Re: [Zope-dev] Re: Security audit introduced problem in PageTemplates/Expression.py

2004-01-16 Thread Stuart Bishop
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16/01/2004, at 9:23 AM, Jim Fulton wrote: Dieter Maurer wrote: Jim Fulton wrote at 2004-1-15 10:03 -0500: ... Right. The name attribute was intended for attribute-based access. IMO, it makes no sense to consider key values when doing security

Re: [Zope-dev] 2.7 management_page_charset cannot be callable anymore

2004-01-16 Thread Toby Dickenson
As the originator of management_page_charset, I should have jumped into this thread earlier. My appologies for my late arrival. On Thursday 15 January 2004 17:22, Martijn Faassen wrote: it assumes the only place management_page_charset can be coming from is a property, which is not true.

[Zope-dev] localfs and zope 2.7 (was: Re: 2.7 assertion with CVS of that morning two)

2004-01-16 Thread Bakhtiar A Hamid
On Friday 16 January 2004 17:01, [EMAIL PROTECTED] wrote: Message: 2 Date: Fri, 16 Jan 2004 00:56:36 +0100 From: robert [EMAIL PROTECTED] Subject: Re: [Zope-dev] Re: 2.7 assertion with CVS of that morning two days ago To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Message-ID: [EMAIL

Re: [Zope-dev] Re: Security audit introduced problem in PageTemplates/Expression.py

2004-01-16 Thread Jim Fulton
Dieter Maurer wrote: Jim Fulton wrote at 2004-1-15 17:23 -0500: ... None should never be passed for attribute accesses. If it is, then there is a bug. The case of dictionary mapping names to whatever is for attribute access. We are talking about item/key access. I haven't seen a use case for

Re: [Zope-dev] Re: Security audit introduced problem in PageTemplates/Expression.py

2004-01-16 Thread Jim Fulton
Stuart Bishop wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16/01/2004, at 9:23 AM, Jim Fulton wrote: Dieter Maurer wrote: Jim Fulton wrote at 2004-1-15 10:03 -0500: ... Right. The name attribute was intended for attribute-based access. IMO, it makes no sense to consider key values

[Zope-dev] Zope-2.6.3 issue with CMF-1.3.3 portal_types

2004-01-16 Thread Erik A . Dahl
I downloaded 2.6.3 to do some testing and found that with a totally generic CMF-1.3.3 there is an issue with opening properties of a portal type. Here is the stack trace: Traceback (innermost last): Module ZPublisher.Publish, line 98, in publish Module ZPublisher.mapply, line 88, in mapply

[Zope-dev] Re: Zope-2.6.3 issue with CMF-1.3.3 portal_types

2004-01-16 Thread Tres Seaver
Erik A.Dahl wrote: I downloaded 2.6.3 to do some testing and found that with a totally generic CMF-1.3.3 there is an issue with opening properties of a portal type. Here is the stack trace: Traceback (innermost last): Module ZPublisher.Publish, line 98, in publish Module ZPublisher.mapply,

[Zope-dev] [ZConfig] redefine extension

2004-01-16 Thread Dieter Maurer
It is often favorable to have a set of site wide defines that can occasionally be redefined for special purposes. The attached patch adds a %redefine directive to ZConfig's cfgparser. %redefine behaves exactly like define but does not check whether the name is already defined. -- Dieter ---

[Zope-dev] [ZConfig] elementary function framework and env function

2004-01-16 Thread Dieter Maurer
We often have the need to use the same configuration value both in a ZConfig configuration as well as in other non-ZConfig based components. Prominent examples are the INSTANCE_HOME in the Zope/ZEO startup scripts and the INSTANCE definition in the corresponding configuration files. Moreover,

RE: [Zope-dev] win32 setup sources

2004-01-16 Thread Brian Lloyd
I need a solution to quickly and easily deploy zope applications on the win32 platform. What I'd like to realize is a setup program that install and configure Zope bundled with all the needed products, making questions to the user for correctly setup the application. Unfortunately I have no

RE: [Zope-dev] win32 setup sources

2004-01-16 Thread Chris McDonough
On Fri, 2004-01-16 at 13:15, Brian Lloyd wrote: For 2.7.0 and above, we've moved to using InnoSetup. We haven't worked out the best way to move that work to the public cvs yet. If you're planning to bundle 2.7, let me know and I can at least get you a snapshot of the install materials. It's

[Zope-dev] Re: CVS: Releases/Zope/lib/python/ZEO - simul.py:1.12.8.2.18.18

2004-01-16 Thread Tres Seaver
Evan Simpson wrote: Update of /cvs-repository/Releases/Zope/lib/python/ZEO In directory cvs.zope.org:/tmp/cvs-serv18593/lib/python/ZEO Modified Files: Tag: Zope-2_6-branch simul.py Log Message: Non-Python 2.1-compatible division operator // crept into 2.6 branch. This is a result of some

Re: [Zope-dev] Re: CVS: Releases/Zope/lib/python/ZEO - simul.py:1.12.8.2.18.18

2004-01-16 Thread Jeremy Hylton
On Fri, 2004-01-16 at 13:58, Tres Seaver wrote: This is a result of some funny repository fiddling, which somehow got both 'ZEO' and 'BDBStorage' onto the 'Zope-2_6-branch'. I would like to remove the branch tag altogether, as neither module is part of the 2.6 release. The branch tag is

Re: [Zope-dev] Re: CVS: Releases/Zope/lib/python/ZEO - simul.py:1.12.8.2.18.18

2004-01-16 Thread Paul Winkler
On Fri, Jan 16, 2004 at 04:53:02PM -0500, Jeremy Hylton wrote: One downside of that merge, which we didn't realized until after it was done, is that you now get a ZEO directory in a Zope checkout on the 2.6 branch. downside??? I thought that was a good thing! I think there was email about

[Zope-dev] Re: CVS: Releases/Zope/lib/python/ZEO - simul.py:1.12.8.2.18.18

2004-01-16 Thread Tres Seaver
Paul Winkler wrote: On Fri, Jan 16, 2004 at 04:53:02PM -0500, Jeremy Hylton wrote: One downside of that merge, which we didn't realized until after it was done, is that you now get a ZEO directory in a Zope checkout on the 2.6 branch. downside??? I thought that was a good thing! I think

Re: [Zope-dev] 2.7 management_page_charset cannot be callable anymore

2004-01-16 Thread Hajime Nakagami
Hi Hi guys - I was trying to be responsive to getting the issue resolved, since I'd like to make a (hopefully final) beta of 2.7 of Friday. I'll be happy to check in (or have you check in) whatever fixes are needed to give you the flexibility you need so long as it is b/w compatible, but I

Re: [Zope-dev] Re: Security audit introduced problem in PageTemplates/Expression.py

2004-01-16 Thread Jim Fulton
Jim Fulton wrote: Stuart Bishop wrote: ... It was never intended that the ability to control unprotected sub-objects by name would apply to items. It was sloppy coding on my part that item indexes (yes, indexes, like, say, 1) and keys were passed as names. I can certainly understand why

Re: [Zope-dev] Re: Security audit introduced problem in PageTemplates/Expression.py

2004-01-16 Thread Jim Fulton
Dieter Maurer wrote: Jim Fulton wrote at 2004-1-15 17:23 -0500: BTW, telling me that an algorithm has changed doesn't constitute a use case. :) I know that algorithm has changed. I assert that we don't need the feature that the change broke. I am open to evidence to the contrary. Do you have