Bad: Re: [Zope-dev] ZSQL using LIKE operator
Got it. Making the change now. Thanks for keeping an eye on this thread. What about the sqltest suggestion on posted on this thread? Or do sqltest and sqlvar handle DB calls in a similar fashion? Thanks -Original Message- From: Jon Franz [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 08, 2001 3:54 PM To: '[EMAIL PROTECTED]' Subject: Bad: Re: [Zope-dev] ZSQL using LIKE operator No, this is bad!! Do NOT do this - it will allow Bad characters in your SQL query that could allow mischievous people to tamper with your Db and possibly hack your box (depending upon what DB you are using, how it is configured, what user it runs as, etc) This is the whole reason the dtml-sqlvar tag exists - _Safe_ conversion to formats usable by your DB, including escaping of bad characters. instead, do This: SELECT * FROM table WHERE keywords LIKE dtml-sqlvar "'%' + my_var + '%'" type=string the expression inside the quotes will handle adding the %'s to the beginning and end of your string. Sorry about the correction, but this Can be a big security hazard... ~Jon Franz/'Coventry': http://www.zope.org/Members/Coventry Message: 9 Date: Thu, 08 Feb 2001 07:32:48 -0500 Subject: Re: [Zope-dev] ZSQL using LIKE operator From: Jens Vagelpohl [EMAIL PROTECTED] To: "Schmidt, Allen J." [EMAIL PROTECTED], [EMAIL PROTECTED] just write it out like: SELECT * FROM table WHERE keywords LIKE '%dtml-var name="my_var"%' jens ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] 2.3.0. Unindex_object Tried To Unindex Nonexistent
Christopher Petrilli wrote: Steve is right, though I fixed that problem when it snuck up on me, but apparantly it never got merged into the branches correctly. Don't we all love CVS? I personally had a problem with using 'i' as anything but a iterator variable. Right, okay, patched Zope as described in this thread. Now, every so often I get something like the following showing up on the console: -- 2001-02-09T12:59:33 ERROR(200) UnTextIndex unindex_object tried to unindex nonex istent document 11 -- 2001-02-09T12:59:33 ERROR(200) UnTextIndex unindex_object tried to unindex nonex istent document 13 -- 2001-02-09T12:59:34 ERROR(200) UnTextIndex unindex_object tried to unindex nonex istent document 13 What does this mean? Should I be worried about it? It looks like I should :-S Any help would be appreciated, cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Getting parent within ZClass hierarchy
Easy question, but I couldn't find the answer. How can I access the id (or title) of the parent containing my current object? E.g. NewsContainer |---NewsCategory ( ZClass - ObjectManager) |---NewsItem (ZClass - CatalogAware) I'm looking for a method (Python script) in NewsItem, which give me the id or title of its parent. Thanks Arno Gross, email: [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Greedy except clauses
Whoo hoo! Thanks very much Anthony. - Original Message - From: "Anthony Baxter" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 09, 2001 1:31 PM Subject: Re: [Zope-dev] Greedy except clauses Ok, my last for tonight - I put the output of my horrible script at http://www.zope.org/Members/anthony/BarewordExcepts I'll work over it a bit probably early next week - an obviousish next step is to make it note when the body of the except: contains a 'raise' statement. Anthony ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Getting parent within ZClass hierarchy
Arno Gross wrote: Easy question, but I couldn't find the answer. How can I access the id (or title) of the parent containing my current object? E.g. NewsContainer |---NewsCategory ( ZClass - ObjectManager) |---NewsItem (ZClass - CatalogAware) I'm looking for a method (Python script) in NewsItem, which give me the id or title of its parent. From DTML: dtml-with "aq_parent" dtml-var title_or_id /dtml-with From a PythonScript: container.aq_parent.id (if the PythonScript is a member of the NewsItem class) context.aq_parent.if (if the PythonScript is acquired from elsewhere) This isn't really a zope-dev kind of question, as it is more about using Zope in a basic kind of way. You should ask questions like this on [EMAIL PROTECTED] instead. -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
RE: Re: [Zope-dev] ZSQL using LIKE operator
sqltest just creates the full string of the where clause segment for the test using the same kind of 'safe' sql-string logic as sqlvar: so you should be able to replace the value to test against with any valid python expression, such as the one below where the % operators are concatenated onto the variable holding the value you want to test against. :) As for the difference between dtml-sqlvar and dtml-var sqlquote (in case anyone is confused), an sqlvar tag requires a type value and will not only perform an sqlquote on the value being inserted into the statement, but will do any/all type conversion/stripping (letters from numeric values, etc) needed based upon the requested type. If anyone is concerned/puzzled by the security hazards I listed below, here is a URL describing problems associated with bad data used within queries and a mysql DB: http://www.mysql.com/doc/G/e/General_security.html See the bullet point beginning with 'Do not trust any data entered by your users.' Sorry if I seemed harsh in my original post, but security is my bread and butter, so I may tend to be Loud when I see something wrong... PS: In order to increase the safety of ZSQLMethods, maybe the basic dtml-var tag should be made illegal inside it? (forced usage of the safe form would break some existent code, possibly, but would avoid confusion such as this in general - and thus be safer) -Original Message- From: Schmidt, Allen J. [mailto:[EMAIL PROTECTED]] Sent: Friday, February 09, 2001 7:01 AM To: 'Jon Franz'; '[EMAIL PROTECTED]' Subject: Bad: Re: [Zope-dev] ZSQL using LIKE operator Got it. Making the change now. Thanks for keeping an eye on this thread. What about the sqltest suggestion on posted on this thread? Or do sqltest and sqlvar handle DB calls in a similar fashion? Thanks -Original Message- From: Jon Franz [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 08, 2001 3:54 PM To: '[EMAIL PROTECTED]' Subject: Bad: Re: [Zope-dev] ZSQL using LIKE operator No, this is bad!! Do NOT do this - it will allow Bad SNIP ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Plugins as Dataskins
Hi, Can use Plugins as Dataskins? If so, do I need to put them inside a Customizer? And how does customizes play with Specialists, or should they even do that in the first place? Regards, Johan Carlsson ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
RE: Re: [Zope-dev] ZSQL using LIKE operator
Not taken as being harsh from where I stand! The more we know...the better! Thanks for the guidelines and the URL. It has been passed on to the group that handles the MySQL on our server. Have not started using it for Production, but will be soon. From a recent post, I noticed that this topic might be better suited for the normal Zope list. Would this be accurate? Comments welcome on accepted topics. Thanks Allen -Original Message- From: Jon Franz [mailto:[EMAIL PROTECTED]] Sent: Friday, February 09, 2001 10:18 AM To: 'Schmidt, Allen J.' Cc: '[EMAIL PROTECTED]' Subject: RE: Re: [Zope-dev] ZSQL using LIKE operator sqltest just creates the full string of the where clause segment for the test using the same kind of 'safe' sql-string logic as sqlvar: so you should be able to replace the value to test against with any valid python expression, such as the one below where the % operators are concatenated onto the variable holding the value you want to test against. :) As for the difference between dtml-sqlvar and dtml-var sqlquote (in case anyone is confused), an sqlvar tag requires a type value and will not only perform an sqlquote on the value being inserted into the statement, but will do any/all type conversion/stripping (letters from numeric values, etc) needed based upon the requested type. If anyone is concerned/puzzled by the security hazards I listed below, here is a URL describing problems associated with bad data used within queries and a mysql DB: http://www.mysql.com/doc/G/e/General_security.html See the bullet point beginning with 'Do not trust any data entered by your users.' Sorry if I seemed harsh in my original post, but security is my bread and butter, so I may tend to be Loud when I see something wrong... PS: In order to increase the safety of ZSQLMethods, maybe the basic dtml-var tag should be made illegal inside it? (forced usage of the safe form would break some existent code, possibly, but would avoid confusion such as this in general - and thus be safer) -Original Message- From: Schmidt, Allen J. [mailto:[EMAIL PROTECTED]] Sent: Friday, February 09, 2001 7:01 AM To: 'Jon Franz'; '[EMAIL PROTECTED]' Subject: Bad: Re: [Zope-dev] ZSQL using LIKE operator Got it. Making the change now. Thanks for keeping an eye on this thread. What about the sqltest suggestion on posted on this thread? Or do sqltest and sqlvar handle DB calls in a similar fashion? Thanks -Original Message- From: Jon Franz [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 08, 2001 3:54 PM To: '[EMAIL PROTECTED]' Subject: Bad: Re: [Zope-dev] ZSQL using LIKE operator No, this is bad!! Do NOT do this - it will allow Bad SNIP ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Hard set port number in 2.3?
