Re: [Zope] Passing all POST variables?

2000-06-07 Thread Toby Dickenson
On Fri, 26 May 2000 15:14:56 +0200, Martijn Pieters [EMAIL PROTECTED] wrote: Shame there's no "safe pickle option" that allows only numbers, strings, lists, tuples and dictionaries. There is actually. It's called marshal: http://www.python.org/doc/current/lib/module-marshal.html which

[Zope] Passing all POST variables?

2000-05-26 Thread Andrew H. Chatham
Hello Zope-people, I'm writing a LoginManager plugin for a quiz-taking website, and I have cookies which expire after a manager-defined time. If someone's taking a quiz for longer than the cookie duration and their cookie expires, they're going to have to relogin, but I would rather not lose

Re: [Zope] Passing all POST variables?

2000-05-26 Thread Steve Alexander
Stuart 'Zen' Bishop wrote: I almost got around to doing this for GUF. It would involve interrogating REQUEST.form, and generating a load of hidden controls. One problem to be solved is that in some cases Zope will have messed with your form data before your code sees it (The

Re: [Zope] Passing all POST variables?

2000-05-26 Thread Martijn Pieters
On Fri, May 26, 2000 at 11:05:23AM +0100, Steve Alexander wrote: Here's a very silly idea: Could you pickle and Base64 encode the data you want to pass, and then shove it in a single hidden control? I am afraid that is a very silly security hole. Anyone can replace that pickle with any

Re: [Zope] Passing all POST variables?

2000-05-26 Thread Martijn Pieters
[Keeping [EMAIL PROTECTED] in the loop for the archive] On Fri, May 26, 2000 at 02:05:42PM +0100, Steve Alexander wrote: Martijn Pieters wrote: On Fri, May 26, 2000 at 11:05:23AM +0100, Steve Alexander wrote: Here's a very silly idea: Could you pickle and Base64 encode the data you