[Zope-dev] Virtual Hosting in 2.2 - a Bestiary of Buglets
I setup virtual hosting on Zope 2.2.1 with SiteAccess 2. I used Apache with ProxyPass (Apache acting as a reverse HTTP proxy in front of ZServer) instead of FastCGI, since this is much faster (with caching headers apache is about 10 times as fast as ZServer). The setup is as follow - each site has a folder in /websites, so www.example.com is mapped to /websites/example in Zope. In /websites/example I have an Access Rule that tells Zope that the base url is http://www.example.com. Problem 1: HTTP and HTTPS (more of a proxypass issue) === I want to be able to serve both http and https versions of a site from Apache. Problem is, because of the way proxying works, there is no way for Zope to know if it is origially being accessed via http or https. My solution? Add a folder in top level of Zope called "ssl". If we see our path as proxied by Apache is /ssl/websites/example, we know we are being accessed via SSL. Because of the magic of acquisition, this works, but it's still an ugly hack, and slows things down. Here's the SiteAccess rule I used: if REQUEST['PATH_INFO'][:5] == '/ssl/': REQUEST.setVirtualRoot('/') REQUEST.setServerURL(protocol='https', hostname='www.example.com', port='443') else: REQUEST.setVirtualRoot('/') REQUEST.setServerURL(hostname='www.example.com', port='80') Problem 2: ZCatalog = All the objects in /websites/example are being catalogged with paths such as /websites/example/folder/myObject. However, when I gets the objects path using getpath(), it's not adjusted based on the virtual hosting settings - it's still /websites/example/folder/myObject, not /folder/myObject as it should be. Problem 3: Management interface = The breadcrumbs in the folder management screen (e.g. "/ folder1 / folder2"), still show the "/ websites / example", with links, when using the virtual hosting. That is, the managemnt interface shows folders that we are not supposed to be able to access when we are using virtual hosting. Problem 4: Access to other virtual hosts (security issue?) When using virtual hosting, it is still possible to access the /websites folder for example, using acquistion. So I can view the contents of one website from the other: www.example.com/websites/example2, and www.example2.com/websites/example. -- Itamar S.T. [EMAIL PROTECTED] Fingerprint = D365 7BE8 B81E 2B18 6534 025E D0E7 92DB E441 411C ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] PARENTS
From http://www.zope.org/Members/michel/Projects/Interfaces/PublisherRequest: Deprecated attributes: - PARENTS What are we supposed to use instead now? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Problem 2: ZCatalog
Itamar Shtull-Trauring wrote: All the objects in /websites/example are being catalogged with paths such as /websites/example/folder/myObject. Using getPhysicalPath I hope and pray... However, when I gets the objects path using getpath(), it's not adjusted based on the virtual hosting settings - it's still /websites/example/folder/myObject, not /folder/myObject as it should be. That's as expected. I guess there needs to be some discussion about what 'should' happen here. I reckon there should be a getVirtualPath as well as a getPath. Comments welcome... For now, the workaround getobject().absolute_url() should work, but does mean loading the whole object into memory :-( cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Problem 1: HTTP and HTTPS (more of a proxypass issue)
Chris Withers wrote: What difference does it make if you do REQUEST.setVirtualRoot('/',1)? This might actually solve most of my problems, since it deletes the parents I don't need from PARENTS. However, when I do this I can't view anything - it keeps raising Unauthorized. Setting the permissions to not acquire and be explicitly on does not help. -- Itamar S.T. [EMAIL PROTECTED] Fingerprint = D365 7BE8 B81E 2B18 6534 025E D0E7 92DB E441 411C ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] What should/does REQUEST.setVirtualRoot('/',1) do?
Itamar Shtull-Trauring wrote: What difference does it make if you do REQUEST.setVirtualRoot('/',1)? This might actually solve most of my problems, since it deletes the parents I don't need from PARENTS. However, when I do this I can't view anything - it keeps raising Unauthorized. Setting the permissions to not acquire and be explicitly on does not help. I guess I'd really like to know what the intended difference and uses of hard=0 and hard=1 are. Evan, Help?! cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Problem 4: Access to other virtual hosts (security issue?)
Itamar Shtull-Trauring wrote: When using virtual hosting, it is still possible to access the /websites folder for example, using acquistion. So I can view the contents of one website from the other: www.example.com/websites/example2, and www.example2.com/websites/example. I don't think this is a 2.2 issue. It has always been like this AFAIK... What you really what is a non-acquiring folder for the /example and /example2 folders. This shouldn't be too hard to implement :-S Does this sounds like the right idea? cheers, Chris PS: This shouldn't really be a security issue, it's more of a 'niceness' thing as the security stuff will still work as it should (unless, perhaps, you do domain-based authentication...) Sadly, that sort of thing seems to go right down the priority lists :-( (go see http://www.zope.org/standard_html_footer for another example...) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] LoginManager NT plugins?
anyone doing user authentification with NT + Loginmanager? -- Robin Becker ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] PlugIns.py bug.... (was incorrectly ZPatterns: transaction bug)
OK I think I found the actual intent of aq_base() in _checkId of PlugIns.py: if hasattr(aq_base(self), id): # The object is located in this ObjectManager. if not flags REPLACEABLE: raise 'Bad Request', ('The id "%s" is invalid - ' \ 'it is already in use.' % id) # else the object is replaceable even if the UNIQUE # flag is set. elif flags UNIQUE: raise 'Bad Request', \ ('The id "%s" is reserved.' % id) it comes from the ObjectManager _checkId which has basically the same code execpt it ObjectManager.py also has the needed: from Acquisition import aq_base which PlugIns.py does not.. so looking at Acquisition.c it appears that there is no real difference between hasattr(aq_base(self), id) which calls if (WRAPPER(self)-obj) { r=WRAPPER(self)-obj; while (isWrapper(r) WRAPPER(r)-obj) r=WRAPPER(r)-obj; } else r=Py_None; Py_INCREF(r); return r; and hasattr( self.aq_base, id) which calls case 'b': if (strcmp(name,"base")==0) { if (self-obj) { r=self-obj; while (isWrapper(r) WRAPPER(r)-obj) r=WRAPPER(r)-obj; } else r=Py_None; Py_INCREF(r); return r; } break; Anyway.. it looks like either fix is OK... I guess! -steve "Steve" == Steve Spicklemire [EMAIL PROTECTED] writes: Steve ZPatterns 0.4.2a1 PlugIns.py bug? Steve I get a 'Name Error' aq_base when I hit the following code Steve while trying to update the index_html method of one of my Steve Specialists from CVSMixin.. I think that this would get hit Steve anytime you add an object whose id is already in the Steve acquisition path Steve -steve Steve diff -c -r1.1.1.2 PlugIns.py *** PlugIns.py 2000/09/04 Steve 14:17:29 1.1.1.2 --- PlugIns.py 2000/09/04 18:53:17 Steve *** *** 265,271 # An object by the given Steve id exists either in this # ObjectManager or in the Steve acquisition path. flags = getattr(obj, '__replaceable__', Steve NOT_REPLACEABLE) ! if hasattr(aq_base(self), id): # The Steve object is located in this ObjectManager. if not flags Steve REPLACEABLE: raise 'Bad Request', ('The id "%s" is invalid Steve - ' \ --- 265,271 # An object by the given id exists Steve either in this # ObjectManager or in the acquisition path. Steve flags = getattr(obj, '__replaceable__', NOT_REPLACEABLE) ! Steve if hasattr(self.aq_base, id): # The object is located in Steve this ObjectManager. if not flags REPLACEABLE: raise 'Bad Steve Request', ('The id "%s" is invalid - ' \ Steve ___ Zope-Dev Steve maillist - [EMAIL PROTECTED] Steve http://lists.zope.org/mailman/listinfo/zope-dev ** No cross Steve posts or HTML encoding! ** (Related lists - Steve http://lists.zope.org/mailman/listinfo/zope-announce Steve http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] PlugIns.py bug.... (was incorrectly ZPatterns: transaction bug)
At 08:46 AM 9/5/00 -0500, Steve Spicklemire wrote: OK I think I found the actual intent of aq_base() in _checkId of PlugIns.py: ... it comes from the ObjectManager _checkId which has basically the same code execpt it ObjectManager.py also has the needed: from Acquisition import aq_base Fixed in my CVS. Thanks! ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Virtual Hosting in 2.2 - a Bestiary of Buglets
From: Itamar Shtull-Trauring [EMAIL PROTECTED] Problem 1: HTTP and HTTPS (more of a proxypass issue) === I want to be able to serve both http and https versions of a site from Apache. Problem is, because of the way proxying works, there is no way for Zope to know if it is origially being accessed via http or https. My solution? Add a folder in top level of Zope called "ssl". If we see our path as proxied by Apache is /ssl/websites/example, we know we are being accessed via SSL. Because of the magic of acquisition, this works, but it's still an ugly hack, and slows things down. If you think that's an ugly hack, you'll probably hate what I do ;-) I have Apache RewriteRules that look like these: RewriteRule ^/(.*) http://localhost:8080/_proxy/http/%{HTTP_HOST}/example/$1 [P,L] (with https instead of http in secure virtual hosts, of course) ...and an Access Rule in my root folder (stack is the traversal stack): if stack and stack[-1] == '_proxy': stack.pop() base = "%s://%s" % (stack.pop(), stack.pop()) request.setURL(base=base) request.set('SiteRootPATH', '/') Finally, I have blank SiteRoots in my site folders. Problem 2: ZCatalog = All the objects in /websites/example are being catalogged with paths such as /websites/example/folder/myObject. However, when I gets the objects path using getpath(), it's not adjusted based on the virtual hosting settings - it's still /websites/example/folder/myObject, not /folder/myObject as it should be. This is one of the many ZCatalog problems that Chris P. is now valiantly tackling. Problem 3: Management interface = The breadcrumbs in the folder management screen (e.g. "/ folder1 / folder2"), still show the "/ websites / example", with links, when using the virtual hosting. That is, the managemnt interface shows folders that we are not supposed to be able to access when we are using virtual hosting. As Chris Withers points out, this is due to deprecated data passed in calls to tabs_path_info. I'll see that it gets fixed. Problem 4: Access to other virtual hosts (security issue?) When using virtual hosting, it is still possible to access the /websites folder for example, using acquistion. So I can view the contents of one website from the other: www.example.com/websites/example2, and www.example2.com/websites/example. Unless this is a real security concern for you, and can't be address within the standard Zope security framework, I wouldn't worry about it. As you noticed, the optional 'hard' parameter to setVirtualRoot was a weak stab in this direction, but I never spent enough time on it to really get it working. That would involve (at least) providing some kind of replacement Application instance to root acquisition in. Cheers, Evan @ digicool 4-am ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] BTree folders: opinions?
Steve Alexander wrote: I've been reading the discussions on benchmarks of BTreeFolder verus standard ObjectManager dict based folders. I have a BTreeFolder w/ Customizer support that I'd like to include in the DataSkinAddons package for its next release. I'll probably release a LargeUI Folder w/ Customizer Support, that has the BTreeFolder UI anyway. However, I'm not sure whether to store the folder contents in a dict or a BTree. Are dictionaries or BTrees the way to go for folders with lots of sub-objects? Anyone tried any other benchmarks? I *suppose* it could even be configurable: How about this for an idea: * Management interface uses the standard Folder interface when the number of objects in the contents are less than a certain amount. With more objects, it switches to the BTree Folder UI. This number can be reconfigured as an attribute of the folder. Have you considered a batching UI? The consensus here at DC when we had the meeting about big folders was that folders with lots of objects ought to batch. However, once I saw how fast a simple list is, I lost interest in batching. * You can switch between using a dict and a BTree to store the sub-objects, on an instance-by-instance basis. The switch-over will be slow, but it will be easier than changing the base-class of existing instances. You'll probably get the biggest win just by replacing the custom __getattr__ method with a C version. I understand that switching from C to Python and back to C again is expensive, but a C version would turn the path into C-C-C. It might level the benchmarks. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] SiteAccess 2 Questions
Hi, Here's a load of questions that have sprung up as a result of trying to get to grips with SiteAccess 2 on Zope 2.2.1: It looks like REQUEST.steps is the replacement for PARENTS? Is that so? Small grumble: REQUEST['TraversalRequestNameStack'] is a bit of a long-winded name :P If an Access Rule is broken, and is preventing normal access, it can be disabled by restarting Zope with environment variable SUPPRESS_ACCESSRULE set. So now you have to restart Zope to undo a screwup? I guess __no_before_traverse__, or whatever it was, was a security whole, or something? Hmm, the example for Multiple Sites isn't very robust :-( http://www.zope.org/Members/4am/SiteAccess2/vhosting You use HTTP_HOST, without ensuring it exists. I remember having problems with this in Zope 2.1.6 as HTTP_HOST doesn't exist when you access things via FTP, so an error gets thrown, effectively preventing you from accessing any objects covered by the access rule through FTP. My solution for this is just to wrap the rule in dtml-if "REQUEST.has_key('HTTP_HOST')" Well, that's all for now... cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: SiteAccess 2 Questions
From: Chris Withers [EMAIL PROTECTED] It looks like REQUEST.steps is the replacement for PARENTS? Is that so? Actually, REQUEST.steps has always been there -- it's the list of *ids* that were traversed. This may or may not correspond to the ids of the PARENTS, depending on whether an object with a __bobo_traverse__ inserted extra objects or replaced itself in PARENTS. Then there is REQUEST._steps, which is new, and which is (as the _ implies) for internal use only. It's a pre-url-quoted list of steps, affected by virtual hosting, which is used to construct URLn and BASEn. Right now, I've working in a CVS branch on new REQUEST variables called URLPATHn and BASEPATHn, which are analagous to URLn and BASEn but only contain the path portion of the URL. Then all SCRIPT_NAME uses should be replaced with BASEPATH1, etc. Small grumble: REQUEST['TraversalRequestNameStack'] is a bit of a long-winded name :P Agreed. Jim pretty much mandated a name that (1) lives in 'other', rather than being an attribute, and therefore (2) is very, very unlikely to clash with other people's REQUEST variable names. So now you have to restart Zope to undo a screwup? I guess __no_before_traverse__, or whatever it was, was a security whole, or something? No, it's just not specific enough. Now that the before-traversal hook is part of Zope, other services may want to use it, and so it shouldn't have a global on/off switch. As of SiteAccess 2.0b3, you can insert "_SUPPRESS_SITEROOT" and/or "_SUPPRESS_ACCESSRULE" into your URL in order to turn off a single SiteAccess object (the one which would have triggered at that point in the URL). Hmm, the example for Multiple Sites isn't very robust :-( http://www.zope.org/Members/4am/SiteAccess2/vhosting I didn't spend a whole lot of time fortifying it. It's just meant to be an example, after all. I wasn't expecting so many people to paste it into their applications without understanding what it does. :-) Cheers, Evan @ digicool 4-am ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] DCOracleStorage: problems running Full.sql
I'm trying to get DCOracleStorage up and running, but I'm getting errors trying to run Full.sql. I know didly about plsql, so I apalogize if this is obvious. When I run Full.sql I get the following errros. Does this mean my oracle installation is missing something? Thanks, ^Roman ... Table created. Table created. Index created. Commit complete. Package created. No errors. Warning: Package Body created with compilation errors. create package body zodb_methods as * ERROR at line 1: ORA-01041: internal error. hostdef extension doesn't exist No errors. ORA-24323: value not allowed Error accessing package DBMS_APPLICATION_INFO ERROR: ORA-03114: not connected to ORACLE ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Folderish objects and multiple inheritance
- Original Message - From: "Andy McKay" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 05, 2000 2:13 PM Subject: [Zope] Re: [Zope-dev] Folderish objects and multiple inheritance Hmmm I can override inheritance in a simple class... I guess theres something in Zope thats annoying this: class A: var = 'A' def test(self): return self.var class B: var = 'B' def test(self): return self.var class C(B, A): var = 'C' def test(self): return A.var c = C() print c.test() OUTPUT A - Original Message - From: "Andy McKay" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 05, 2000 11:35 AM Subject: [Zope-dev] Folderish objects and multiple inheritance Hi there, Ok so I have a class that has multiple inheritance. My main class (A) works fine, but I wanted to add in folderish properties. The problem is the order of multiple inheritance and viewing folder objects. When you view a folder from you call index_html and this gives a content list. By inheriting this way: class B(A, Folder): I have kept all my A methods. However viewing it does not produce the content list since its overwritten by A. Of course inheriting: class B(Folder, A): Does work for that, but breaks all my other methods. Solutions: Well I tried defining a tab - view_folder which was something along the line of: def view_folder(self, client=None, REQUEST={}): ''' doc string ''' return Folder(self, client, REQUEST) But get an attribute error on manage_tabs. Any ideas? Thanks. -- Andy McKay, Developer. ActiveState. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Call for a creation_datetime property!
It is really a painful thing to do without. I realize I can add this capability to factories of my own objects but I don't want to have to create my own versions of dtml-document and everything else just to ensure that a creation date is kept. I've tried using transaction logs but this is very dodgy for the following reasons. 1) An object can be created by many different methods. Its guess work working out which created the object. 2) The odb can be packed and then you've just lost your creation date. Can anyone give a good reason not to include this property as a standard for all ZODB objects? Dylan Jay Tel: +61 2 9886-8961 Avaya Communication FAX: +61 2 9352 9224 Level 5, 15 Talavera Road Mobile:+61 409 606 171 Nth Ryde, NSW, 2113 ICQ: 520341 AUSTRALIA ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope] Re: superuser confusion
From: "Chris McDonough" [EMAIL PROTECTED] On Mon, 4 Sep 2000, Chris Withers wrote: Well, okay, let me rephrase the question: Why is it bad for the bootstrap user to own anything? It used to be considered okay before Zope 2.2, so was has been changed/discovered that makes this now such a bad idea that despite loads of newbie pain and confusion, it's still worth while/necessary? I've got to say I agree with you here. I'm still not 100% sure why the superuser or bootstrap user can't own anything. It's due to a combination of the trojan horse issue and the sticky authentication issue, I think. You really don't want to be authenticated as super very often, because while you are, if you visit a page someone else wrote, they can make your browser do evil things to your site. This is also true of Managers, but less so. Similarly, a page owned by non-super has tighter permissions than one owned by the super would. Ideally, people working in a site should be operating with the bare minimum of privileges to get the job done. The super should only be called in when no one else can fix it. Cheers, Evan @ digicool 4-am ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Date-Time or SQL (Oracle) time.. or...
Hello, Another newbie question that I hope doesn't sound too stupid.. (I guess I already know the answer to that question.. it DOES... *sheepish grin*) Have a little patience with me, I'm learning things and having fun, so in a month or three... *sigh* Anyway I have some questions about the best way to update time fields on my Zope site. This issue has been "the bane of my life" for the past three days.*grin* Basically these are fields in records describing events (programs and workshops, and soon, talks) which I am listing on my site.. The dates are in an Oracle 7 table. I'm using DCOracle and the Zope OracleDA to interact with these data sources from Zope. Quite simply, I'm confused.. I've been following to the letter the ZSQL Methods Guide, but I'm completely missing something important about the relationship between Zope date-time and Oracle dates. I've scoured the lists and haven't found anything there either..How-tos deal with general date-time issues.. yes.. but this is on the border .. perhaps.. DateTime vs. Oracle SQL. *pause for dramatic effect* The How-tos I've seen don't answer several (basic) questions.. Note: So far I have just been working with dates, not hours, minutes, etc. I've noticed that if I insert data using Oracle's default and not very useful "native" format ie. 01-Jan-00 things work on the insert side. Sort-of... I've also successfully used "TO_DATE" to insert data in SQLMethods.. in forms I built myself.. But then using the exact same code in another (originally ZNolk-generated, but much edited..) form and SQL method.. no luck.. It's usually not even making it out of Zope's error check routines.. Perhaps this is a clue.. I've noticed that when displaying the results of a query, Zope translates Oracle's outputted dates into Date-Time. Does Zope also do translation on the input end? And if so, what do I need to do to be able to consistantly input dates in MM/DD/ without problems.. I've been having major problems with dtml-sqlvar choking on dates and I don't have the foggiest idea what I am doing wrong. Do I need to put more effort into learning TO_DATE and TO_CHAR (Oracle-isms) better or am I totally barking up the wrong tree.. (i.e. Zope translates everything into Date-Time) What is the best way to intercept SQL so I can see what is being sent to Oracle..? (I followed the suggestions in the How-to on this subject and Zope threw an error) I'm sorry this sounds so stupid, but I have been running into a brick wall..so to speak.. And in my scheme of things, dates, and the simple modification of them.. is really important... Thank you, Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: superuser confusion
On Tue, 5 Sep 2000, Evan Simpson wrote: I've got to say I agree with you here. I'm still not 100% sure why the superuser or bootstrap user can't own anything. It's due to a combination of the trojan horse issue and the sticky authentication issue, I think. You really don't want to be authenticated as super very often, because while you are, if you visit a page someone else wrote, they can make your browser do evil things to your site. This is also true of Managers, but less so. Similarly, a page owned by non-super has tighter permissions than one owned by the super would. Yes... the PDG security chapter has all of this in it, but it would seem that neither Chris W or I are completely satisfied by these answers. :-) It seems a matter of diminishing returns, especially when newbies hit the wall during install, since we haven't provided them with an airbag yet. Chris McDonough Digital Creations, Publishers of Zope http://www.zope.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] supplemental group ids (Linux)
On 4 Sep 2000 [EMAIL PROTECTED] wrote: I see... well, maybe we can take a look at it. In the meantime, if you figure out a patch that doesn't rely on an external program, let me know... Thanks, C Chris McDonough [EMAIL PROTECTED] wrote: Aplogies for the ignorance, but can you maybe explain the concept of supplemental group ids and give an example of how the current unpatched behavior could be subverted? I can try... Supplemental gids are useful for allowing a user to belong to more than one group, or maybe to more than one project in normal parlance. This is normally effected by listing the uid opposite more than one group in /etc/group. The login process issues the initgroups(3) call to install these supplemental groups, which are inherited by all processes forked from the login shell. The problem is comes when you change user ids; for example what I saw with Zope (start -u nobody) was: before change after change = user id root nobody group idroot nobody sup id(s) root root Thus the process has group access privilages for nobody (correct) and root (bad) in unpatched Zope. I cannot give you an exploit based on this -- my knowledge of Zope is not deep enough -- and in a bug free world there probably would be no exploit. But the reason for running as nobody, I think, is to contain damage should an exploit be found. For that reason, it would seem reasonable to change the supplemental gids too. I saw this on Linux; supplemental groups come from the BSD tradition, so you likely will find the same situation on *BSD, Solaris, etc. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) Chris McDonough Digital Creations, Publishers of Zope http://www.zope.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] dtml-comment Fine, don't fix :P
Andrew Kenneth Milton wrote: Th second part of the problem is that ChrisW(hinger) really wants it, "really wants it" might be a little strong... I'm not loosing any sleep... but, doesn't want to do what is necessary to do it. Swishdot or fixing DTML... take your pick :P (TreeTag would still get it first anyway...) So the problem is simplified to not actually doing anything except talking about doing it. d8) Well, since you actually have knowledge of the DT_String parser (well, more than I do at any rate...) you'd be better suited to doing less talking... *grinz* Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Bitten by == ;-)
Andy Dustman wrote: I have a DTML Method (build_navigation_bar) that is called from standard_html_header to (surprise) build a navigation bar. Word from the (pretending to be ;-) wise: Do it in an external method... I've got one that probably does 90% of what you want. Mail me off list if you're interested... !-- this() in parents == dtml-var "this() in parents" == dtml-var this in dtml-var parents -- dtml-if "this() in parents" Unfortunately, this doesn't work: The conditional is always false. Some of the debugging output: !-- this() in parents == 0 == Folder instance at 89d9850 in [Folder instance at 87b2cc8, Folder instance at 8a22420, Application instance at 87b9158] -- !-- this() in parents == 0 == Folder instance at 87b2cc8 in [Folder instance at 87b2cc8, Folder instance at 8a22420, Application instance at 87b9158] -- Note that in the first line, the expression correctly evaluates to 0, while the second line incorrectly evaluates to 0. *grinz* f*^*ing confusing isn't it. I did much head scratching until someone helpful pointed out you're dealing with acquisition wrappers: http://zope.nipltd.com/public/lists/dev-archive.nsf/ByKey/08240A8E0D50AEE0 ...that might cover what you're looking for and that whole thread discusses the related issues. Jim suggested it wouldn't be hard to implement == to 'ignore' these wrappers and I'd love to give it a go but sadly: - I haven't written any C in about 3 years - I've _never_ written any C-extension-to-python type things So I'd probably take ages to do it and still screw it up :-S Anyone else want to give that a go? cheers, Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] supplemental group ids (Linux)
Kip Rugger wrote: Chris McDonough [EMAIL PROTECTED] wrote: Aplogies for the ignorance, but can you maybe explain the concept of supplemental group ids and give an example of how the current unpatched behavior could be subverted? I can try... Supplemental gids are useful for allowing a user to belong to more than one group, or maybe to more than one project in normal parlance. This is normally effected by listing the uid opposite more than one group in /etc/group. The login process issues the initgroups(3) call to install these supplemental groups, which are inherited by all processes forked from the login shell. The problem is comes when you change user ids; for example what I saw with Zope (start -u nobody) was: before change after change = user id root nobody group idroot nobody sup id(s) root root Would you mind describing how you determine this? -- Do not meddle in the affairs of sysadmins, for they are easy to annoy, and have the root password. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Java applet with inner classes causing probs in Zope
Am Die, 05 Sep 2000 schrieben Sie: Hello all, The problem is that inner classes have names like "Parent$Inner.class" I'm unable to create a Zope file object with a name that includes the dollar sign. However, the applet won't function without it. Has any one overcome this? What about putting it all in a jar-file ? - Holle Yes, the applet functions properly when served from apache (but I need to serve it from Zope). Please respond directly to me and mailing list as I am not currently on the mailing list. Thanks, Eric. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) -- --- catWorkX GmbH Hamburg Dipl.-Ing. Holger Lehmann Stresemannstr. 364 22761 Hamburg Tel: +49 40 890 646-0 Fax: +49 40 890 646-66 mailto:[EMAIL PROTECTED] http://www.catworkx.de http://www.catbridge.de ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Could someone explain this DateTime behaviour to me?
Dario Lopez-KXsten wrote: AS in is this the expected/intended behaviour or could this be classified as a bug? --- bobobase_modification_time 2000/09/02 08:49:48.326 GMT+2 bobobase_modification_time().toZone('GMT+2') 2000/09/02 12:49:48.326 GMT+2 bobobase_modification_time fmt="%Y-%m-%d %H:%M" 2000-09-02 12:49 --- What version of Zope are you using? Various timezone bugs in DateTime.py were fixed in the latest version of Zope. -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] DTML horror
DTML is pretty horrible. Does anyone have any solutions to allow DTML methodsto be generated using a more Pythonesque interface? It seems to me that DTML is a bit of a shoddy half way house between HTML and Python. Cheers, Nick.