Tim Ansell wrote: But now with zope 2.3.0 it keeps writing urls going to the firewall box on port 8080 instead of port 80 like it previously did. Anyone know how to fix this problem? Where i should look? Hmm. I hadnt been aware that VirtualHostMonster was coming in 2.3.0, so I developed something that fills much the same niche: fixing the urls when Zope runs behind a proxy, with less hassle than using SiteAccess. My offering isnt as flexible as VirtualHostMonster (but that might be one reason why it works, when v-h-m doesnt ;-) http://www.zope.org/Members/htrd/howto/host-server http://classic.zope.org:8080/Collector/1892/view Toby Dickenson [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Plugins as Dataskins
Johan Carlsson wrote: Hi, Can use Plugins as Dataskins? The PlugIns product is separate from the ZPatterns/DataSkins product. ZPatterns requires that PlugIns be installed, though. There's some experimental support for having Dataskins as plug-ins. However, I can't think of why I'd need to do that. PlugIns and DataSkins are there for different purposes. They solve different problems. If so, do I need to put them inside a Customizer? I can't really answer that. And how does customizes play with Specialists, Generally, you create "glue" using SkinScript in both the Customizers and Specialists. or should they even do that in the first place? That's up to you. The best way to develop with ZPatterns is first to think clearly about the problem domain you want to work in. The classes from ZPatterns, such as Specialists, DataSkins and Folders with Customizer Support, can help you design and implement your application, leaving many of the important decisions about methods of collaboration, and about storage of attributes, until later. -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Hard set port number in 2.3?
On Fri, 9 Feb 2001, Toby Dickenson wrote: Tim Ansell wrote: But now with zope 2.3.0 it keeps writing urls going to the firewall box on port 8080 instead of port 80 like it previously did. Anyone know how to fix this problem? Where i should look? I have noticed the same thing when I dived head-first into using V-H-M, and had to back-peddle quite quickly to SiteRoot. I noticed there was a commit two weeks ago to VirtualHostMonster.py, something about fixing paths, so I might give that a try and see if it fixes the problem :) -Matt -- Matt Hamilton [EMAIL PROTECTED] Netsight Internet Solutions, Ltd. Business Vision on the Internet http://www.netsight.co.uk +44 (0)117 9090901 Web Hosting | Web Design | Domain Names | Co-location | DB Integration ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Storing part of an object on the file system
Hmm sounds like ZPatterns might help ;-)... will take a look thanks. -- Andy McKay. - Original Message - From: "Steve Alexander" [EMAIL PROTECTED] To: "Andy McKay" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, February 09, 2001 1:27 AM Subject: Re: [Zope-dev] Storing part of an object on the file system Andy McKay wrote: Ok whack idea #34... Well sort of, the idea was sparked by ExtFile (yes its all his fault honest). We want to have files on the file system for many reasons which I won't go into now, just take it for granted. But we also want some of the objects information to be in the standard data.fs, so we can catalog it use acquisition provide a simple interface to it and so on. So far you are saying thats ExtFile and you are right. But we want to extend it to any object anywhere, instead of storing the data attribute in the object and pickling it in the ZODB I want to be able to store the data attribute on the file system. This gives us loads of advantages we also thought this would be extremely useful to other people. We've bounced around ideas on how to do this and here the only two so far: Use ZPatterns. This is exactly what ZPatterns is designed for; choosing different places to store and retrieve different attributes. -we could overload the data attribute with a class that on Pickling into the ZODB instead writes it on to the filesystem... You can easily do this with ZPatterns. -we could in the ZODB put a hack to say if pickling something with so and so attribute do this instead... You can easily do this with ZPatterns. I feel like this something I should just not be doing, but it would be great if I could get it work... Take a look at the SkinScript reference. http://www.zope.org//Members/pje/Wikis/ZPatterns/SkinScriptSyntax -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Bug in DateTime?
I have been working on a calendar for a web site and I came across some strange behavior with DateTime. Using the isCurrentDay() method returns true if only the day number of the month is the same as today's. For instance, today is Feb 9, 2001. The following returns true however in both Zope 2.2 and 2.3: DateTime('3/9/2000').isCurrentDay() Is this the expected behavior? Checking the code leads me to believe the other isCurrent* methods behave in a similar way. -- | Casey Duncan | Kaivo, Inc. | [EMAIL PROTECTED] `-- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Plugins as Dataskins
Johan Carlsson wrote: Hi, Can use Plugins as Dataskins? The PlugIns product is separate from the ZPatterns/DataSkins product. ZPatterns requires that PlugIns be installed, though. There's some experimental support for having Dataskins as plug-ins. However, I can't think of why I'd need to do that. PlugIns and DataSkins are there for different purposes. They solve different problems. Yes, what much I know. I find Plugins really useful for dynamically assigning content and behavior to objects at run-time. What I want to do is to make plugins created inside regular ZODB objects, delegate there storage to ZPatterns. As I see it might be possible to have both ZODB-based plugins (subclassed from PlugIn) or virtual plugin objects (subclassed from PlugInBase) getting attributes and/or properties from a Customizer. So is it worth a shot? Johan Carlsson ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] SiteAccess Newbie
Hi, I just implemented virtual hosting on our web server combining multiple virtual hosts and localization as described in the corresonding how-to. But it's very (very) slow. How can I speed it up? Following the External Python Method I used for the Access Rule: import string def get_language(self, REQUEST): cookie = 'LANG' if self.REQUEST.cookies.has_key(cookie): lang = self.REQUEST.cookies[cookie] else: langs = string.split(self.REQUEST['HTTP_ACCEPT_LANGUAGE'], ',') for lang in langs: lang = string.strip(lang) if lang: lang = string.split(lang, ';')[0] break if not hasattr(self, lang): if string.find(lang,'-')=0: lang = string.split(lang,'-')[0] if not hasattr(self, lang): lang = 'de' return lang def localize(self, REQUEST): sitemap = { ... } hostname = string.join(string.split(string.lower(string.split(self.REQUEST['HTTP_HOST'], ':')[0]), '.')[-4:], '.') lang = self.get_language(self.REQUEST) stack= self.REQUEST['TraversalRequestNameStack'] if stack and stack[-1]=='Z': stack.pop() self.REQUEST.setVirtualRoot('Z') else: if sitemap.has_key(hostname): self.REQUEST.set('SiteRootPATH', '/') self.REQUEST['TraversalRequestNameStack'].extend([lang, sitemap[hostname]]) else: self.REQUEST.set('SiteRootPATH', '/') ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Greedy except clauses
"AB" == Anthony Baxter [EMAIL PROTECTED] writes: AB Now, it's obvious that not all of these are bad - some are AB probably fine - but there's also many that are _not_ good. The AB one in MailHost.py does eat exceptions. I'm sure there are AB others. I am probably a bit idiosyncratic, but I prefer to avoid bare excepts at all costs. I often use "except Exception:", otherwise I add a comment that specifically notes that I intend to catch everything. Otherwise, you can't tell the difference between intentional and accidental use. AB I've done a quickie hack script that runs over the source and AB produces a list of matches to lines in the file, and links to a AB lightly patched viewcvs so that you can jump straight to the AB lines. It seems like it would be reasonably easy to make this a AB bit more sophisticated to include things like the nesting 'def' AB and 'class' method. AB This, to me, seems like a pretty nice community type task - AB people could take one of them off the list of unchecked ones, AB and have a look through the code... no? It would also be interesting to see how many try/except blocks are including more code than they should. The larger the block, the more likely that a line of code raises an error that the author didn't consider; these errors can mean that real bugs get caught be accident and ignore. When the block is small -- preferably just a line or two -- there is litle chance for error. Of course, there are very good reasons to have longer except blocks. Jeremy ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] ZClass Permissions
Is it just me, or is there a bug in the "Edit" tab of the "Zope Permission" object used when creating ZClass products? When I hit "Save Changes" I get: - Zope Error Zope has encountered an error while publishing this resource. Invalid request The parameter, name, was omitted from the request. Make sure to specify all required parameters, and try the request again. Traceback (innermost last): File /usr/zope/lib/python/ZPublisher/Publish.py, line 222, in publish_module File /usr/zope/lib/python/ZPublisher/Publish.py, line 187, in publish File /usr/zope/lib/python/Zope/__init__.py, line 221, in zpublisher_exception_hook (Object: RoleManager) File /usr/zope/lib/python/ZPublisher/Publish.py, line 171, in publish File /usr/zope/lib/python/ZPublisher/mapply.py, line 155, in mapply (Object: manage_edit) File /usr/zope/lib/python/ZPublisher/Publish.py, line 117, in missing_name File /usr/zope/lib/python/ZPublisher/HTTPResponse.py, line 570, in badRequestError BadRequest: (see above) - On closer inspection I found that the Title and Name fields both have the name="" set to "title". ... I'm guessing this is a bug. Adrian... ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Object decision from WebDav/FTP
"Andy McKay" [EMAIL PROTECTED] wrote: Where does Zope do the decision to turn an file sent via FTP or WebDAV into an object of a certain type? I want to fiddle with this so an image put via WebDAV is a myImage object (for example) rather than an Image See the "hookable PUT" proposal (which was implemented for 2.3a1): http://www.zope.org//Wikis/DevSite/Proposals/HookablePUTCreation Tres. -- === Tres Seaver[EMAIL PROTECTED] Digital Creations "Zope Dealers" http://www.zope.org ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Greedy except clauses
I took the list I generated, and started looking at a number of them. There seems to be a number of different types of case: There's the "just too slack to specify the exception" case -- generally easy, if tedious, to fix. There's the "we're rendering DTML, it could raise an exception of some sort, let's just eat it" -- this is almost certainly the worst sort. Then there's the 'gods only know what this is for' ones -- I think these might best be approached by putting a logging statement in the except body just to get an idea of what they're doing. There's certainly ones that are exceptions around too many lines, when it's obviously just meant to catch the one line. I just realised the list I put up has a few that are wrong, for some reason - my simple-minded script was obviously too simple-minded - will fix. (hm, in the case where a bare except _is_ genuinely what's wanted, could we put a comment in the source to make it easier to strip them out). Anthony, working towards an "except:" free-world :) Jeremy Hylton wrote "AB" == Anthony Baxter [EMAIL PROTECTED] writes: AB Now, it's obvious that not all of these are bad - some are AB probably fine - but there's also many that are _not_ good. The AB one in MailHost.py does eat exceptions. I'm sure there are AB others. I am probably a bit idiosyncratic, but I prefer to avoid bare excepts at all costs. I often use "except Exception:", otherwise I add a comment that specifically notes that I intend to catch everything. Otherwise, you can't tell the difference between intentional and accidental use. AB I've done a quickie hack script that runs over the source and AB produces a list of matches to lines in the file, and links to a AB lightly patched viewcvs so that you can jump straight to the AB lines. It seems like it would be reasonably easy to make this a AB bit more sophisticated to include things like the nesting 'def' AB and 'class' method. AB This, to me, seems like a pretty nice community type task - AB people could take one of them off the list of unchecked ones, AB and have a look through the code... no? It would also be interesting to see how many try/except blocks are including more code than they should. The larger the block, the more likely that a line of code raises an error that the author didn't consider; these errors can mean that real bugs get caught be accident and ignore. When the block is small -- preferably just a line or two -- there is litle chance for error. Of course, there are very good reasons to have longer except blocks. Jeremy -- Anthony Baxter [EMAIL PROTECTED] It's never too late to have a happy childhood. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )