[Zope-dev] Zope Tests: 5 OK
Summary of messages to the zope-tests list. Period Tue Jul 10 12:00:00 2007 UTC to Wed Jul 11 12:00:00 2007 UTC. There were 5 messages: 5 from Zope Unit Tests. Tests passed OK --- Subject: OK : Zope-2.7 Python-2.3.6 : Linux From: Zope Unit Tests Date: Tue Jul 10 20:53:20 EDT 2007 URL: http://mail.zope.org/pipermail/zope-tests/2007-July/008012.html Subject: OK : Zope-2.8 Python-2.3.6 : Linux From: Zope Unit Tests Date: Tue Jul 10 20:54:51 EDT 2007 URL: http://mail.zope.org/pipermail/zope-tests/2007-July/008013.html Subject: OK : Zope-2.9 Python-2.4.4 : Linux From: Zope Unit Tests Date: Tue Jul 10 20:56:23 EDT 2007 URL: http://mail.zope.org/pipermail/zope-tests/2007-July/008014.html Subject: OK : Zope-2.10 Python-2.4.4 : Linux From: Zope Unit Tests Date: Tue Jul 10 20:57:54 EDT 2007 URL: http://mail.zope.org/pipermail/zope-tests/2007-July/008015.html Subject: OK : Zope-trunk Python-2.4.4 : Linux From: Zope Unit Tests Date: Tue Jul 10 20:59:28 EDT 2007 URL: http://mail.zope.org/pipermail/zope-tests/2007-July/008016.html ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] vulnerability in zope 2.10.4
hi, imho i've found a vulnerability in zope 2.10.4 or rather in the newer version of five (1.5.5) used by it. in `Five/browser/ pagetemplatefile.py` in line 27 `createTrustedZopeEngine` is used the instantiate the page template engine used by five templates, or at least this is what i think it does. the problem with this is that `trustedBoboAwareZopeTraverse` (in `PageTemplates/Expressions.py`) gets used to traverse path-expressions using `unrestrictedTraverse` (line 100), which means that i can access say the title of an otherwise private object with a simple obj/Title. i ran into this when one of my doctests[1] failed after upgrading from zope 2.10.3 to 2.10.4, because it could now access the title, even though permissions are explicitly set up beforehand to prevent this. using `createZopeEngine` instead of `createTrustedZopeEngine` didn't help with the test, unfortunately, since this would then raise an `Unauthorized` right away when rendering the `folder_contents` view. however, if i defer resetting the roles of the test user to just before the click on 'Delete' (line 35 in the test), the test works again... i've also just verified this ttw by creating a simple five view and a file object. i can successfully access the title attribute using the view, even though view and access contents information permissions are set up so only the manager role can access the object. dropping in zope 2.10.3 things work as expected, that is an `Unauthorized` exception is raised. so, unless i'm completely wrong here, i'd say this is a pretty serious security whole, no? cheers, andi [1] http://dev.plone.org/plone/browser/plone.app.linkintegrity/trunk/ plone/app/linkintegrity/docs/testReferalToPrivateFiles.txt?rev=16003 -- zeidler it consulting - http://zitc.de/ - [EMAIL PROTECTED] friedelstraße 31 - 12047 berlin - telefon +49 30 25563779 pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/ sprint with us! - http://plone.org/events/sprints/potsdam-sprint-2007 PGP.sig Description: This is a digitally signed message part ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: vulnerability in zope 2.10.4
On Jul 12, 2007, at 12:48 AM, Andreas Zeidler wrote: so, unless i'm completely wrong here, i'd say this is a pretty serious security whole, no? that should have been a hole, actually... too late already, sorry! :) andi -- zeidler it consulting - http://zitc.de/ - [EMAIL PROTECTED] friedelstraße 31 - 12047 berlin - telefon +49 30 25563779 pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/ sprint with us! - http://plone.org/events/sprints/potsdam-sprint-2007 PGP.sig Description: This is a digitally signed message part ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: vulnerability in zope 2.10.4
Andreas Zeidler wrote: hi, imho i've found a vulnerability in zope 2.10.4 or rather in the newer version of five (1.5.5) used by it. in `Five/browser/ pagetemplatefile.py` in line 27 `createTrustedZopeEngine` is used the instantiate the page template engine used by five templates, or at least this is what i think it does. the problem with this is that `trustedBoboAwareZopeTraverse` (in `PageTemplates/Expressions.py`) gets used to traverse path-expressions using `unrestrictedTraverse` (line 100), which means that i can access say the title of an otherwise private object with a simple obj/Title. i ran into this when one of my doctests[1] failed after upgrading from zope 2.10.3 to 2.10.4, because it could now access the title, even though permissions are explicitly set up beforehand to prevent this. using `createZopeEngine` instead of `createTrustedZopeEngine` didn't help with the test, unfortunately, since this would then raise an `Unauthorized` right away when rendering the `folder_contents` view. however, if i defer resetting the roles of the test user to just before the click on 'Delete' (line 35 in the test), the test works again... i've also just verified this ttw by creating a simple five view and a file object. i can successfully access the title attribute using the view, even though view and access contents information permissions are set up so only the manager role can access the object. dropping in zope 2.10.3 things work as expected, that is an `Unauthorized` exception is raised. so, unless i'm completely wrong here, i'd say this is a pretty serious security whole, no? I'd say no. I believe this came from http://article.gmane.org/gmane.comp.web.zope.z3base.five/2225, and I believe it's a legitimate bugfix. Basically, I'd argue that .pt files for Five views are no less filesystem code than the .py files that house a view class. Previously, we had a weird situation where you got restrictedTraverse-like functionality using TALES (tal:replace='obj/attr') but not using python: expressions (tal:replace='python:obj.attr'). I have code which looks significantly funny or jumps through security hoops (arguably exposing too much information in the process) to deal with this bug (which is what I'd call it), and I'm really glad it's fixed. :) Obviously, this may be a problem for five.customerize, which needs to be more restrictive. I suspect five.customerize would've had a security hole with python: expressions, though. In any case, five.customerize is surely the exception here: The boundary between trusted and untrusted code has always been filesystem vs. TTW-editable. In general, this is only a security problem if: (a) a view is registered too loosely e.g. for * and could thus be used to inspect or modify objects that it wasn't really designed to deal with and (b) a view is registered for too liberal a permission; i.e. the permission to invoke the view is more widely available than the permission to access the attribute that the view is accessing on its context Even then, I think this is security-through-obscurity. If the variable in question was prepared/processed via python code in a view class, it'd never have been protected. In fact, if it was output using a python: expression rather than TALES, it would never have been protected. Martin -- Acquisition is a jealous mistress ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: vulnerability in zope 2.10.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Zeidler wrote: hi, imho i've found a vulnerability in zope 2.10.4 or rather in the newer version of five (1.5.5) used by it. in `Five/browser/ pagetemplatefile.py` in line 27 `createTrustedZopeEngine` is used the instantiate the page template engine used by five templates, or at least this is what i think it does. the problem with this is that `trustedBoboAwareZopeTraverse` (in `PageTemplates/Expressions.py`) gets used to traverse path-expressions using `unrestrictedTraverse` (line 100), which means that i can access say the title of an otherwise private object with a simple obj/Title. i ran into this when one of my doctests[1] failed after upgrading from zope 2.10.3 to 2.10.4, because it could now access the title, even though permissions are explicitly set up beforehand to prevent this. using `createZopeEngine` instead of `createTrustedZopeEngine` didn't help with the test, unfortunately, since this would then raise an `Unauthorized` right away when rendering the `folder_contents` view. however, if i defer resetting the roles of the test user to just before the click on 'Delete' (line 35 in the test), the test works again... i've also just verified this ttw by creating a simple five view and a file object. i can successfully access the title attribute using the view, even though view and access contents information permissions are set up so only the manager role can access the object. dropping in zope 2.10.3 things work as expected, that is an `Unauthorized` exception is raised. so, unless i'm completely wrong here, i'd say this is a pretty serious