On behalf of the Plone security team I am announcing this security issue in
Zope also here:
CVE Identifier: CVE-2020-7939
Type: SQL injection
Severity: 4.9 – MEDIUM
Affected Zope versions:
* Zope 2 older than 2.13.30 (2.13.30 is not yet released)
* Zope 4 older than 4.2
For details see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Zope security response team is pre-announcing a fix for a
vulnerability in Zope 2.12.x and Zope 2.13.x that allows execution of
arbitrary code by anonymous users.
This is a severe vulnerability that allows an unauthenticated attacker
to employ
On Tue, Jun 28, 2011 at 15:30, Sascha Welter zopel...@betabug.ch wrote:
It says Zope 2.10 and 2.11 users who have not installed
PloneHotfix20110720 are not affected - can I conclude from that,
that Zope 2.9 would not be affected either?
Indeed, Zope 2.9 is not affected, with or without the
On Tue, Jun 28, 2011 at 15:40, Norbert Marrale norbertmarr...@yahoo.com wrote:
Why must PluggableAuthService (+ its dependencies) even be installed?
It is a dependency of Plone itself.
--
Martijn Pieters
___
Zope-Dev maillist - Zope-Dev@zope.org
On 28 June 2011 14:40, Norbert Marrale norbertmarr...@yahoo.com wrote:
This should be clarified too: You should, however, make sure that you
are running either Zope 2.10.13 or Zope 2.11.8 and PluggableAuthService
1.5.5, 1.6.5 or 1.7.5
Why must PluggableAuthService (+ its dependencies) even
This is an update on today's security hotfix release.
The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011
(11:00am US EDT.) Updated versions of Zope 2 containing the security
fix will be released at the same time.
For details on which versions of Zope and Plone are affected,
Last week, the Zope and Plone security teams announced the discovery
of a serious security issue affecting all recent versions of Zope and
Plone, as well as the planned release of a Hotfix to address this
issue to be made today, June 28th at 1500 UTC.
The Plone and Zope security teams
On behalf of the Plone and Zope Security Teams I'd like to draw your
attention to a security announcement that has just been published.
This is a pre-announcement only, it does not contain any vulnerability
details. Your sites are a safe today as they were yesterday. However,
as the problem
On Tue, Sep 16, 2008 at 08:55:33AM -0400, Thibaud Morel l'Horset wrote:
Thanks for the response Paul. I don't see a Proxy tab on Page Templates
though, only DTML methods: do I need to install an additional product for
that? or is it configured somewhere else for Templates?
Oops, right you are.
Thibaud Morel l'Horset wrote at 2008-9-15 19:44 -0400:
I'm trying to figure out how to prevent certain zope objects from being
called directly but allow them to be called from another object.
Here is an example:
You have a ZPT page, let's originally call it 'test'
test calls a
permission only available for Authenticated users, and as
anonymous I can neither hit 'test' nor 'script'.
Based on my understanding of the Zope security framework I don't think
this is possible... hopefully someone can tell me I'm wrong though and show
me how to do it :)
http://plope.com
Hi there,
I just submitted a possible security related Zope issue on Launchpad and
noticed that the bug has been assigned to the Zope Security Team which
consists only of Jim. I suggest that a number of competent developers
of the Zope 2 and Zope 3 world volunteer to join the team in order
that the bug has been assigned to the Zope Security Team which
consists only of Jim. I suggest that a number of competent developers
of the Zope 2 and Zope 3 world volunteer to join the team in order to make
sense to the Zope Security team.
Andreas
--
ZOPYX Ltd. Co. KG - Charlottenstr. 37/1 - 72070
I have the exact same problem and have been unable to find a solution
anywhere. Were you ever able to resolve this?
sfmcfar wrote:
I apologize for cross-posting from the plone newsgroup. but after posting
this I realized that this was more of a Zope issue than a Plone one. I
wish I
)
To see exactly what it is ... It might be an instance of some object
that has a __str__ that makes it look like a dictionary?
J.F.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
tomvon
Sent: June 18, 2007 11:36
To: zope@zope.org
Subject: Re: [Zope
Einar Næss Jensen wrote at 2007-6-4 19:53 +0200:
...
How can I copy the associated securityinformation about a zclass
instance into my new diskbased instance? Roles and permissions.
In a product, permissions are automatically created by
using them (to protect a method).
What roles do you have
I'm on the run for transfering my poorly designed zclasses into real
diskbased ones. I've gotten pretty far in only a couple of weeks
thanks to this mailinglist and the irc channel on freenet. Thanks
everyone!
Today I have this question:
How can I copy the associated securityinformation about a
Now in Zope 2.9 I get these warnings::
2006-01-26 14:31:45 WARNING Init Class
Products.MyProduct.Homesite.FilesContainer has a security declaration
for nonexistent method 'FileManagement'
That's understandable because I've coded it like this::
class MyProduct(...):
, 2006 9:44 AM
To: [Zope]
Subject: [Zope] Security class attribute
Now in Zope 2.9 I get these warnings::
2006-01-26 14:31:45 WARNING Init Class
Products.MyProduct.Homesite.FilesContainer has a security declaration
for nonexistent method 'FileManagement'
That's understandable because
26, 2006 9:44 AM
To: [Zope]
Subject: [Zope] Security class attribute
Now in Zope 2.9 I get these warnings::
2006-01-26 14:31:45 WARNING Init Class
Products.MyProduct.Homesite.FilesContainer has a security declaration
for nonexistent method 'FileManagement'
That's understandable
On 1/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
My site, including the bug, is currently public and to be demoed in two
days. Any assistance or guidance is greatly appreciated.
Switch on VerboseSecurity in etc/zope.conf; this will give you much
more info on what the security engine state
I have patched the Navigation and Management so the drop-down containing
'Set Preferences' and 'Logout' is displayed in the menu frame. The 'Set
Preferences' displays a customized page to the user to set a unique set
of options for my application. My product consists of several additional
roles
HiJust a quick query about Zope security etc. I've got an
installation on a Windows server using Apache, which also hosts
internal email/data etc. This is behind a router/firewall. Just
wondering if there are any Zope security issues that I should be aware
of? How secure is Zope?
ThanksMichaelPS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
michael nt milne wrote:
Hi
Just a quick query about Zope security etc. I've got an installation on a
Windows server using Apache, which also hosts internal email/data etc. This
is behind a router/firewall. Just wondering if there are any Zope
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I wrote:
I would rate Zope overall as a reasonably secure platform. Because the
builk of it, including all the socket handling code, is written in
If you look
at the list of security alerts (hotfixes, see
you will note that the *vast*
Cameron Beattie wrote:
def main():
urllib._urlopener = MyUrlOpener()
url = %s/Control_Panel/Database/manage_pack?days:float=%s % \
*sigh* url whacking, bleugh!
If I use the backup user then urllib can't get the url due to no
authentication so errors as follows:
What roles do
Cameron Beattie wrote:
I have created a script based on zope_pack from the Zope book which
allows a username and password to be specified when it is called. I wish
to create a user specifically for this purpose that only has the ability
to pack the ZODB.
What permission is ZODB packing
I have created a script based on zope_pack from the Zope book which
allows a username and password to be specified when it is called. I wish
to create a user specifically for this purpose that only has the ability
to pack the ZODB.
What permission is ZODB packing protected by?
I don't know.
I have created a script based on zope_pack from the Zope book which allows a
username and password to be specified when it is called. I wish to create a
user specifically for this purpose that only has the ability to pack the
ZODB.
I've created a custom role and a user that has this role.
How can I manage permissions for imported ZPT files?
Relevant lines from my Product:
from AccessControl import ClassSecurityInfo
class MyClass():
security=ClassSecurityInfo()
comment_add_form=PageTemplateFile('zpt/comment_add_form',globals())
My goal is to limit access to
On 11.Jul 2005 - 18:27:57, Milos Prudek wrote:
How can I manage permissions for imported ZPT files?
Relevant lines from my Product:
from AccessControl import ClassSecurityInfo
class MyClass():
security=ClassSecurityInfo()
On 11 Jul 2005, at 17:41, Andreas Pakulat wrote:
add a security.declareProtected('comment_add_form', 'right that is
granted to Authenticated users only')
Where the second string would be one of the rights listed on the
security tab with in the ZMI. If that right is granted to the
authenticated
Anders Bruun Olsen wrote at 2005-5-6 18:19 +0200:
...
security = ClassSecurityInfo()
security.setDefaultAccess(deny)
security.declareProtected(View Bookbase, index_html)
...
When the template tries to access container/title an access denied
expection is raised. With VerboseSecurity I get
Hi,
I am attempting to make a zope product (a custom book-database for use
by my employer) and of course want to secure it. I have added this code
to my class:
security = ClassSecurityInfo()
security.setDefaultAccess(deny)
security.declareProtected(View Bookbase, index_html)
--On Freitag, 6. Mai 2005 18:19 Uhr +0200 Anders Bruun Olsen
[EMAIL PROTECTED] wrote:
It works if I do setDefaultAccess(allow), but I don't want to allow
access by default and then just deny for those I know I want to deny
access to. I want it the other way around.
Why don't you write an
Hi!
Im developing a portal using, zope and i had been some
problems with the security of some template pages that
I have created. Those pages are accesible just puting
the correct path in the url, even if they are only for
manager access. I have already try the security tabs that
are associated
--On Sonntag, 1. Mai 2005 13:02 Uhr +0100 cla [EMAIL PROTECTED] wrote:
Hi!
Im developing a portal using, zope and i had been some
problems with the security of some template pages that
I have created. Those pages are accesible just puting
the correct path in the url, even if they are only for
thanks for your help!
but is there any way to define
this permission to the folder that contain the
many pages templates that i want to restrict the use?
afecting the parent(folder) we affect also the children(document)
instead of defining for all template pages this rules.
thanks a lot..
Hi,
I'm trying to import and use the email.Message.Message class in a zope
'Script (Python)'.
I have the following security assertions in my product code::
from AccessControl import allow_module, allow_class
from AccessControl import ModuleSecurityInfo
--On Dienstag, 12. April 2005 16:18 Uhr +0100 Tim Hicks
[EMAIL PROTECTED] wrote:
Hi,
I'm trying to import and use the email.Message.Message class in a zope
'Script (Python)'.
I have the following security assertions in my product code::
from AccessControl import allow_module, allow_class
Andreas Jung said:
Module RestrictedPython.Guards, line 96, in handler
TypeError: object does not support item or slice assignment
Does anyone have any idea what the problem is?
Move your code into an external method which is less painful than dealing
with module security issues. As
Andreas Jung said:
Module RestrictedPython.Guards, line 96, in handler
TypeError: object does not support item or slice assignment
Does anyone have any idea what the problem is?
Digging further...
I made the TypeError a little more revealing on line 96 of
RestrictedPython/Guards.py so
Tim Hicks said:
Andreas Jung said:
Module RestrictedPython.Guards, line 96, in handler
TypeError: object does not support item or slice assignment
Does anyone have any idea what the problem is?
Digging further...
I made the TypeError a little more revealing on line 96 of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Overview
Zope Corporation has released a Zope hotfix product addressing a
potential vulnerability discovered during a recent security audit
of Zope 2.7 and 2.8.
Affected Versions
The hotfix affects versions 2.7.5 and earlier of Zope on the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Overview
Zope Corporation has released a Zope hotfix product addressing a
potential vulnerability discovered during a recent security audit
of Zope 2.7 and 2.8.
Affected Versions
The hotfix affects versions 2.7.5 and earlier of Zope on the
Casey Duncan wrote:
They are fixed in the latest releases of Zope 2.6 and 2.7
...snip good info...
Download a new version of Zope and test it out with a copy of your
application. Let us know if anything breaks.
Thank you.
Sincerely,
/dario - off to test new zope-versions
--
--
Chris Withers wrote:
Hi,
Can anyone shed light on all of these? I know about some of them, but
this is quite a disturbingly long list...
What is the current status of these issues? I am running a rather larges
site with sensitive personal data.
The decision to use Python/Zope instead of
Hi...
I have a question with a security related problem.
I've written a script to produce PDF output from any HTML output, as
described in http://www.zope.org/Members/mjablonski/howtoPDF
My problem is that with this simple script, I can get access to
protected pages without giving any
At 18:43 16/01/2002, you wrote:
Sorry about cross-posting but I think the following info is worth reading
for both zope-users and developers.
Note that up until Zope 2.5.0b4 there is a bug in the way module security
assertions are handled that makes it impossible to declare more than one
to do with Zope security, but it is not a
vulnerability. (That's why I didn't want to use the term hotfix)
You can make a monkey patch by creating code modeled after ZC hotfixes
that does some specific set of steps. In this case, you'd probably want
to replace the ModuleSecurityInfo class
.
- Sun Tzu
- Original Message -
From: Chris McDonough [EMAIL PROTECTED]
To: Godefroid Chapelle [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, January 17, 2002 1:50 PM
Subject: Re: [Zope-dev] Re: [Zope] Security Assertions
I do not know what you mean
Just a quick note on this point, there are two points during startup when
a
product can get control:
1) When the __init__.py is imported
2) When the initialize function within that __init__.py is called.
I think Godefroid's case it would definitely want to be in __init__.py
*outside* of the
Evan -
I believe I have found a situation while using python methods that
exposes a security hole. A user that can create python methods can
grant the Manager role to himself by simply writing and then calling
the manage_users method. This issue might also apply to other
scenarios.
I created
J B Bell wrote:
I want to do authentication for a whole subset of the site (indeed, its
entire public face really), but don't want a huge userfolder build from NIS.
nisUserFolder doesn't seem like the right solution since I only want to use
nis if they don't auth in the customary fashion.
I'd like to make a 'fallback' authorization scheme for Zope. That is:
If user does not exist in usual UserFolder, then
authenticate against custom module (NIS, in this case)
and give them Anonymous privileges.
I want to do authentication for a whole subset of the site (indeed, its
entire
I have made a Python product and when I add it to a folder there is no
problem, but when I try to add it to a zClass that subclasses a
objectManager i get a security error. Is there anything special I need to do
to add products to an objectManager ???
I get a password box, but if I just clicks
"Phillip J. Eby" wrote:
DataSkins stored in Racks do not participate in the Zope ownership
mechanism, nor the creation of the 'Owner' role. This is because they are
not being stored via the normal ObjectManager protocols.
Hurm... to what extent do they participate in Zope's Security
On Fri, Dec 15, 2000 at 02:02:08PM -0500, Brian Lloyd wrote:
A security issue has recently come to our attention (thanks to
Erik Enge for identifying this) that affects Zope versions up to
and including Zope 2.2.4.
...
The hotfix will work for all versions of Zope 2.2.0 and higher.
The hotfix will work for all versions of Zope 2.2.0 and higher. A
future version of Zope will contain the fix for this
issue, and you will be able to uninstall the hot fix after upgrading.
This seems to imply that 2.1.6 is vulnerable as well, but that this Hotfix
won't work, and
On Mon, Dec 18, 2000 at 10:30:56AM -0500, Brian Lloyd wrote:
The hotfix will work for all versions of Zope 2.2.0 and higher. A
future version of Zope will contain the fix for this
issue, and you will be able to uninstall the hot fix after upgrading.
This seems to imply that
Hi all -
Tis the season for hot - fix - es, fa la la la la,
waa waa waa waa...
Peter Kelly has brought another potential security issue to
our attention that is important enough to make a Hotfix
available for those who allow untrusted users to edit DTML
on their sites.
The issue
On Fri, Dec 08, 2000 at 05:40:13PM -0500, Shane Hathaway wrote:
AFAICT 2.1.6 is not vulnerable.
Verifying this on our server, this turns out to be quite correct; Zope
2.1.6 does not demonstrate the problem repaired by the hotfix.
--amk
___
Zope
Few days ago I found that on site that I'm currently working on,
everybody can add DTMLMethods and Documents (and maybe do more, I haven't
checked yet, but I think it's bad enough !) by simply entering URL
http://www.mysite.com/manage_addDTMLMethod?id=q1title=qq1file=qqq1
After that Zope sends
Aleksander Salwa wrote:
Few days ago I found that on site that I'm currently working on,
everybody can add DTMLMethods and Documents (and maybe do more, I haven't
checked yet, but I think it's bad enough !) by simply entering URL
Hi all,
Aleksander Salwa has brought a security issue to our attention
that affects all Zope versions up to and including Zope 2.2.4.
We have released a Hotfix product to address the issue that can
be downloaded from zope.org. (Thanks to Aleksander for finding
this and to Shane
Might be a security problem...
Are you allowed to access that header from inside your index_html?
cheers,
Chris
Andreas Jung wrote:
Inside a product my index_html is set to
"index_html=HTMLFile('index_html',globals())"
The index_html.dtml calls dtml-var standard_html_header. This
* Dieter Maurer [EMAIL PROTECTED] [001128 00:12]:
Bowyer, Alex writes:
Can some one explain how the Define Permissions screen works. I really don't
understand the concept behind it, what does it mean for a permission setting
to own a permission?
All I need to do is to make
In article [EMAIL PROTECTED], seb bacon
[EMAIL PROTECTED] writes
* Dieter Maurer [EMAIL PROTECTED] [001128 00:12]:
Bowyer, Alex writes:
Can some one explain how the Define Permissions screen works. I really
don't
understand the concept behind it, what does it mean for a permission
Bowyer, Alex writes:
Can some one explain how the Define Permissions screen works. I really don't
understand the concept behind it, what does it mean for a permission setting
to own a permission?
All I need to do is to make certain ZClass methods have a certain level of
security and
Can some one explain how the Define Permissions screen works. I really don't
understand the concept behind it, what does it mean for a permission setting
to own a permission?
All I need to do is to make certain ZClass methods have a certain level of
security and the other methods of the class
Bowyer, Alex writes:
I can't find any examples in any of the Zope documentation
about how to manage permissions for class methods. Does anyone know where I
could find such documentation or examples if there are any?
Did you look at the upcoming Zope book?
Dieter
I know I am posting quite a lot of questions to the list lately, sorry about
that, it's just that I can save myself hours of trial-and-error coding when
I get quick answers from list, so I hope you don't mind. It seems to be the
fastest way to learn.
I have a news page ZClass and a news article
On Fri, 17 Nov 2000, Bowyer, Alex wrote:
I have one method index_html which should be viewable by anonymous.
All other methods should only be viewable when a username/password is
entered for someone with the role I have called UAAdmin
[...]
I can only seem to get full access to all pages (if
Greetings,
I had posted about this on Zope-dev because I'm running the CVS version,
but no response there. Also more research has yielded more info.
I first discovered this issue with LoginManager, but the same problem
occurs with standard acl_users too.
First, 'Figure 1:'
/ (Root Folder)
Greetings,
I know this a very busy list, but I'm hoping someone can take a moment to
address this. I had posted about this on Zope-dev because I'm running the
CVS version, but no response. Also more research has yielded more info.
I first discovered this issue with LoginManager, but the same
On Thu, 9 Nov 2000, Charlie Wilkinson wrote:
/ (Root Folder)
/ acl_test (ACL Test Folder)
acl_users (User Folder)
index_html (Test Document)
Now, referring to figure 1, changes to security settings for the acl_test
folder are having no effect on access
[Charlie Wilkinson]
| Greetings,
Hola!
| Now, referring to figure 1 (above :-), changes to security settings
| for the acl_test folder are having no effect on access to index_html.
| Only when I change the security settings on index_html itself, can I
| control access to it.
Can it have
please bear with my ignorance, because this is the first couple of day
I ever try Zope. It is super cool, but I should say that the
documentation is far from satisfaction.
Here is my problem:
The only API I can find to alter the properties of some object is
"manage_changeProperties". However, in
[Charlie Wilkinson]
| Greetings,
Hola!
| Now, referring to figure 1 (above :-), changes to security settings
| for the acl_test folder are having no effect on access to index_html.
| Only when I change the security settings on index_html itself, can I
| control access to it.
Can
hi,
do you have these two:
http://www.zope.org/Members/michel/ZB/
http://zdp.zope.org/projects/zqr
j.
..
. Jason C. Leach
... University College of the Cariboo.
..
___
Zope maillist - [EMAIL PROTECTED]
cument or method, i should be able to acquire anything
specified into it, from its parent hierarchy.
Please help or tip. Thanks =)
Seb Bacon wrote:
Does Zope security provide a way of restricting what
objects are listed to
an authenticated user inside the Zope 'manage' interface? I'm
getting my
head all t
OK let me state that I don't think so (subject line). I had to choose this
subject, because it seems to me, that nobody was interested in my previous
attempts to get information about my problem. So here is my newbie (?)
question again:
I have the folders:
/www/folder1
/www/folder2
Apache
Stephan Goeldi wrote:
OK let me state that I don't think so (subject line). I had to choose this
subject, because it seems to me, that nobody was interested in my previous
attempts to get information about my problem. So here is my newbie (?)
question again:
I have the folders:
r's "Access contents information" rights for Anonymous and the
sub-tree managers. I think Zope security is really a bit weak here because the
standard settings are NOT blocking "Access contents information" and blocking
it makes programming a bit harder ...
BUT: You CAN configu
Also, consider adding an accessrule. This won't stop them from using
__no_before_traverse__ or _SUPPRESS_ACCESSRULE but it will make it
'appear' there is nothing more than the current level.
knight
[EMAIL PROTECTED]
On Fri, 13 Oct 2000, Tim Cook wrote:
Stephan Goeldi wrote:
OK let me
Does Zope security provide a way of restricting what objects are listed to
an authenticated user inside the Zope 'manage' interface? I'm getting my
head all twisted up over this security / proxy roles /local roles lark.
Thanks, seb
___
Zope maillist
Martijn Pieters wrote:
No it isn't. Web access to class instances is handled by permissions.
Unpickling will cause class instantiation in the python process, where you
have no control over what get's created.
Surely you could pipe this process through the Zope security process?
You can
Hi all -
There was quite a bit of discussion on the "security
assertion spelling proposal" on dev.zope.org recently -
it has since turned into an active project and I have
a draft of the first deliverable (user documentation)
ready for review and comment:
Hello zope-users,
I upgraded my Zope application from version 2.1.3 to 2.2.0 . Now I
have problems with the new security system.
e.g. 'test.py' in Extensions directory:
class test:
def __init__(self):
pass
def sayhello(self):
return "hello"
def initialize(self):
return test()
On Mon, 21 Aug 2000, Stefan Bambach wrote:
class test:
def __init__(self):
pass
def sayhello(self):
return "hello"
def initialize(self):
return test()
What's wrong with this code ?
Try to add this attribute to your class 'test':
The issue involves the fact that the getRoles method of
user objects
contained in the default UserFolder implementation returns
a mutable
Python type. Because the mutable object is still
associated with the
persistent User object, users with the ability to edit DTML could
Now - should methods of mutable types be off-limits in the
future? [...] I don't think it would
be acceptable for 'append' to be off-limits in this case, so
the alternative is that the security machinery would somehow
have to be able to distinguish mutables created by the user
from those
Hi all -
We have recently become aware of an important security issue
that affects all released Zope versions prior to 2.2.1 beta 1.
The issue involves the fact that the getRoles method of user objects
contained in the default UserFolder implementation returns a mutable
Python
Yikes! Every time I try to change my security settings all
of the checkboxes become unset when I save the form!
1. Open up any "Security" tab
2. Change a checkbox
3. Save the form
4. Click 'Ok'
5. ALL of the checkboxes are empty!
Has anbody else seen this problem? I have a workaround, but
I'd
On Wed, Aug 09, 2000 at 10:08:20AM -0700, Paul Abrams wrote:
Yikes! Every time I try to change my security settings all
of the checkboxes become unset when I save the form!
1. Open up any "Security" tab
2. Change a checkbox
3. Save the form
4. Click 'Ok'
5. ALL of the checkboxes are
Hi,
I've got two questions.
1.Is Zope 2.2.0 masking the length of the passwords?
2. the more important-
I'm using a method to change properties by form. The user i.e. Tim has
the role manager in the highest user_folder and acquisition is kept but
Zope tells me that the user is not authorized.
Hi,
I've got two questions.
1.Is Zope 2.2.0 masking the length of the passwords?
2. the more important-
I'm using a method to change properties by form. The user i.e. Tim has
the role manager in the highest user_folder and acquisition is kept but
Zope tells me that the user is not authorized.
authentification request bug and fail
when running an sql method through an external method (python 1.5.42+) in a
dtml-tree tag
zope(2.2dev) asks me to login again, what i do without success. Indeed, all
separate components work fine.
Any idea ?
Thanks
I have a very anoying problem...
I have created a news-product and have several news-objects. Now I want
to change the properties of a news-object. This is my code for that:
dtml-with "newsEntries"
dtml-call "_[objId].propertysheets[1].manage_editProperties(
Hi :)
I may say something idiot, but...
Did u try to change the proxy roles of the method which call the fonction
manage_editProperties?
(in case of: to do it, edit your method and choose proxy at the top of the
window), u can edit the role of your method.
Piotr.
Peter Arvidsson wrote:
I
1 - 100 of 108 matches
Mail list logo