[Zope] ZODB efficiency
Is using ZODB efficient? Is it better to use ZODB than an external database? What are the benefits of using it? CHeers, Nick
Re: [Zope] DTML horror
Nick Trout wrote: DTML is pretty horrible. Does anyone have any solutions to allow DTML methods to be generated using a more Pythonesque interface? It seems to me that DTML is a bit of a shoddy half way house between HTML and Python. For someone who's posting HTML mail to a non-HTML list, you're a fine one to talk ;-) There are discussion happening in this area on http://dev.zope.org. Look for "Documents and Templates" or something similar. You could also just use lots of PythonMethods... cheers, Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZODB efficiency
Nick Trout wrote: Is using ZODB efficient? Is it better to use ZODB than an external database? What are the benefits of using it? There's lots of info on this on www.zope.org. And there's mailing list archives at zope.nipltd.com. And there's probably more info at zdp.zope.org. Maybe you should look there first? Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] DTML horror
Nick Trout wrote: DTML is pretty horrible. Does anyone have any solutions to allow DTML methods to be generated using a more Pythonesque interface? It seems to me that DTML is a bit of a shoddy half way house between HTML and Python. Use Python Methods (http://www.zope.org/Members/4am/PythonMethod) or External Methods (available in all Zope installations RTFM). They will probably not completely replace DTML though. hth Rik ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] DTML horror
For someone who's posting HTML mail to a non-HTML list, you're a fine one to talk ;-) Oooer, *blush* sorry... ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Images slow rendering problem
Hi, I already posted this message several monthes ago, expecting a new Zope version would fix the problem, but... I have some images on my pages (let's say 10 - not a lot), rendered either by dtml-var or a manual IMG tag. When I render the page on some of my LAN boxes (especially with IE), some images doesn't load at the first time. I need to reload the page to make them appear. When I monkeyly hit the 'F5' key, some images do not show again. Argl. Anoying The problem is worst ever through Internet. Perhaps not the failure you see, but as you mention IE, there is at least one really annoying bug in IE 4 (all versions except SP2) and IE 5 (except 5.01). This may bite people trying to integrate zope into other webservers using redirects. http://support.microsoft.com/support/kb/articles/Q193/4/89.ASP?LN=EN-USSD=gnFR=0 You might want to check what versions of IE you use. A last resort may be to use a sniffer to capture the http traffic for later analysis. Cheers, oliver ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] supplemental group ids (Linux)
| I saw this on Linux; supplemental groups come from the BSD tradition, | so you likely will find the same situation on *BSD, Solaris, etc. Sorry I missed the start of the thread, but, I can weigh in on this point. Using -u user under FreeBSD gives you the Primary Group for the user you have requested. Supplemental groups are available only for that user, not the user you ran Zope as. -- Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew Milton The Internet (Aust) Pty Ltd | F:+61 7 3870 4477 | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068|[EMAIL PROTECTED]| ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] dtml-comment Fine, don't fix :P
+---[ Chris Withers ]-- | Andrew Kenneth Milton wrote: | Th second part of the problem is that ChrisW(hinger) really wants it, | | "really wants it" might be a little strong... I'm not loosing any | sleep... | | but, | doesn't want to do what is necessary to do it. | | Swishdot or fixing DTML... take your pick :P | (TreeTag would still get it first anyway...) Well since I don't use S*dot... :-) -- Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew Milton The Internet (Aust) Pty Ltd | F:+61 7 3870 4477 | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068|[EMAIL PROTECTED]| ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] DTML horror
They may be available in all installations but they aren't necessarily available to all users )-: Have fun, Murph (who is not actually complaining given the price he has to pay for use of a public Zope server) Rik Hoekstra [EMAIL PROTECTED] 05/09/00 11:51:35 Use Python Methods (http://www.zope.org/Members/4am/PythonMethod) or External Methods (available in all Zope installations RTFM). They will probably not completely replace DTML though. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Could someone explain this DateTime behaviour to me?
What version of Zope are you using? Various timezone bugs in DateTime.py were fixed in the latest version of Zope. Zope 2.2.1 source release /dario ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Renderable Base Class ???
I'd read some discussion dating back to last year about a the concept of a Renderable Base ZClass; something that would allow a ZClass to be called like dtml-var "myClassInstance" Have there been any developments along this line, or any plans to incorporate the idea into Zope? I find myself in need of this functionality. Also, I did notice a product on Zope.org which claims to be a renderable base class, but it's a tgz and doesn't seem to uncompress for me on WinNT using WinZip7. Does anybody have a copy of this (working) that they might export and send? (It's a very small TGZ product and hopefully a very small zexp) Brian Withun ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Renderable Base Class ???
Brian Withun wrote: Have there been any developments along this line, or any plans to incorporate the idea into Zope? I find myself in need of this functionality. Checkout ZRenderable or ZCallable (which is in the PTK CVS) cheers, Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Underscore Caracter
Hi Chris, Chris McDonough wrote: Hi Marcus, This is untested. Turn "asd asd" into "asd_asd" and output: dtml-var "_.string.join(_.string.split('asd asd'), '_')" Turn "asd_asd" into "asd asd" and output: dtml-var "_.string.join(_.string.split('asd_asd', '_'))" I've seen this on plenty lines of digicools code and wondered about if this is more efficient then using just string.replace() ? I would say string.replace() should be a bit faster. Regards Tino ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] problems installing PoPy-1.3.4 (fwd)
There was a patch to the source that fixed this in 1.3.3, but it looks like the same problem is cropping up. I would contact federico ([EMAIL PROTECTED]) and see what he's got to say...he really helped out with my 1.3.x problems. - Steve On Fri, 01 September 2000, Sebastien Billard wrote: I'm on a suse 6.4 system, with postgresql installed. I've got the latest zope installed from tarball.. and I get this problem trying to install PoPy ./autogen.sh --with-postgres-libraries=/usr/lib/pgsql/lib --with-postgres-includes=/usr/lib/pgsql/include loading cache ./config.cache checking for python... /usr/bin/python checking python version... 1.5 checking python installation prefix... /usr checking python installation exec_prefix... /usr checking definitions in Python library makefile... done checking location of python library... $(prefix)/lib/python1.5/site-packages checking location of python shared modules... $(exec_prefix)/lib/python1.5/site-packages checking for PQconnectStart in -lpq... no configure: error: can't build without PostgreSQL libraries Now type 'make' to compile PoPy python module. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) __ Get your Private, Anti-Spam, Free Email at http://e3mil.com and Step into a Friendly Universe! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Ad banners in Zope anyone ?
Check out the How-To athttp://www.zope.org/Members/Mamey/PHP. Doesn't handle redirection, authorization, or cookie passing, but it's a start. If you need the above mentioned features, I'll be posting my update by the end of the week. Bill. On Sat, 2 Sep 2000, Jason Cunliffe wrote: - Can one run PHP from inside of Zserver/ZODB easily? - How would to do that? - Is anyone using Zope for Ad Banner services?? - What would would make it a good or bad choice? ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Renderable Base Class ???
Brian Withun wrote: I'd read some discussion dating back to last year about a the concept of a Renderable Base ZClass; something that would allow a ZClass to be called like dtml-var "myClassInstance" Have there been any developments along this line, or any plans to incorporate the idea into Zope? I find myself in need of this functionality. Also, I did notice a product on Zope.org which claims to be a renderable base class, but it's a tgz and doesn't seem to uncompress for me on WinNT using WinZip7. Does anybody have a copy of this (working) that they might export and send? (It's a very small TGZ product and hopefully a very small zexp) its is pretty small, it just implements the __call__ python semantics. winzip should be able to unzip a tgz file, generally i've noticed IE and netscape? tend to rename tgz files to tar on downloading (at least on win95), if you rename the file to have a tgz extension winzip should handle it fine. Kapil ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] That :method thingy.. where's it documented?
I've searched through all the how-toos and documentation on the zope site, but I can't find any reference to :method types.. I know they exist, but searching for "method type" returns too many hits. Can someone remind me where to find this documented? Thanks Brad Clements,[EMAIL PROTECTED] (315)268-1000 http://www.murkworks.com (315)268-9812 Fax netmeeting: ils://ils.murkworks.com AOL-IM: BKClements ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Folder and SQL security
George, Hi... please continue to respond to the list... Did you clear the acquire permissions settings checkbox for all the permissions in the "wholesale" folder? Does it make any difference? How are you testing this? Are you sure that you aren't logged in as "george" when you visit the wholesale folder? (e.g. are you stopping and restarting the browser to test this?) I am about one quarter through '6-1-Security.stx'. I printed all 41 pages. I also printed the security chapter form the ZB so I am trying to learn. It's just that at the moment I need a quick fix. Here is my case in detail: My site is located in the folder 'okstudio'. The 'root' folder also contains a user folder and me as the only user. I am the manager of the site(and the superuser). Several subfolders under folder 'okstudio' contain files that can be accessed by anyone. All subfolders except for one have the same security settings - 'view and access contents'. I also have an sql method that I use with in and /in to embed data from my database in to HTML. The security settings of that method are - 'view, access contents information and use database methods'. There is one subfolder called 'wholesale' that should have restricted access. No viewing without authorisation. That folder will contain info for customers only that should not be seen by anyone else. I created a user subfolder in that folder where I listed myself as a 'manager'. I also took every permission from 'anonymous' so theoretically 'anonymous' should not be able to view the content of that folder. I also created 'index_html' DTML document and took all the permissions from anonymous there. I am still how ever able to view the index_html as anonymous without any authorisation. My question is: Is there a way how to make sure that no one unauthorised gets to see any of the contents of 'wholesale' folder??? Regards, George -Original Message- From: Chris McDonough [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 5 September 2000 10:08 To: George Osvald Cc: [EMAIL PROTECTED] Subject: RE: [Zope] Folder and SQL security On Tue, 5 Sep 2000, George Osvald wrote: My sql works now and security is satisfactory so thank you. The only thing that remains in question is that one subfolder. I created a user folder inside, set all the security and it does not do what I want. I want to restrict any access including viewing for nobody. Only authorised customers would be able to view the page. After turning off all the security options though I am still able to view the pages as nobody. How do I prevent that? Do you have "acquire permissions" set on all the permissions of the folder? Have you tried turning it off? This may be a wild goose chase because I'm sort of guessing at your problem. Your message has generalizations like "that one subfolder" (what subfolder? what are its settings?), "set all the security" (how?), "does not do what I want" (what do you want? exactly how does it fail, can you give a concrete example?) and "the page" (what page?). It'd be helpful to define these, because as much as I try, I can't read minds. :-) HTH, C George wrote: Security in ZOPE is very puzzling. If I have certain rules set for the root folder, can I set something different for the sub folders? Sure... for general security information see both http://www.zope.org/Members/michel/ZB (the Zope book security chapter, mostly finished) and http://www.zope.org/Members/mcdonc/PDG (security chapter mostly finished). Any changes seem to have no effect at all. can you be more specific? I am especially wandering about setting for anonymous user. I'd like to give them only 'viewing' privilege but that does not work. How doesn't it work? The site is not functional at all and asks for the password even for the viewing. Then I enable 'access the content' and the site works as long as I do not try to use sql. Yes, "access contents information" is equivalent to allowing the user to list the objects in an object manager. It's given to anonymous by default most of the time, and is probably required for most operations. When I how ever enable 'use sql methods' permission they can access my database, delete and add entries to it. This should have nothing to do with 'access contents information'. There should be permissions available to restrict the use of sql methods. Have you seen them? What do I have to do to allow anonymous viewers to just view the site Give them "view" and "access contents information" permissions. Depending on the products you've got installed and the operations you want the users to be able to carry out, you may need to give them other permissions. (keep in mind that
Re: [Zope] That :method thingy.. where's it documented?
