[Zope] Two problems regarding security, and eval in zope 2.2.4

2000-12-16 Thread Manuel Amador (Rudd-O) Gerente de desarrollo Alpha 

Hello everyone,

I\'m having a little bit of trouble:
http://boeing:8080/manage_access <- traceback of the manage_Access view in the 
ROOT folder


Traceback (innermost last):
  File /usr/lib/python1.5/site-packages/ZPublisher/Publish.py, line 222, in 
publish_module
  File /usr/lib/python1.5/site-packages/ZPublisher/Publish.py, line 187, in 
publish
  File /usr/share/zope/lib/python/Zope/__init__.py, line 221, in 
zpublisher_exception_hook
(Object: ApplicationDefaultPermissions)
  File /usr/lib/python1.5/site-packages/ZPublisher/Publish.py, line 171, in 
publish
  File /usr/lib/python1.5/site-packages/ZPublisher/mapply.py, line 160, in 
mapply
(Object: manage_access)
  File /usr/lib/python1.5/site-packages/ZPublisher/Publish.py, line 112, in 
call_object
(Object: manage_access)
  File /usr/share/zope/lib/python/AccessControl/Role.py, line 255, in 
manage_access
(Object: ApplicationDefaultPermissions)
  File /usr/share/zope/lib/python/App/special_dtml.py, line 120, in __call__
(Object: access)
  File /usr/lib/python1.5/site-packages/DocumentTemplate/DT_String.py, line 
528, in __call__
(Object: access)
  File /usr/lib/python1.5/site-packages/DocumentTemplate/DT_With.py, line 146, 
in render
(Object: _.namespace(valid_roles=valid_roles()))
  File /usr/lib/python1.5/site-packages/DocumentTemplate/DT_In.py, line 630, in 
renderwob
(Object: permission_settings)
  File /usr/share/zope/lib/python/AccessControl/Role.py, line 182, in 
permission_settings
(Object: ApplicationDefaultPermissions)
  File /usr/share/zope/lib/python/AccessControl/Role.py, line 177, in 

TypeError: (see above)




that was problem number one.

problem number two.

I\'d like to take the contents of a variable, and they being the name of an 
image object, render it on the web page as an IMG SRC, just like a .  I know this could be done with external python scripts and eval.  
But so far all i get is integeroverflows.



any ideas?  please cc: me because I\'m a little bit busy.  Thanks =)
--
   Universidad Federico Santa Maria - Campus Guayaquil
 Enviado por:  www.usm.edu.ec/computacion

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] sql query results -> DTML method problem

2000-12-16 Thread Manuel Amador (Rudd-O) Gerente de desarrollo Alpha 

Quoting Lee Reilly CS1997 <[EMAIL PROTECTED]>:

> Hi,
> 
> I have a TINY problem, which I think there is a simple solution too...
> but for the life of me, I can\'t find it! I\'d be grateful if someone
> could point me in the right direction.
> 
> I have a database setup containing details of classes, students &
> lecturers. The user is prompted to enter a class code (a unique key)
> which is used to query the database and return the class title. Simple.
> 
> A DTML method prompts me for the class code
> -- I enter 52.139 and it posts to a method \'enterClassCodeAction\',
> below.
> 
> #1
> #2Confirm
> #3You entered 
> #4
> #5
> #6Our records show that  is called
> #7
> #8

RING: dont do that, dtml wont work in python namespace
instead, remember that in python namespace all vars present in dtml namespace 
are inherited.

do this:

the __.() construct is required since underscore arent allowed in python 
variable names. if the var was called classcode, you could do

dats it.

> #9
> #10   
> #11   
> #12
> #13   
> #14   
> 
> ^ The method works fine when the class code is manually inserted (line
> #8) but when I try to pass the variable from the previou post, held in
>  I have probs.
> 
> )\"> *** syntax
> error
> 
> findClassTitle is a ZSQL method for returning the class title given a
> class code:
>   
>   select title from classes 
>   where 
> 
> Hmm... anyone see the problem?
> 
> Thanks a lot :)
> 
> - Best regards,
> 
> Lee
> 
> ___
> Zope maillist  -  [EMAIL PROTECTED]
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
> 

--
   Universidad Federico Santa Maria - Campus Guayaquil
 Enviado por:  www.usm.edu.ec/computacion

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )