Today I had to write this supporting method in my product to prevent a
rather strange Unauthorized error in my Page Template. My docstring
should explain what I understand::
def unsafe_unicode_dict_getitem(self, dictionary, item):
""" Return the value of this item in a dictionary object.
Simply call the __getitem__ of this dictionary to pluck out an
item.
Why call this unsafe_...() ?
If you try to do this in a guarded context (e.g. Script (Python)
(or Page Template)) you'll get an Unauthorized error:
d = {u'\xa3':1}
d[u'\xa3'] # will raise an Unauthorized error
# this works however
d = {u'\xa3':1, u'asciiable':1}
d[u'asciiable']
Why? I don't know. The place where it happens is the parental guardian
function guarded_getitem() from ZopeGuards.py
By instead calling the __getitem__ from here in unrestricted python
we can bypass this.
"""
return dictionary[item]
Is my app unsafe now?
Why is it not possible to get to __getitem__ if the key is non-ascii?
--
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
