwrapped (from acquisition context) objects instead, to prevent such stupid mistake to have such a wide impact. I have the intuition that this could even be a security problem, allowing an unexpected object to be called instead of another, but I cannot come out with an example. Do you think there is anything to fix in zope.publisher[2] ? If so, I'll open a bug. [1] http://svn.zope.org/zope.publisher/trunk/src/zope/publisher/publish.py?view=markup [2] following Tres' answer, make this Zope2's mapply Regards, -- Vincent Pelletier ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Zope Tests: 79 OK, 16 Failed, 1 Unknown
Summary of messages to the zope-tests list. Period Tue Jan 25 12:00:00 2011 UTC to Wed Jan 26 12:00:00 2011 UTC. There were 96 messages: 8 from Zope Tests, 2 from buildbot at pov.lt, 21 from buildbot at winbot.zope.org, 11 from ccomb at free.fr, 54 from jdriessen at thehealthagency.com. Test failures - Subject: FAILED : Zope Buildbot / zopetoolkit_win-py2.5 slave-win From: jdriessen at thehealthagency.com Date: Tue Jan 25 08:54:45 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030050.html Subject: FAILED : Zope Buildbot / zopetoolkit-1.1_win-py2.5 slave-win From: jdriessen at thehealthagency.com Date: Tue Jan 25 09:01:39 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030051.html Subject: FAILED : Zope Buildbot / zope2.13_win-py2.7 slave-win From: jdriessen at thehealthagency.com Date: Tue Jan 25 09:02:54 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030052.html Subject: FAILED : Zope Buildbot / zope2.13_win-py2.7 slave-win From: jdriessen at thehealthagency.com Date: Tue Jan 25 09:29:19 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030054.html Subject: FAILED : Zope Buildbot / zopetoolkit_win-py2.5 slave-win From: jdriessen at thehealthagency.com Date: Tue Jan 25 09:30:34 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030055.html Subject: FAILED : Zope Buildbot / zopetoolkit-1.1_win-py2.5 slave-win From: jdriessen at thehealthagency.com Date: Tue Jan 25 09:43:15 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030056.html Subject: FAILED : winbot / ztk_10 py_244_win32 From: buildbot at winbot.zope.org Date: Tue Jan 25 16:00:37 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030062.html Subject: FAILED : ZTK 1.0dev / Python2.4.6 Linux 64bit From: ccomb at free.fr Date: Tue Jan 25 21:28:56 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030078.html Subject: FAILED : ZTK 1.0dev / Python2.5.5 Linux 64bit From: ccomb at free.fr Date: Tue Jan 25 21:29:07 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030079.html Subject: FAILED : ZTK 1.0dev / Python2.6.5 Linux 64bit From: ccomb at free.fr Date: Tue Jan 25 21:29:08 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030080.html Subject: FAILED : winbot / z3c.rml_py_265_32 From: buildbot at winbot.zope.org Date: Tue Jan 25 22:42:03 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030086.html Subject: FAILED : winbot / z3c.coverage_py_265_32 From: buildbot at winbot.zope.org Date: Tue Jan 25 23:27:25 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030094.html Subject: FAILED : Zope Buildbot / zopetoolkit-1.0_win-py2.4 slave-win From: jdriessen at thehealthagency.com Date: Wed Jan 26 00:35:41 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030104.html Subject: FAILED : Zope Buildbot / zopetoolkit-1.0_win-py2.5 slave-win From: jdriessen at thehealthagency.com Date: Wed Jan 26 00:36:11 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030105.html Subject: FAILED : Zope Buildbot / zopetoolkit-1.0_win-py2.6 slave-win From: jdriessen at thehealthagency.com Date: Wed Jan 26 00:36:18 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030106.html Subject: FAILED : Zope Buildbot / zopetoolkit-1.0-py2.6 slave-ubuntu32 From: jdriessen at thehealthagency.com Date: Wed Jan 26 02:12:43 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030132.html Unknown --- Subject: UNKNOWN : winbot / zc_buildout_dev py_265_win64 From: buildbot at winbot.zope.org Date: Tue Jan 25 16:55:57 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030068.html Tests passed OK --- Subject: OK : Zope Buildbot / zope2.14-py2.6 slave-ubuntu64 From: jdriessen at thehealthagency.com Date: Tue Jan 25 08:49:31 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030049.html Subject: OK : Zope Buildbot / zope2.13_win-py2.6 slave-win From: jdriessen at thehealthagency.com Date: Tue Jan 25 09:05:23 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030053.html Subject: OK : winbot / ztk_dev py_254_win32 From: buildbot at winbot.zope.org Date: Tue Jan 25 15:18:22 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030057.html Subject: OK : winbot / ztk_dev py_265_win32 From: buildbot at winbot.zope.org Date: Tue Jan 25 15:26:50 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030058.html Subject: OK : winbot / ztk_dev py_265_win64 From: buildbot at winbot.zope.org Date: Tue Jan 25 15:35:20 EST 2011 URL: http://mail.zope.org/pipermail/zope-tests/2011-January/030059.html Subject: OK : winbot / ztk_dev py_270_win32 From: buildbot at winbot.zope.org Date: Tue Jan 25 15:43:11 EST 2011 URL:
