on the server.
This can't lead to a direct compromise, but this gives way
too much information to anonymous users IMHO.
Tested today on several low and very high profile sites.
bye,
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http
it.
ZShell's latest version is available from :
http://www.librelogiciel.com/software
Thanks in advance for any pointer.
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross
.
So should I set sys.hexversion *before* my re and rexec
imports in the main program, or add the sys module and
a fake hexversion value in the restricted code ?
thanks in advance
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http
to exist.
Why not use PythonScripts ?
bye,
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope
On Tue, Nov 05, 2002 at 09:46:03PM +0100, Gilles Lenfant wrote:
But just want to run a console application, not running it from another Zope
instance.
xml-rpc should be the way to go.
bye,
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED
://www.librelogiciel.com/software/
upcoming versions of ZShellScripts will provide easier xml-rpc
access to ZShell functionnalities.
/shamelessplug
hth
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
when you log in, AFAIK, this is
why it works from your command line
hth
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http
in the object
listing.
This way manage_main could be rendered more powerful by just adding
three dtml-in in it, and its aspect wouldn't even change in case
no ZMI plugin would be registered (which is the case with a base
Zope installation).
any comment ?
thx for reading
Jerome Alet
On Wed, Aug 14, 2002 at 09:33:02PM +0200, Jerome Alet wrote:
registering a ZMI plugin would be as simple as :
root.registerZMIPlugin(top|line|bottom, self)
or :
root.registerTopZMIPlugin(self)
root.registerLineZMIPlugin(self
PROTECTED] mailing
list instead of this one to ask such questions.
zope-dev is dedicated to the development of Zope.
bye,
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML
) and you can
do the old run my code and call the old one trick.
agreed, unfortunately...
bye,
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists
code itself. I think parsing the HTML code to insert
some tags where needed would do it, but this seems
somewhat complicated to do for a simple thing like that.
Would be fine if the main.dtml file would allow a plugin system...
bye,
Jerome Alet
if needed is very easy.
As always any comment is very welcome.
PS : This procedure and the patch are now included in the ZShell 1.42
package.
Jerome Alet
--- lib/python/OFS/dtml/main.dtml.orig Mon Apr 29 12:18:12 2002
+++ lib/python/OFS/dtml/main.dtml Mon Apr 29 12:38:34 2002
-60,6 +60,15
NB : not CCed to [EMAIL PROTECTED]
On 29 Apr 2002, Hannu Krosing wrote:
On Mon, 2002-04-29 at 13:21, Jerome Alet wrote:
the attached patch to apply to zope/lib/python/OFS/dtml/main.dtml allows
people who want to use ZShell to type ZShell commands directly from the
Zope's Management
to Hotfix.
Perhaps you could tell me if I have to use the App.Hotfixes interface or
not when doing such a not-Hotfix thing.
Thanks in advance.
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
there are any
plans to incorporate this into the core Zope distribution.
:-)
bye,
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http
On Mon, 29 Apr 2002, Steve Alexander wrote:
Jerome Alet wrote:
ok, so if I understand correctly all I have to do to make a not-hotfix
product is just do an unconditionnal assignment of my new complete
main.dtml file to ObjectManager.ObjectManager.manage_main in my product's
__init__
) and it's ok, file size is 46686 bytes
and md5sum is :
6efb9c10e532d534fb843354ac28c5bb
maybe it was corrupted during the download phase.
hth.
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
, then anyone could add his own interpreter later...
PS : I'll do ZShellScripts anyway...
bye,
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related
?
thanks in advance.
Jerome Alet - [EMAIL PROTECTED] - http://cortex.unice.fr/~jerome
Fac de Medecine de Nicehttp://wwwmed.unice.fr
Tel: (+33) 4 93 37 76 30 Fax: (+33) 4 93 53 15 15
28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE
___
Zope
the locks were found again...
I hadn't the time to do some more testing but I find this
surprising.
Does anyone have seen the same problem ?
FYI Zope 2.5.0 + Python 2.1.2 both up-to-date Debian Woody
packages.
bye,
Jerome Alet
___
Zope-Dev maillist
...
that said, zope doesn't stop a *developer* from doing it themselves.
Thanks!
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http
On Thu, Mar 07, 2002 at 01:55:45PM -0500, Andreas Jung wrote:
From: Jerome Alet [EMAIL PROTECTED]
All worked fine, the locks were found.
Then some time later I've retried to find the locks, and both the
ZMI and my method returned no lock. However in cadaver the locks
still seemed
On Wed, 6 Mar 2002, Joachim Werner wrote:
- All the basic API (like store, delete, edit, ...) must be free of
HTTP specifics, so that I can modifiy content either over a web frontend or
over WebDAV, FTP, ... - and even via a fat client application like a
wxPython application. Currently that
On Wed, 3 Oct 2001, Toby Dickenson wrote:
On Mon, 1 Oct 2001 20:53:00 +0200, Jerome Alet [EMAIL PROTECTED] wrote:
It may prove to be useful when you want to do remote logging: you
send all to the local syslog which in fact forwards it to a remote
syslog server.
I understand
want to do remote logging: you
send all to the local syslog which in fact forwards it to a remote
syslog server.
hth.
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML
, while this is not a vulnerability in itself,
allows everybody to remotely know were Data.fs is.
bye,
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding
in context.ZopeFind(spec=['Python Script']):
s.edit()
...or something?
I think ZShell could do that, probably with its call command.
get it from: http://cortex.unice.fr/~jerome/zshell
and remember: the man command is your best friend.
bye,
Jerome Alet
supporters if they were GPLed.
bye,
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
, then adding zope-apt-get to ZShell
(or why not directly to Zope) will be trivial.
bye,
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http
!
base href is exactly 11 bytes long. Couldn't it be that the
content-length is computed by Zope before you automatically add this tag ?
just my 0.02 euros
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo
31 matches
Mail list logo