From: Brad Clements [EMAIL PROTECTED] Thanks but that's not really what I'm looking for. I thought there was a type ":method" that could be used as a way to call a method.. Perhaps I'm just going crazy. No, you're right, and the page Rik referenced really should be updated to include it. If "foo:method" is included in a form (usually by making it the name of a submit button, or an option in a pick list) then "foo" is effectively added to the end of the URL path. There is also ":default_method", the value of which is used if no ":method" is specified. So: form action="act" input type="text" name="foo" input type="hidden" name=":default_method" value="def" input type="submit" name="m1:method" value="1" input type="submit" name="m2:method" value="2" /form ...will invoke "act/m1" or "act/m2" depending on whether you push button "1" or "2", or "act/def" if you push the enter key (thereby submitting the form without pressing either button). Cheers, Evan @ digicool 4-am ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] super cannot do
Chris McDonough wrote: On Tue, 5 Sep 2000, Evan Simpson wrote: I've got to say I agree with you here. I'm still not 100% sure why the superuser or bootstrap user can't own anything. It's due to a combination of the trojan horse issue and the sticky authentication issue, I think. You really don't want to be authenticated as super very often, because while you are, if you visit a page someone else wrote, they can make your browser do evil things to your site. This is also true of Managers, but less so. Similarly, a page owned by non-super has tighter permissions than one owned by the super would. Yes... the PDG security chapter has all of this in it, but it would seem that neither Chris W or I are completely satisfied by these answers. :-) It seems a matter of diminishing returns, especially when newbies hit the wall during install, since we haven't provided them with an airbag yet. I think this is exlusively because as of 2.2.1 objects execute according to their ownership, not according to the permissions of the AUTHENTICATED_USER. Because of the widespread security implications of letting an object that can be called by anyone have superuser permissions (which was not possible under the prior regime), superuser can no longer own. You can still get superuser-esque behavior by doing something in external methods or some other mechanism that bypasses the security machinery. -- ethan mindlace fremen Zopatista Community Liason Abnegate I! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] illegal id chars?
Jason Byron wrote: Why is it that objects can't be created because the id chosen contains characters that aren't proper in urls? Spaces are allowed and converted to their hex values when you create an object. Why not do this with every illegal url character? As far as I personally know, illegal characters for id's are regulated by what limits python sets on things, with the caveat that . is legal even though you can't use a . in a pythonic context. Whether it's "legalized" for URLS is totally dependant on url_quote. -- ethan mindlace fremen Zopatista Community Liason Abnegate I! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] binary math filesize
Kapil Thangavelu wrote: http://www.zope.org/Members/ZQR get size in kbs assuming its an int dtml-var "get_size/1000" dtml-var "get_size/1024" pedantically yours, -- ethan mindlace fremen Zopatista Community Liason Abnegate I! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] supplemental group ids (Linux)
Bill Anderson [EMAIL PROTECTED] wrote: Kip Rugger wrote: Chris McDonough [EMAIL PROTECTED] wrote: Aplogies for the ignorance, but can you maybe explain the concept of supplemental group ids and give an example of how the current unpatched behavior could be subverted? I can try... Supplemental gids are useful for allowing a user to belong to more than one group, or maybe to more than one project in normal parlance. This is normally effected by listing the uid opposite more than one group in /etc/group. The login process issues the initgroups(3) call to install these supplemental groups, which are inherited by all processes forked from the login shell. The problem is comes when you change user ids; for example what I saw with Zope (start -u nobody) was: before change after change = user id root nobody group idroot nobody sup id(s) root root Would you mind describing how you determine this? [/proc] $ cat /proc/90/status Name: junkbuster State: S (sleeping) Pid:90 PPid: 1 Uid:101 101 101 101 Gid:101 101 101 101 Groups: 101 -- supplemental groups VmSize: 1348 kB VmLck: 0 kB VmRSS: 436 kB VmData: 192 kB VmStk:84 kB VmExe:92 kB VmLib: 952 kB SigPnd: SigBlk: SigIgn: 80011006 SigCgt: CapInh: feff CapPrm: CapEff: On my machine 101 is uid and gid for nobody; as you can see junkbuster is correctly sandboxed. For unmodified Zope, you'll see a zero in the indicated line (or possibly several values if root belongs to several groups like `wheel' on your system). ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] supplemental group ids (Linux)
Andrew Kenneth Milton [EMAIL PROTECTED] wrote: | I saw this on Linux; supplemental groups come from the BSD tradition, | so you likely will find the same situation on *BSD, Solaris, etc. Sorry I missed the start of the thread, but, I can weigh in on this point. Using -u user under FreeBSD gives you the Primary Group for the user you have requested. Supplemental groups are available only for that user, not the user you ran Zope as. Interesting. NetBSD has the Linux behaviour. The Apache CGI wrapper does setgid and initgroups, in that order. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Getting the Date from Zope
I know I've seen many posts about this, I just can't find one. I need to put the current date into an input's value when a form is loaded. Is there a way to do this with DTML. TIA Stuart ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] EVENT: First Houston Zope Users Group Meeting
An informal Houston Zope Users Group is holding a first meeting this Wednesday evening, September 6, at 6:30 at the Koch Building in Greenway Plaza, Houston. Topics will be Zope and Zope-related Python. Because access to the Koch Building is limited, we will meet promptly at 6:30 in front of the Quizno's (deli) at 3837 Richmond, near Weslayan. At 6:40, we will go into the Koch building accompanied by George Runyan. If you are able to join us, please be there on time or you will miss us -- there is no way for visitors to get into the building if you are unescorted. For further information, please email George Runyan at [EMAIL PROTECTED] ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] binary math filesize
Kapil Thangavelu wrote: http://www.zope.org/Members/ZQR get size in kbs assuming its an int dtml-var "get_size/1000" dtml-var "get_size/1024" pedantically yours, -- ethan mindlace fremen Zopatista Community Liason Abnegate I! actually it turns out to be dtml-var "size/1024" get_size and getSize do not work for files (for reasons unknown to me; I am a Zope newbie :-). haven't tried for any other objects. Anybody knows more about the DateTime issues I posted about earlier? /dario - Dario Lopez-Kästen Systems Developer Chalmers Univ. of Technology [EMAIL PROTECTED] ICQ will yield no hitsIT Systems Services ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] ANN: Serving PHP/Perl from Zope update
Hello Zopistas, I have updated the HOW-TO: Serve PHP/Perl within Zope with a nifty alternative by Joseph Wayne Norton. His suggestion allows PHP to call Zope methods. Check it out at www.zope.org/Members/Mamey/PHP. The methods presented in the HOW-TO still have some deficiencies with regards to Authorization and Cookies so suggestions and improvements are very much welcome. -- Andres Corrada-Emmanuel Email: [EMAIL PROTECTED] -- ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Not able to render a base class...
= :PREFACE: = I have placed the __init.py__ and Renderable.py into .\lib\python\Products\Renderable and have restarted Zope (necessary? ..I'm too used to windows ;-) I made a trivial little Folderish ZClass and am trying to get it to render itself... I've defined a 'view' tab that represents the ZClass, and it works as expected, with 'View' being bound to an 'index_html' method of my folderish ZClass. I've added one of these ZClasses to a development folder. The development folder also contains a dtml document named 'index_html' as follows: dtml-var standard_html_header h2dtml-var title_or_id/h2 p This is the dtml-var id Document. /p dtml-var one dtml-var standard_html_footer 'test' is my product 'testclass' is my ZClass (in the product 'test') 'trial' is my development folder 'one' is the ZClass instance in the 'trial' folder 'Tropical' is an image id in the ZClass = :PROBLEM: = Why does 'trial/index_html' render this: htmlhead/head body h2index_html/h2 p This is the index_html Document. /p testclass instance at 00DD45A8 /body/html ..and how do I turn 'testclass instance at 00DD45A8' into a rendering of the ZClass instance ? Brian Withun ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Getting the Date from Zope
Stuart Foster wrote: I know I've seen many posts about this, I just can't find one. I need to put the current date into an input's value when a form is loaded. Is there a way to do this with DTML. input type="text" name="now" value="dtml-var ZopeTime fmt="fCommon"" See DateTime.py or the Zope Quick Reference for more information on how to manipulate the format. -- ethan mindlace fremen Zopatista Community Liason Abnegate I! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] How to make and populate properties remotely..? 4 questions of the apocalypse..
Hello Hoping some kind enlightened zopistas can point me to existing examples or show me how the syntax works for this: 1. I need to write a simple general method which will allow me to create a property in the parent folder. for example: 'createParentProperty()' DTMLmethod --- dtml with PARENTS[-1] dtml manage_addProperty(Id = 'myNewPopertyName') dtml manage_addProperty(type = 'tokens') dtml manage_addProperty(value = '') dtml-with - 2. Then I need to extend my 'createParentProperty()' method so I can call it from an URL, http POST or GET. I want to pass or fetch the parent folder's property 'Id' name. for example: http://www.zopesite.net/TOP/SUB/PROJECTA/createParentProperty?=id+statistics type=tokens will create a property Id = 'statistics' in PROJECTA folder of my site whose type = 'tokens' but if it exists already it will return a '1' How to do this? 3. Then I need to do the same thing but this time setting or getting the property's 'Value' field via http POST or GET. for example: http://www.zopesite.net/TOP/SUB/PROJECTA/createParentProperty?=id+statistics value+2000september will create a new property id = 'statistics', type = 'tokens', value =' 2000september' but if 'statistics' already exists, the method will just change the value 4. Finally some properties we need to 'lock' so they cannot be overwritten by the above methods. However I do need to check remotely over http if this is so. For example: http://www.zopesite.net/TOP/SUB/PROJECTA/createParentProperty?=id+adminvalu e+2000September will return an integer '2' or string such as : 'locked' or "property id = 'admin' is locked" where: 0 = does not exist 1 = exists 3 = locked How to do this? ...ideally there there should be a separete method we can call to lock or unlock a property for admin use over http Thanks for any help..deadlines loom.. - Jason Jason CUNLIFFE = NOMADICS.(Interactive Art and Technology).Design Director ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] External method and stdout
Hallo, that's theproblem: I've made an external method which is working with lists and should return the result to Zope. The python code is working very well, but is sending everything to sys.stdout( I'musing the print-statement).How do I convince Zope to print the result on the html-page. Thanks.
[Zope] ZClass Bug (was: Re: [Zope] How to access id and title of document calling standard_html_header)
Tim Hicks writes: OK, I think that I am perhaps misusing zclasses then. Here is what I have. No you did not. I have a Folder that was created by using the 'Add new item' menu within Zope. This folder is called 'Site'. I have a Zclass called 'theatre_class' that has "Base classes ZObject, _ZClass_for_CatalogAware, _ZClass_for_DTMLDocument" Within the Folder 'Site', I have standard_html_header dtml-method ... However, if I try to put dtml-var id into the standard_html_header, I get nothing... I analysed your problem (in Zope 2.1.6). It is *NOT* a problem of "standard_html_header". Instead, it is a ZCLass problem. The id of a ZInstance created as you described it returns "string". The browser shows this as "empty" because it is a tag it does not understand and therefore ignores. You see it, though, when you look at the HTML source. The reason for this strange id lies in a mismatch between your ZClass, more precisely its __init__ method, and the content of REQUEST: For some reason, your ZClass uses "DocumentTemplate.DT_String.__init__" as constructor. "DocumentTemplate.DT_String" defines a "id" function and lets it return the value of the "__init__" parameter "__name__". The default for "__name__" is, you guess it, "'string'". "ZClass.createInObjectManager" constructs the ZInstance. If the instance has a 'id', it takes this id and ignores the 'id' passed as parameter. Thus, you get a ZInstance with this strange id. I am convinced, this is a ZClass bug. I think, that the bug results from the fact, that the constructor for a ZCLass deriving from DTML Document used "__name__" as "id" replacement. The analysis provides a workaround for you. In your ZClass constructor, add dtml-call "REQUEST.set('__name__',REQUEST['id'])" before the dtml-with "yourClass.createInObjectManager(REQUEST['id'],REQUEST)" Now, after I did some work for you, I have some tasks for you: * check, whether the bug is in Zope 2.2.1, too * if this turns out to be the case, file a bug report into the collector. Dieter ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: [Zope-dev] Folderish objects and multiple inheritance
Hmmm I can override inheritance in a simple class... I guess theres something in Zope thats annoying this: class A: var = 'A' def test(self): return self.var class B: var = 'B' def test(self): return self.var class C(B, A): var = 'C' def test(self): return A.var c = C() print c.test() OUTPUT A - Original Message - From: "Andy McKay" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 05, 2000 11:35 AM Subject: [Zope-dev] Folderish objects and multiple inheritance Hi there, Ok so I have a class that has multiple inheritance. My main class (A) works fine, but I wanted to add in folderish properties. The problem is the order of multiple inheritance and viewing folder objects. When you view a folder from you call index_html and this gives a content list. By inheriting this way: class B(A, Folder): I have kept all my A methods. However viewing it does not produce the content list since its overwritten by A. Of course inheriting: class B(Folder, A): Does work for that, but breaks all my other methods. Solutions: Well I tried defining a tab - view_folder which was something along the line of: def view_folder(self, client=None, REQUEST={}): ''' doc string ''' return Folder(self, client, REQUEST) But get an attribute error on manage_tabs. Any ideas? Thanks. -- Andy McKay, Developer. ActiveState. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Not able to render a base class...
Brian Withun wrote: = :PREFACE: = I have placed the __init.py__ and Renderable.py into .\lib\python\Products\Renderable and have restarted Zope (necessary? ..I'm too used to windows ;-) I made a trivial little Folderish ZClass and am trying to get it to render itself... I've defined a 'view' tab that represents the ZClass, and it works as expected, with 'View' being bound to an 'index_html' method of my folderish ZClass. I've added one of these ZClasses to a development folder. The development folder also contains a dtml document named 'index_html' as follows: dtml-var standard_html_header h2dtml-var title_or_id/h2 p This is the dtml-var id Document. /p dtml-var one dtml-var standard_html_footer 'test' is my product 'testclass' is my ZClass (in the product 'test') 'trial' is my development folder 'one' is the ZClass instance in the 'trial' folder 'Tropical' is an image id in the ZClass = :PROBLEM: = Why does 'trial/index_html' render this: htmlhead/head body h2index_html/h2 p This is the index_html Document. /p testclass instance at 00DD45A8 /body/html ..and how do I turn 'testclass instance at 00DD45A8' into a rendering of the ZClass instance ? Make sure your zclass inherits from Renderable make a dtml method called render in your zclass adjust render to display the zclass as you wish Kapil ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: [Zope-dev] Folderish objects and multiple inheritance
Darn sorry wrong alias. - Original Message - From: "Andy McKay" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 05, 2000 2:13 PM Subject: [Zope] Re: [Zope-dev] Folderish objects and multiple inheritance Hmmm I can override inheritance in a simple class... I guess theres something in Zope thats annoying this: class A: var = 'A' def test(self): return self.var class B: var = 'B' def test(self): return self.var class C(B, A): var = 'C' def test(self): return A.var c = C() print c.test() OUTPUT A - Original Message - From: "Andy McKay" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 05, 2000 11:35 AM Subject: [Zope-dev] Folderish objects and multiple inheritance Hi there, Ok so I have a class that has multiple inheritance. My main class (A) works fine, but I wanted to add in folderish properties. The problem is the order of multiple inheritance and viewing folder objects. When you view a folder from you call index_html and this gives a content list. By inheriting this way: class B(A, Folder): I have kept all my A methods. However viewing it does not produce the content list since its overwritten by A. Of course inheriting: class B(Folder, A): Does work for that, but breaks all my other methods. Solutions: Well I tried defining a tab - view_folder which was something along the line of: def view_folder(self, client=None, REQUEST={}): ''' doc string ''' return Folder(self, client, REQUEST) But get an attribute error on manage_tabs. Any ideas? Thanks. -- Andy McKay, Developer. ActiveState. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] wikis down momentarily
Zopatistas, Wikis will be offline briefly as we ZEO-fy them. Thanks for your patience, -- ethan mindlace fremen Zopatista Community Liason Abnegate I! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] The Ascetic Superuser
Chris Withers wrote: Well, okay, let me rephrase the question: Why is it bad for the bootstrap user to own anything? It used to be considered okay before Zope 2.2, so was has been changed/discovered that makes this now such a bad idea that despite loads of newbie pain and confusion, it's still worth while/necessary? Objects used to execute according to the permissions of the AUTHENTICATED_USER or the proxy role. "Ownership" only applied (for execution purposes) if you explicitly set the proxy role to "Owner". This was a Very Bad Thing (tm) because once you authenticated as superuser you could view a random HTML page on the web/in your inbox that had a little javascript thingy that went and wiped out your entire site or insert maliciousness here Now every object excecutes according to the permision of the owner, *not* the viewer. It can also run as a proxy role. The super-bootstrap-user lives outside of "normal" zope authentication has permission to do anything save that which NotEvenGodShouldDo. Therefore, it shouldn't own objects. This is *quite* important, and needs to stay. I don't know how to emphasize enough that this is a well thought out correction to an extremely deadly class of security problems that still (afaik) plagues many "other" through-the-web management systems. The newbie pain, however, could probably be mitigated- don't call it a Super user, since it hardly deserves the S or the cape. Have a user in the default install. Something like that. Patches accepted. -- ethan mindlace fremen Zopatista Community Liason Abnegate I! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: ZClass Bug (was: Re: [Zope] How to access id and title of document calling standard_html_header)
- Original Message - From: "Dieter Maurer" [EMAIL PROTECTED] To: "Tim Hicks" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 05, 2000 9:44 PM Subject: ZClass Bug (was: Re: [Zope] How to access id and title of document calling standard_html_header) Tim Hicks writes: OK, I think that I am perhaps misusing zclasses then. Here is what I have. No you did not. That's a relief. I have a Folder that was created by using the 'Add new item' menu within Zope. This folder is called 'Site'. I have a Zclass called 'theatre_class' that has "Base classes ZObject, _ZClass_for_CatalogAware, _ZClass_for_DTMLDocument" Within the Folder 'Site', I have standard_html_header dtml-method ... However, if I try to put dtml-var id into the standard_html_header, I get nothing... I analysed your problem (in Zope 2.1.6). It is *NOT* a problem of "standard_html_header". Instead, it is a ZCLass problem. OK. The id of a ZInstance created as you described it returns "string". The browser shows this as "empty" because it is a tag it does not understand and therefore ignores. You see it, though, when you look at the HTML source. Yup, I'm with you on that. The reason for this strange id lies in a mismatch between your ZClass, more precisely its __init__ method, and the content of REQUEST: For some reason, your ZClass uses "DocumentTemplate.DT_String.__init__" as constructor. "DocumentTemplate.DT_String" defines a "id" function and lets it return the value of the "__init__" parameter "__name__". The default for "__name__" is, you guess it, "'string'". You are losing me a bit with the "__init__", "DocumentTemplate.DT_String" and "__name__" (I'm afraid my Python is limited, to say the least!). I do see the results of string being the default value though ;-). "ZClass.createInObjectManager" constructs the ZInstance. If the instance has a 'id', it takes this id and ignores the 'id' passed as parameter. Thus, you get a ZInstance with this strange id. I think I'm with you there. I am convinced, this is a ZClass bug. I think, that the bug results from the fact, that the constructor for a ZCLass deriving from DTML Document used "__name__" as "id" replacement. The analysis provides a workaround for you. In your ZClass constructor, add dtml-call "REQUEST.set('__name__',REQUEST['id'])" before the dtml-with "yourClass.createInObjectManager(REQUEST['id'],REQUEST)" Great. I presume that this will only work for all *new* instances of this class however! I don't suppose you know of a way of remaking all 44 instances of this Zclass I have using this adjusted constructor? I have tried (see below), but I think I come up against the same 'string' problem that I'm actually trying to counteract! dtml-in Catalog dtml-call "REQUEST.set('sequence-item',REQUEST['id'])" dtml-with "theatre_class.createInObjectManager(REQUEST['id'], REQUEST)" dtml-call "propertysheets.theatre_class_property.manage_editProperties(REQUEST)" dtml-call "manage_edit(REQUEST)" /dtml-with /dtml-in Anyway, I guess this is a different problem again really isn't it? I think for now, it will be easier to use my less elegant workaround of giving the zclass another property called 'counter_id' * that is the same as the actual id. I know that this works, and it won't take as long as remaking all the instances again... I don't have the strength for that I don't think. I'll definitely file away your fix for future reference though. Thanks very much. Now, after I did some work for you, I have some tasks for you: * check, whether the bug is in Zope 2.2.1, too Yes, it does. I have now found this to occur in 2.1.6, 2.2.0 and 2.2.1. * if this turns out to be the case, file a bug report into the collector. Right, I have done that, hopefully satisfactorily! Hope you don't mind, I used 'extensive' quotes from your reply... no point in using my words to confuse the issue! Thanks very much Dieter, you've been a MASSIVE help. tim Dieter ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] newbiz : zope connection