security whole, no? No. It has been an accident that, until just recently, the filesystem-based templates in a Five view were running as untrusted code. Five's security model is designed around protecting access to the *view*, but then trusting the view author to do the Right Thing. THis is similar to the trust Zope places in filesystem-based code: within a method of a filesystem-basd class (or a module-scope funciton), the developer can use whatever methods or attributes she likes. So, for instance, it is possible for the author of the view class to write methods which exposed private attributes to the view's template, for instance (and has beenn since before Five was added to Zope). The model you have in mind governs untrusted (through-the-web) code, whether ZPT, DTML, or Python Script, and isn't relevant to Five views. Tres. - -- === Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGlXrw+gerLs4ltQ4RAiBBAJsFDX9ESHgkQN57aRftypmtBCIAYgCgjDl6 ui7p8c1qIwr2rFr645uat2Q= =dAl0 -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: vulnerability in zope 2.10.4
On Jul 12, 2007, at 2:50 AM, Tres Seaver wrote: so, unless i'm completely wrong here, i'd say this is a pretty serious security whole, no? No. It has been an accident that, until just recently, the filesystem-based templates in a Five view were running as untrusted code. yep, martin's already told me the same on irc, along with the history of your fix. but thanks for the quick answer... So, for instance, it is possible for the author of the view class to write methods which exposed private attributes to the view's template, for instance (and has beenn since before Five was added to Zope). i know that, of course, but was assuming that rendering five views as untrusted code was intentional, especially since templates registered for * could potentially be pretty harmful. plus i wasn't expecting an imho significant change like that to happen in a bugfix release. but anyway, thanks for clarifying! :) andi -- zeidler it consulting - http://zitc.de/ - [EMAIL PROTECTED] friedelstraße 31 - 12047 berlin - telefon +49 30 25563779 pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/ sprint with us! - http://plone.org/events/sprints/potsdam-sprint-2007 PGP.sig Description: This is a digitally signed message part ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope] does fsdump dump content objects to the file system?
Hi We have a requirement to export the content objects of a large plone based intranet site out to a windows filesystem. This would be carried out on a once a week basis in addition to daily back up of the ZODB. Management need to know that all their digital assets are available from outside the ZODB incase of disaster or for any future migration purposes (Hopefully not required!) I got a tip off about Tres Seaver's fsdump product and have been trying it out on Plone 2.5.3 and Zope 2.9.7 Followed all the readmes and instructions. Created a dumper object and performed a site dump. I'm only getting .metadata and reference_catalog.catalog, uid_catalog etc files coming out. The site has published folders and files/images etc. I've tried creating a /home folder with only images and files underneath that and a dump only results in .metadata from there. Had a look at the code and it looks like it is set-up to dump folders and files/images etc. Probably missing something. Any comment appreciated. Thanks -- michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] how dump Zope database content into a file system directory tree?
Hi Jim Did you get this working? On 9/13/05, Jim Washington [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Possible to dump content in Zope database into a file system tree? Yes. http://www.zope.org/Members/tseaver/FSDump --Jim Washington ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] MailHost and Bcc
Good morning!
My web site utilizes forms pretty extensively, and I've been trying to
figure out how--on one particular form, an admission application--to bcc all
copies to another address. Depending on which campus the applicant chooses,
the app is emailed to a different person; the program director wants to
receive ALL the apps, without the other recipients knowing. But I just
can't seem to make it work. Of course, that might have something to do with
the fact that I'm not a programmer, which is why I'm asking for help. Any
suggestions would be greatly appreciated! The coding looks like this:
# Example code:
# Import a standard function, and get the HTML request and response objects.
from Products.PythonScripts.standard import html_quote
request = container.REQUEST
RESPONSE = request.RESPONSE
try:
mailhost=getattr(context, context.superValues('Mail Host')[0].id)
except:
raise AttributeError, cant find a Mail Host object
contacts = {
'Bay Minette': '[EMAIL PROTECTED]',
'Center Point': '[EMAIL PROTECTED]',
'Pell City': '[EMAIL PROTECTED]',
'Shelby': '[EMAIL PROTECTED]',
'Enterprise': '[EMAIL PROTECTED]',
'Daphne': '[EMAIL PROTECTED]',
'Montgomery': '[EMAIL PROTECTED]'
}
if request.has_key('campus'):
mTo = contacts[request['campus']]
else:
mTo = 'School of Business and Professional Studies
[EMAIL PROTECTED]'
mFrom = 'School of Business and Professional Studies [EMAIL PROTECTED]'
if request.has_key('email') and request.has_key('first_name') and
request.has_key('last_name'):
if request['email'] != '' and request['first_name'] != '' and
request['last_name'] != '':
mFrom = %s %s %s % (request['first_name'], request['last_name'],
request['email'])
mSubj = 'SBPS Application'
print Application Information
print -
print Term:\t\t, request['term']
print Campus:\t, request['campus']
print Name:\t\t, request['prefix'], request['first_name'],
request['middle_name'], request['last_name']
print Preferred Name:\t\t, request['preferred_name']
print Maiden Name:\t\t, request['maiden_name']
print DOB:\t\t%s/%s/%s % (request['dob_month'], request['dob_day'],
request['dob_year'])
print Address:\t\t, request['address']
if request.has_key('address_2'):
if request['address_2'] != '':
print \t\t\t, request['address_2']
print City:\t\t, request['city']
print State:\t\t, request['state']
print Zip Code:\t\t, request['zip']
print Email:\t\t, request['email']
print Home Phone:\t, request['phone_home']
print Work Phone:\t, request['phone_work']
print Cell Phone:\t, request['phone_cell']
print
if request.has_key('citizenship'):
if request['citizenship'] == 'U.S.':
print Citizenship:\t\t, request['citizenship']
else:
print Citizenship:\t\t, request['citizenship_other']
print Marital Status:\t, request['optional_martial_status']
print Ethnic Origin:\t, request['optional_ethnicity']
print Religion:\t, request['optional_religion']
if request.has_key('work_experience'): print ' Work Experience:\t',
request['work_experience']
if request.has_key('financial_aid'): print ' Financial Aid:\t\t',
request['financial_aid']
if request.has_key('veteran'): print ' Veteran\'s Benefits:\t',
request['veteran']
print
print 'Academic Information'
print ' High School:\t', request['high_school']
print ' City:\t\t', request['high_school_city']
print ' State:\t\t', request['high_school_state']
print ' Graduated:\t', request['high_school_graduated']
print ''
if request.has_key('school_name') and request.has_key('school_city') and
request.has_key('school_state') and request.has_key('school_credits'):
schools = [school for school in request['school_name'] if school != '']
i = 0
print Other schools attended:
print ---
for school in schools:
print School:\t, school
print City:\t, request['school_city'][i]
print State:\t, request['school_state'][i]
print Credits:\t, request['school_credits'][i]
print
i = i + 1
print Applicable Military Training:
if request.has_key('military_training'):
if request['military_training'] != '':
print request['military_training']
else: print 'None'
print 'Source:'
print request['source']
print
#print request
#return printed
try:
mailhost.send(printed, mTo, mFrom, mSubj)
request.RESPONSE.redirect('/sbps/application_success')
except:
request.RESPONSE.redirect('/sbps/application_error')
#return printed
-
Catherine E. Reinehr
Webmaster Publications Designer
Huntingdon College
1500 E. Fairview Ave.
Montgomery, AL 36106
(334) 833-4429 / Flowers 207
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
[Zope] SiteErrorLog
I've been playing with a new monkey patch product for zope 2.8 (at least) and I confidentally call it 'BetterSiteErrorLog'. The only two features I've added so far is to make the error log searchable and that it shows the date of errors older than one day. What other products are there out there already that I should look at? What other features have you guys been desiring in the error_log but never had the time to do something about? -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: does fsdump dump content objects to the file system?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 michael nt milne wrote: Hi We have a requirement to export the content objects of a large plone based intranet site out to a windows filesystem. This would be carried out on a once a week basis in addition to daily back up of the ZODB. Management need to know that all their digital assets are available from outside the ZODB incase of disaster or for any future migration purposes (Hopefully not required!) I got a tip off about Tres Seaver's fsdump product and have been trying it out on Plone 2.5.3 and Zope 2.9.7 Followed all the readmes and instructions. Created a dumper object and performed a site dump. I'm only getting .metadata and reference_catalog.catalog, uid_catalog etc files coming out. The site has published folders and files/images etc. I've tried creating a /home folder with only images and files underneath that and a dump only results in .metadata from there. Had a look at the code and it looks like it is set-up to dump folders and files/images etc. Probably missing something. Any comment appreciated. FSDump predates Plone, and even CMF: it doesn't have support for dumping arbitrary content objects. Such support is available in GenericSetup (shipped as part of Plone 2.5). For an example of using the GS framework to extract content folder, see: http://palladion.com/home/tseaver/software/CMFFolderExport Tres. - -- === Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGlPQ8+gerLs4ltQ4RAt17AJ9cU//oPLU9z12HtepsHpE5wRi+XwCff+8b 9urEJRh6Qg4P681KQtdFoO8= =wSQY -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] SiteErrorLog
- Original Message - From: Peter Bengtsson [EMAIL PROTECTED] To: zope user list zope@zope.org Sent: Wednesday, July 11, 2007 11:16 AM Subject: [Zope] SiteErrorLog I've been playing with a new monkey patch product for zope 2.8 (at least) and I confidentally call it 'BetterSiteErrorLog'. The only two features I've added so far is to make the error log searchable and that it shows the date of errors older than one day. What other products are there out there already that I should look at? What other features have you guys been desiring in the error_log but never had the time to do something about? Wish list item: inclusion of line number where error occurs in a dtml method (or code that caused the error) Many many thanks if you can make this happen! Jonathan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] SiteErrorLog
or ZSQL methods and where they barf in the call. Sounds cool Peter! Thanks Allen Jonathan wrote: - Original Message - From: Peter Bengtsson [EMAIL PROTECTED] To: zope user list zope@zope.org Sent: Wednesday, July 11, 2007 11:16 AM Subject: [Zope] SiteErrorLog I've been playing with a new monkey patch product for zope 2.8 (at least) and I confidentally call it 'BetterSiteErrorLog'. The only two features I've added so far is to make the error log searchable and that it shows the date of errors older than one day. What other products are there out there already that I should look at? What other features have you guys been desiring in the error_log but never had the time to do something about? Wish list item: inclusion of line number where error occurs in a dtml method (or code that caused the error) Many many thanks if you can make this happen! Jonathan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: does fsdump dump content objects to the file system?
Thanks On 7/11/07, Tres Seaver [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 michael nt milne wrote: Hi We have a requirement to export the content objects of a large plone based intranet site out to a windows filesystem. This would be carried out on a once a week basis in addition to daily back up of the ZODB. Management need to know that all their digital assets are available from outside the ZODB incase of disaster or for any future migration purposes (Hopefully not required!) I got a tip off about Tres Seaver's fsdump product and have been trying it out on Plone 2.5.3 and Zope 2.9.7 Followed all the readmes and instructions. Created a dumper object and performed a site dump. I'm only getting .metadata and reference_catalog.catalog, uid_catalog etc files coming out. The site has published folders and files/images etc. I've tried creating a /home folder with only images and files underneath that and a dump only results in .metadata from there. Had a look at the code and it looks like it is set-up to dump folders and files/images etc. Probably missing something. Any comment appreciated. FSDump predates Plone, and even CMF: it doesn't have support for dumping arbitrary content objects. Such support is available in GenericSetup (shipped as part of Plone 2.5). For an example of using the GS framework to extract content folder, see: http://palladion.com/home/tseaver/software/CMFFolderExport Tres. - -- === Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGlPQ8+gerLs4ltQ4RAt17AJ9cU//oPLU9z12HtepsHpE5wRi+XwCff+8b 9urEJRh6Qg4P681KQtdFoO8= =wSQY -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] MailHost and Bcc
I doubt that the MailHost supports bcc with the send() function.
I for one don't use the MailHost's send() function. I just use it's
_send() function for the actual sending and I create the email message
manually using the email package in python. But that's a whole different
story.
If you look up the Secure MailHost product I think it has a function
called secureSend() or something which I think has a bcc parameter that
you might find useful.
Catherine E. Reinehr wrote:
Good morning!
My web site utilizes forms pretty extensively, and I've been trying to
figure out how--on one particular form, an admission application--to bcc all
copies to another address. Depending on which campus the applicant chooses,
the app is emailed to a different person; the program director wants to
receive ALL the apps, without the other recipients knowing. But I just
can't seem to make it work. Of course, that might have something to do with
the fact that I'm not a programmer, which is why I'm asking for help. Any
suggestions would be greatly appreciated! The coding looks like this:
# Example code:
# Import a standard function, and get the HTML request and response objects.
from Products.PythonScripts.standard import html_quote
request = container.REQUEST
RESPONSE = request.RESPONSE
try:
mailhost=getattr(context, context.superValues('Mail Host')[0].id)
except:
raise AttributeError, cant find a Mail Host object
contacts = {
'Bay Minette': '[EMAIL PROTECTED]',
'Center Point': '[EMAIL PROTECTED]',
'Pell City': '[EMAIL PROTECTED]',
'Shelby': '[EMAIL PROTECTED]',
'Enterprise': '[EMAIL PROTECTED]',
'Daphne': '[EMAIL PROTECTED]',
'Montgomery': '[EMAIL PROTECTED]'
}
if request.has_key('campus'):
mTo = contacts[request['campus']]
else:
mTo = 'School of Business and Professional Studies
[EMAIL PROTECTED]'
mFrom = 'School of Business and Professional Studies [EMAIL PROTECTED]'
if request.has_key('email') and request.has_key('first_name') and
request.has_key('last_name'):
if request['email'] != '' and request['first_name'] != '' and
request['last_name'] != '':
mFrom = %s %s %s % (request['first_name'], request['last_name'],
request['email'])
mSubj = 'SBPS Application'
print Application Information
print -
print Term:\t\t, request['term']
print Campus:\t, request['campus']
print Name:\t\t, request['prefix'], request['first_name'],
request['middle_name'], request['last_name']
print Preferred Name:\t\t, request['preferred_name']
print Maiden Name:\t\t, request['maiden_name']
print DOB:\t\t%s/%s/%s % (request['dob_month'], request['dob_day'],
request['dob_year'])
print Address:\t\t, request['address']
if request.has_key('address_2'):
if request['address_2'] != '':
print \t\t\t, request['address_2']
print City:\t\t, request['city']
print State:\t\t, request['state']
print Zip Code:\t\t, request['zip']
print Email:\t\t, request['email']
print Home Phone:\t, request['phone_home']
print Work Phone:\t, request['phone_work']
print Cell Phone:\t, request['phone_cell']
print
if request.has_key('citizenship'):
if request['citizenship'] == 'U.S.':
print Citizenship:\t\t, request['citizenship']
else:
print Citizenship:\t\t, request['citizenship_other']
print Marital Status:\t, request['optional_martial_status']
print Ethnic Origin:\t, request['optional_ethnicity']
print Religion:\t, request['optional_religion']
if request.has_key('work_experience'): print ' Work Experience:\t',
request['work_experience']
if request.has_key('financial_aid'): print ' Financial Aid:\t\t',
request['financial_aid']
if request.has_key('veteran'): print ' Veteran\'s Benefits:\t',
request['veteran']
print
print 'Academic Information'
print ' High School:\t', request['high_school']
print ' City:\t\t', request['high_school_city']
print ' State:\t\t', request['high_school_state']
print ' Graduated:\t', request['high_school_graduated']
print ''
if request.has_key('school_name') and request.has_key('school_city') and
request.has_key('school_state') and request.has_key('school_credits'):
schools = [school for school in request['school_name'] if school != '']
i = 0
print Other schools attended:
print ---
for school in schools:
print School:\t, school
print City:\t, request['school_city'][i]
print State:\t, request['school_state'][i]
print Credits:\t, request['school_credits'][i]
print
i = i + 1
print Applicable Military Training:
if request.has_key('military_training'):
if request['military_training'] != '':
print request['military_training']
else: print 'None'
print 'Source:'
print request['source']
print
#print request
#return printed
try:
mailhost.send(printed, mTo, mFrom, mSubj)
request.RESPONSE.redirect('/sbps/application_success')
except:
Re: [Zope] SiteErrorLog
I'm not changing the traceback of the actual errors. Allen Schmidt Sr. wrote: or ZSQL methods and where they barf in the call. Sounds cool Peter! Thanks Allen Jonathan wrote: - Original Message - From: Peter Bengtsson [EMAIL PROTECTED] To: zope user list zope@zope.org Sent: Wednesday, July 11, 2007 11:16 AM Subject: [Zope] SiteErrorLog I've been playing with a new monkey patch product for zope 2.8 (at least) and I confidentally call it 'BetterSiteErrorLog'. The only two features I've added so far is to make the error log searchable and that it shows the date of errors older than one day. What other products are there out there already that I should look at? What other features have you guys been desiring in the error_log but never had the time to do something about? Wish list item: inclusion of line number where error occurs in a dtml method (or code that caused the error) Many many thanks if you can make this happen! Jonathan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] SiteErrorLog
I'm not changing the traceback of the actual errors. Jonathan wrote: - Original Message - From: Peter Bengtsson [EMAIL PROTECTED] To: zope user list zope@zope.org Sent: Wednesday, July 11, 2007 11:16 AM Subject: [Zope] SiteErrorLog I've been playing with a new monkey patch product for zope 2.8 (at least) and I confidentally call it 'BetterSiteErrorLog'. The only two features I've added so far is to make the error log searchable and that it shows the date of errors older than one day. What other products are there out there already that I should look at? What other features have you guys been desiring in the error_log but never had the time to do something about? Wish list item: inclusion of line number where error occurs in a dtml method (or code that caused the error) Many many thanks if you can make this happen! Jonathan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- Peter Bengtsson, work www.fry-it.com home www.peterbe.com hobby www.issuetrackerproduct.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] 2.6 to 2.10 migration: RuntimeError: maximum recursion depth exceeded
Hello, after importing a product from zope 2.6.4 to a 2.10.3 instance, trying to open the product produces quite a lot of errors in my event.log, and a traceback in the zope management interface. I found a lot of mails regarding plone upgrades which report a similar RuntimeError. What exactly does this mean? this is what i get in event.log: -- 2007-07-12T00:47:24 ERROR ZODB.Connection Couldn't load state for 0x0aa5 Traceback (most recent call last): File /usr/lib/zope2.10/lib/python/ZODB/Connection.py, line 749, in setstate self._setstate(obj) File /usr/lib/zope2.10/lib/python/ZODB/Connection.py, line 807, in _setstate self._reader.setGhostState(obj, p) File /usr/lib/zope2.10/lib/python/ZODB/serialize.py, line 604, in setGhostState state = self.getState(pickle) File /usr/lib/zope2.10/lib/python/ZODB/serialize.py, line 597, in getState return unpickler.load() File /usr/lib/zope2.10/lib/python/ZODB/serialize.py, line 471, in _persistent_load return self.load_oid(reference) File /usr/lib/zope2.10/lib/python/ZODB/serialize.py, line 537, in load_oid return self._conn.get(oid) File /usr/lib/zope2.10/lib/python/ZODB/Connection.py, line 208, in get obj._p_jar = self File /usr/lib/zope2.10/lib/python/ZClasses/_pmc.py, line 65, in __setattr__ super(ZClassPersistentMetaClass, self).__setattr__(name, v) File /usr/lib/zope2.10/lib/python/ZODB/persistentclass.py, line 84, in __set__ jar.setstate(inst) File /usr/lib/zope2.10/lib/python/ZODB/Connection.py, line 754, in setstate exc_info=sys.exc_info()) File logging/__init__.py, line 999, in error File logging/__init__.py, line 1078, in _log File logging/__init__.py, line 1064, in makeRecord File logging/__init__.py, line 246, in __init__ def setupConfiguredLoggers(self): File threading.py, line 677, in currentThread return _DummyThread() RuntimeError: maximum recursion depth exceeded -- [ hundredthousands of lines with similar tracebacks, which become longer and longer ] -- 2007-07-12T00:47:26 ERROR Zope.SiteErrorLog https://sandbox.kicms.de/Control_Panel/Products/BasicCMS/manage_main Traceback (innermost last): Module ZPublisher.Publish, line 119, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 42, in call_object Module Shared.DC.Scripts.Bindings, line 313, in __call__ Module Shared.DC.Scripts.Bindings, line 350, in _bindAndExec Module App.special_dtml, line 178, in _exec Module DocumentTemplate.DT_Let, line 76, in render Module DocumentTemplate.DT_In, line 643, in renderwob Module DocumentTemplate.DT_In, line 771, in sort_sequence Module ZODB.Connection, line 749, in setstate Module ZODB.Connection, line 807, in _setstate Module ZODB.serialize, line 604, in setGhostState Module ZODB.serialize, line 597, in getState Module ZODB.serialize, line 471, in _persistent_load Module ZODB.serialize, line 537, in load_oid Module ZODB.Connection, line 208, in get Module ZClasses._pmc, line 65, in __setattr__ Module ZODB.persistentclass, line 84, in __set__ Module ZODB.Connection, line 749, in setstate Module ZODB.Connection, line 807, in _setstate Module ZODB.serialize, line 604, in setGhostState Module ZODB.serialize, line 597, in getState Module ZODB.serialize, line 471, in _persistent_load Module ZODB.serialize, line 537, in load_oid Module ZODB.Connection, line 208, in get Module ZClasses._pmc, line 65, in __setattr__ Module ZODB.persistentclass, line 84, in __set__ Module ZODB.Connection, line 749, in setstate Module ZODB.Connection, line 807, in _setstate Module ZODB.serialize, line 604, in setGhostState Module ZODB.serialize, line 597, in getState Module ZODB.serialize, line 471, in _persistent_load Module ZODB.serialize, line 537, in load_oid Module ZODB.Connection, line 208, in get Module ZClasses._pmc, line 65, in __setattr__ Module ZODB.persistentclass, line 84, in __set__ Module ZODB.Connection, line 749, in setstate Module ZODB.Connection, line 807, in _setstate Module ZODB.serialize, line 604, in setGhostState Module ZODB.serialize, line 597, in getState Module ZODB.serialize, line 471, in _persistent_load Module ZODB.serialize, line 537, in load_oid Module ZODB.Connection, line 208, in get Module ZClasses._pmc, line 65, in __setattr__ Module ZODB.persistentclass, line 84, in __set__ Module ZODB.Connection, line 749, in setstate Module ZODB.Connection, line 807, in _setstate Module ZODB.serialize, line 604, in setGhostState Module ZODB.serialize, line 597, in getState Module ZODB.serialize, line 471, in _persistent_load Module ZODB.serialize, line 537, in load_oid Module ZODB.Connection, line 208, in get Module ZClasses._pmc, line 65, in __setattr__ Module ZODB.persistentclass, line 84, in __set__ Module ZODB.Connection, line 749, in setstate Module ZODB.Connection, line 807, in _setstate Module ZODB.serialize, line
[Zope] Zope 2.10.4 Upgrade
I recently upgraded from Zope 2.10.0 to 2.10.4. However, the Zope instance still reflects 2.10.0 in the control panel. I installed Zope 2.10.4. Then, in my instance, I changed the variables in 'zopectl' and 'zope.conf' to reflect the new 2.10.4 version and restarted. Did I miss a step? Thanks in Advance, Dave ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] 2.6 to 2.10 migration: RuntimeError: maximum recursion depth exceeded
--On 12. Juli 2007 01:02:49 +0200 Jonas Meurer [EMAIL PROTECTED] wrote: Hello, after importing a product from zope 2.6.4 to a 2.10.3 instance, trying to open the product produces quite a lot of errors in my event.log, and a traceback in the zope management interface. Importing as zexp? If yes, this is unsupported. -aj -- ZOPYX Ltd. Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: [EMAIL PROTECTED] - Phone +49 - 7071 - 793376 Registergericht: Amtsgericht Stuttgart, Handelsregister A 381535 Geschäftsführer/Gesellschafter: ZOPYX Limited, Birmingham, UK E-Publishing, Python, Zope Plone development, Consulting pgpA54dAIvqsO.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.10.4 Upgrade
--On 11. Juli 2007 23:03:11 -0400 David Ayres [EMAIL PROTECTED] wrote: I recently upgraded from Zope 2.10.0 to 2.10.4. However, the Zope instance still reflects 2.10.0 in the control panel. I happened by installation the new version of an existing one? (not recommended). -aj pgpspOATgboUU.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] 2.6 to 2.10 migration: RuntimeError: maximum recursion depth exceeded
On 7/12/07, Andreas Jung [EMAIL PROTECTED] wrote: --On 12. Juli 2007 01:02:49 +0200 Jonas Meurer [EMAIL PROTECTED] wrote: Hello, after importing a product from zope 2.6.4 to a 2.10.3 instance, trying to open the product produces quite a lot of errors in my event.log, and a traceback in the zope management interface. try 2.10.4. if you're lucky, everything works out ok. else, start looking for something to sacrifice :) either way, not using zclass is the way to go atm -- http://myzope.kedai.com.my - my-zope org ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