Stephan Goeldi wrote: But if you use ProxyPass like me, there is only the IP address of the Apache Server in this logfile, so there is only one user in the Z2.log file logged. You have to check out the Apache logfile, usually /var/log/httpd/access_log to see the different IP addresses. The logfile-format of Apache is the same as in Zope. You can also set up apache with server-status which indicates the current requests. See mod_status on the apache page. -- ethan mindlace fremen Zopatista Community Liason Abnegate I! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] External method and stdout
Andreas Pauley wrote: For some reason you have to "return" everything that should be available to zope. You can return a sequence and loop through it with DTML or you can build a variable with everything you want to display and then return the variable. I have no idea why this is so, and why you can't just the print statement as an equivalent to dtml-var. There is probably elegant ways of replacing DTML with external methods or Python Methods, I was just unable to find documentation and examples on it until now. Can anyone help with this? Regards, Andreas. there are a couple of ways. first zope's publishing objects. if your publishing a dtml method object than the semantics of it require that values be inserted into the template/page thats being returned to the user. you can also publish an external method or a python module directly(indeed Zope is just a published python module). but sticking to zope external methods, an example, if you had def myhello_world(self, REQUEST): page = " welcome to %s corner of my hello world "%self.getParentNode().id and just browse directly to the external method. its important to keep in mind that stdout isn't connected to the client. the client is connected to medusa/ZServer, which gives a channel to ZPublisher to publish data that will be returned to the client. this mainly applies to fs code, i'm not totally sure about the semantics of web python methods. i know this probably goes a bit further down the rabbit hole than you might be interested in going. if you want to know some more of the details. check out the medusa docs at http://www.nightmare.com/medusa and the ZPublisher docs under the Documentation Sec. of Zope.org. These are dated but they give a understanding of the interaction between medusa's asynch interfaces and zope. and of course the source code. you could also use document templates directly from python def new_world_order(self, REQUEST): from DocumentTemplate import HTML my_sites = [('My homepage','http://homepage'), ('my favorite bookstore','http://amazon.com') , ... etc] page_to_return = """ html body ul dtml-in sites lia href="dtml-var sequence-item"dtml-var sequence-key/a/li /dtml-in /ul /body /html """ return HTML(my_sites)(sites=my_sites) or evaluate a dtml file on the file system using HTMLFILE see the DocumentTemplate directory for source and more examples D.Templates also give you a pretty good separation of app. logic and presentation. Doing straight python insertion in a page is not the Zope Way. if you're interested in this type of thing, you might want to check out some other python projects like mod_snake (apache), pywx.sourceforge.net (aolserver), or webware. I'll think you find the benefits of doing it through DTML offer you a lot more benefits in terms on maintainbility and site management. Cheers Kapil Sven Hohage wrote: Hallo, that's the problem: I've made an external method which is working with lists and should return the result to Zope. The python code is working very well, but is sending everything to sys.stdout( I'm using the print-statement).How do I convince Zope to print the result on the html-page. Thanks. -- In a world without fences, who needs gates? ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] The Ascetic Superuser
On Tue, 5 Sep 2000, ethan mindlace fremen wrote: Now every object excecutes according to the permision of the owner, *not* the viewer. It can also run as a proxy role. The super-bootstrap-user lives outside of "normal" zope authentication has permission to do anything save that which NotEvenGodShouldDo. Therefore, it shouldn't own objects. Methods actually now execute with the effective intersection of the permissions granted to the AUTHENTICATED_USER and the permissions granted to the method's owner. If a proxy role is specified, the method executes with permissions restricted to those roles assigned by the proxy role. This is unarguably a good thing. What's not entirely clear is *why* super can't own, which is a separate issue. The power it has beyond that of a normal management user is the ability to traverse the site unrestricted by the security machinery. I actually don't think there's an answer to this question that has to do with method execution. I think the ultimate answer is one or a few of the following: "because," "shrug," "for audit trail purposes," or "so you don't shoot yourself in the foot," or "be quiet." :-) Alternately, the answer might lie in an unobvious implementation detail that none of us really want to think about. This is *quite* important, and needs to stay. I don't know how to emphasize enough that this is a well thought out correction to an extremely deadly class of security problems that still (afaik) plagues many "other" through-the-web management systems. I just can't think of any situations where having a method execute with the effective intersection of the permissions granted to superuser and the permissions granted to another user would cause more damage than a method executing with the effective intersection of the permissions granted to a normal management user and another user. Can you? The newbie pain, however, could probably be mitigated- don't call it a Super user, since it hardly deserves the S or the cape. Have a user in the default install. Something like that. I agree. This should happen soon. Chris McDonough Digital Creations, Publishers of Zope http://www.zope.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Zope 2.2 ZopeAttributionButton
Hello Does anyone know how to set security on ZopeAttributionButton? Since it is referenced (currently) in my standard_html_footer, users who have only access to their subdirectory get an error on pages that reference this footer. I'd rather set it up properly than remove the credits. TIA! --ira -- Ira Hochman [EMAIL PROTECTED] - email __ FREE voicemail, email, and fax...all in one place. Sign Up Now! http://www.onebox.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] supplemental group ids (Linux)
+---[ Kip Rugger ]-- | | On my machine 101 is uid and gid for nobody; as you can see | junkbuster is correctly sandboxed. For unmodified Zope, you'll | see a zero in the indicated line (or possibly several values | if root belongs to several groups like `wheel' on your system). Have you actually tried to change to that group? -- Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew Milton The Internet (Aust) Pty Ltd | F:+61 7 3870 4477 | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068|[EMAIL PROTECTED]| ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Underscore Caracter
Hmm.. Shouldn't that be: _.string.join(_.string.split('asd asd'), ' '), '_') Or, alternatively (and more intuitively), _.string.replace('asd asd', ' ', '_') _.string.replace('asd_asd', '_', ' ') - T.J. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris McDonough Sent: Monday, September 04, 2000 5:56 PM To: Marcus Mendes Cc: [EMAIL PROTECTED] Subject: Re: [Zope] Underscore Caracter Hi Marcus, This is untested. Turn "asd asd" into "asd_asd" and output: dtml-var "_.string.join(_.string.split('asd asd'), '_')" Turn "asd_asd" into "asd asd" and output: dtml-var "_.string.join(_.string.split('asd_asd', '_'))" On Sun, 3 Sep 2000, Marcus Mendes wrote: Hello, I need replace 0x20 (space caracter ) to Undescore Caracter. I need also a function that UNDO this operation. How can I to do this in DTML sintaxe? Chris McDonough Digital Creations, Publishers of Zope http://www.zope.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] dtml-comment doesn't? Please fix... ;-)
Andrew, Did you see my solution to this? !--#comment this is all commented stuff. dtml-in "invalid_dtml_syntax"@#$#@%^ dtml-do wreak_havoc /dtml-unless --/dtml-comment I also posted a patch that would allow you to use syntax like this: !--#c dtml-with bad_code This neither renders nor preprocesses. /dtml-in -- Same effect, but a bit cleaner. If you'd like a copy of that patch, send me an e-mail. Take care, T.J. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andrew Kenneth Milton Sent: Monday, September 04, 2000 5:11 PM To: Kip Rugger Cc: [EMAIL PROTECTED] Subject: Re: [Zope] dtml-comment doesn't? Please fix... ;-) Won't work, the container will still be parsed for correctness at 'save' time. The problem isn't getting nested comments per se, we already have that. The problem is to completely ignore the contents of the comment tag whilst still allowing nested comments. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] categorization request
Zopatistas! I'd like to categorize the how-Tos in a similar style to how the products have been categorized. What I'm looking for is a volunteer who is willing to go through *all* the current HowTos and propose a classification. -- ethan mindlace fremen Zopatista Community Liason Abnegate I! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Underscore Caracter
On Tue, 5 Sep 2000, T.J. Mannos wrote: Hmm.. Shouldn't that be: _.string.join(_.string.split('asd asd'), ' '), '_') The second argument is implicit on string.split (it defaults to a single space). But your way works too. Or, alternatively (and more intuitively), _.string.replace('asd asd', ' ', '_') _.string.replace('asd_asd', '_', ' ') It should be noted that _.string.replace() is not mentioned in the DTML reference guide. If it exists, it should be used. Sigh. I can't wait for the Zope Book to come out, I'm going to be the first buyer. ;-) Hi Marcus, This is untested. Turn "asd asd" into "asd_asd" and output: dtml-var "_.string.join(_.string.split('asd asd'), '_')" Turn "asd_asd" into "asd asd" and output: dtml-var "_.string.join(_.string.split('asd_asd', '_'))" On Sun, 3 Sep 2000, Marcus Mendes wrote: Hello, I need replace 0x20 (space caracter ) to Undescore Caracter. I need also a function that UNDO this operation. How can I to do this in DTML sintaxe? Chris McDonough Digital Creations, Publishers of Zope http://www.zope.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] OSError along with FSSession...
Dear Zope Users: I have upgraded to FSSession 0.4.2 lately and occasionally run into the same problem several times. Each time it costs me a zope down. I do really need some help... Zope complains an error type "OSError" and throws the error value saying [Errno 21] Is a directory: '/usr/local/zope/var/FSSession/' occasionally since a recent upgrade of FSSession product to 0.4.2. Following that error will be a series of TransactionErrors for each and every request Zope received. And only a zope restart could help zope resume its operations. Since this error only comes up occasionally, I'm completely clueless on solving it. My environment is RedHat Linux 6.2 + Zope 2.1.6. The traceback information looks like this... Traceback (innermost last): File /usr/local/Zope-2.1.6-src/lib/python/ZPublisher/Publish.py, line 169, in publish File /usr/local/Zope-2.1.6-src/lib/python/ZODB/Transaction.py, line 275, in co mmit File /usr/local/Zope-2.1.6-src/lib/python/Shared/DC/ZRDB/TM.py, line 120, in t pc_finish (Object: TM) File /usr/local/zope/lib/python/Products/FSSession/FSSession.py, line 87, in _ finish (Object: TM) File /usr/local/zope/lib/python/Products/FSSession/FSSession.py, line 208, in final_commit (Object: FSSession) OSError: [Errno 21] Is a directory: '/usr/local/zope/var/FSSession/' Any help will be very appreciative! Chien-pin ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] supplemental group ids (Linux)
After some digging, it appears that this is a really good find. Thanks very much for reporting it. I am going to add a collector item with your message verbatim. Thanks very much! - C On 4 Sep 2000 [EMAIL PROTECTED] wrote: I noticed when starting Zope as root (to get privilaged ports), but requesting suid to `nobody' (start -u nobody) the resulting processes have the correct uid and gid, but the supplemental group id list still has the appropriate value for root. This means that the Zope process could, for example, write to files that may belong to root. It's not clear whether this deserves a bug report, so I though I'd ask here instead. The fix is easy (and very lightly tested): 1) grab and install the supplemental gid package (for python) http://www.ccraig.org/software/group.c 2) patch (for 2.2.0) --- z2.py.origFri Jun 30 10:23:53 2000 +++ z2.py Mon Sep 4 14:33:51 2000 @@ -682,13 +682,20 @@ if type(UID) == type(""): uid = pwd.getpwnam(UID)[2] gid = pwd.getpwnam(UID)[3] +uname = UID elif type(UID) == type(1): uid = pwd.getpwuid(UID)[2] gid = pwd.getpwuid(UID)[3] +uname = pwd.getpwuid(UID)[1] else: raise KeyError try: if gid is not None: +try: +import group +group.initgroups(uname, gid) +except: +pass try: os.setgid(gid) except OSError: ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) Chris McDonough Digital Creations, Publishers of Zope http://www.zope.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Underscore Caracter
Yep, it's there, but it's not documented. Basically, anything in the python "string" module should be accessible from Zope DTML. Now, who do I have to beat up to get the 're' module added to the namespace variable??? :) - T.J. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris McDonough Sent: Tuesday, September 05, 2000 7:54 PM To: T.J. Mannos Cc: Marcus Mendes; [EMAIL PROTECTED] Subject: RE: [Zope] Underscore Caracter On Tue, 5 Sep 2000, T.J. Mannos wrote: Hmm.. Shouldn't that be: _.string.join(_.string.split('asd asd'), ' '), '_') The second argument is implicit on string.split (it defaults to a single space). But your way works too. Or, alternatively (and more intuitively), _.string.replace('asd asd', ' ', '_') _.string.replace('asd_asd', '_', ' ') It should be noted that _.string.replace() is not mentioned in the DTML reference guide. If it exists, it should be used. Sigh. I can't wait for the Zope Book to come out, I'm going to be the first buyer. ;-) Hi Marcus, This is untested. Turn "asd asd" into "asd_asd" and output: dtml-var "_.string.join(_.string.split('asd asd'), '_')" Turn "asd_asd" into "asd asd" and output: dtml-var "_.string.join(_.string.split('asd_asd', '_'))" On Sun, 3 Sep 2000, Marcus Mendes wrote: Hello, I need replace 0x20 (space caracter ) to Undescore Caracter. I need also a function that UNDO this operation. How can I to do this in DTML sintaxe? Chris McDonough Digital Creations, Publishers of Zope http://www.zope.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Underscore Caracter
At 9/5/00 09:54 PM, Chris McDonough wrote: It should be noted that _.string.replace() is not mentioned in the DTML reference guide. If it exists, it should be used. Sigh. I can't wait for the Zope Book to come out, I'm going to be the first buyer. ;-) Not that I would expect it to exist, but according to "Python Essential Reference" p. 117, it is indeed present in the string module: replace( str, old, new [,max] ) -- Dennis Nichols [EMAIL PROTECTED] ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Underscore Caracter
Yes. Thank you. Note however that methods of modules accessed via the underscore namespace may be filtered individually, so although 'replace' exists as a method of the Python string module, this does not necessarily make it accessible implicitly through Zope via _.string.replace. It happens to be accessible in this case, but I'd bet there are cases in which methods accessible via modules of the _ namespace have been removed for "safe scripting" purposes. The solution is proper documentation. On Tue, 5 Sep 2000, Dennis Nichols wrote: At 9/5/00 09:54 PM, Chris McDonough wrote: It should be noted that _.string.replace() is not mentioned in the DTML reference guide. If it exists, it should be used. Sigh. I can't wait for the Zope Book to come out, I'm going to be the first buyer. ;-) Not that I would expect it to exist, but according to "Python Essential Reference" p. 117, it is indeed present in the string module: replace( str, old, new [,max] ) -- Dennis Nichols [EMAIL PROTECTED] ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) Chris McDonough Digital Creations, Publishers of Zope http://www.zope.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Ad banners in Zope anyone ?
Of the two methods currently described on the How-To for PHP from within Zope, one of them does handle authorization. Neither handles cookies at the present time. Advise on how to fix these limitations would be much appreciated. On Tue, Sep 05, 2000 at 02:23:19PM +, Bill Welch wrote: Check out the How-To athttp://www.zope.org/Members/Mamey/PHP. Doesn't handle redirection, authorization, or cookie passing, but it's a start. If you need the above mentioned features, I'll be posting my update by the end of the week. Bill. On Sat, 2 Sep 2000, Jason Cunliffe wrote: - Can one run PHP from inside of Zserver/ZODB easily? - How would to do that? - Is anyone using Zope for Ad Banner services?? - What would would make it a good or bad choice? ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) -- -- Andres Corrada-Emmanuel Email: [EMAIL PROTECTED] -- ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] RFC: ZEO howto
hi all drafted a simple how-to: use zeo with zope. need your inputs, corrections, comments, experience, notes, etc before i catalog it http://www.zope.org/Members/kedai/UseZeoZope thanks! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] problems installing PoPy-1.3.4 (fwd)
checking location of python shared modules... $(exec_prefix)/lib/python1.5/site-packages checking for PQconnectStart in -lpq... no configure: error: can't build without PostgreSQL libraries i struggled with this for quite some time. until i upgraded postgres to v7.0.2 i don't think i saw any requirement of a v7.x anywhere, but maybe i'm blind after spending too much time in front of the computer :) also, with 1.3.4, you need to add a comma (,) at line that has __compatibility__ = ('1.3.4',) ^ in ZPoPyDA/PoPy_db.py hth Now type 'make' to compile PoPy python module. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) __ Get your Private, Anti-Spam, Free Email at http://e3mil.com and Step into a Friendly Universe! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] RFC: ZEO howto
Looks great... I'd run it through a spell-checker if you've got one, but otherwise the content is really useful. Thanks! C On Wed, 6 Sep 2000, Bak @ kedai wrote: hi all drafted a simple how-to: use zeo with zope. need your inputs, corrections, comments, experience, notes, etc before i catalog it http://www.zope.org/Members/kedai/UseZeoZope thanks! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) Chris McDonough Digital Creations, Publishers of Zope http://www.zope.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] For the Zope community
Zopistas, It has been very rewarding to work with DC and the Zope community. I have learned a lot about software and community spirit. I have never had the opportunity to work with a more enthusiastic and dedicated group of developers. So at this time I'm releasing two new products designed to help Zope users to get their job done more easily. http://www.zope.org/Members/hathawsh/ZDebug/index_html ZDebug is a set of patches to Zope that help in the deciphering of DTML errors and authorization exceptions. Because this is the first release, remember to make a backup before installing. http://www.zope.org/Members/hathawsh/tcpwatch/index_html TCPWatch is a simple Python script that lets you monitor a TCP connection. It does *not* depend on Zope, but it can be especially useful when writing Zope apps for WAP devices because the WAP devices will not display Zope exceptions while TCPWatch will. It's also useful for debugging any TCP/IP-based protocol implementation. Keep up the awesome work! Shane ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )