Re: [Zope-dev] Security audit introduced problem in PageTemplates/Expression.py
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 13/01/2004, at 4:19 PM, Stuart Bishop wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The 'security audit work for the 2.7 branch' commit on 8th Jan made the following change in PageTemplates/Expression.py: As well as in other locations such as ZopeGuards.py. I've opened http://collector.zope.org/Zope/1182 with some example code. Anyone know if None is being passed as the name in some locations? I don't think it would be helpful for me to go around reversing code changed by a security audit without some background. - -- Stuart Bishop <[EMAIL PROTECTED]> http://www.stuartbishop.net/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (Darwin) iD8DBQFABgNqAfqZj7rGN0oRApeyAJ0Y4BzVbQfOdq2rpaH/m1e9cip/RACfUqzq i1nr0FrFG544SCKh7dReZVk= =4TUc -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Help with the change of URL and/or port
Dear Sir or Madame I'm wrigting because I started to do a plone site in zope.I would lke to know if I can change the url and/or port where the plone site stays.I would like to know how to chenge this path http:\\localhost:8080\Plone. Yours faithfully, Fábio Afonso _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
RE: [Zope-dev] 2.7 management_page_charset cannot be callable anymore
I forward-ported these to the 2.7 branch & the head. Any testing you can do to make sure I didn't break anything would be appreciated. Brian Lloyd[EMAIL PROTECTED] V.P. Engineering 540.361.1716 Zope Corporation http://www.zope.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Hajime Nakagami > Sent: Wednesday, January 14, 2004 1:29 PM > To: [EMAIL PROTECTED] > Subject: Re: [Zope-dev] 2.7 management_page_charset cannot be callable > anymore > > > +1 > > I think the problem is same as reported by Kazuya Fukamachi > http://mail.zope.org/pipermail/zope-dev/2003-December/021315.html > and me. > http://mail.zope.org/pipermail/zope-dev/2003-December/021338.html > > At least this is important problem in Japanese (maybe Korea and Chinese) > developpers. > > > >Hi there, > > > >Some changes in Zope 2.7 break the possibility to make > management_page_charset > >a callable (for instance a method). > > > >This breaks Formulator, as it uses this facility. This works just fine > >in Zope 2.6, but breaks in Zope 2.7. > > > >The silly thing is that Formulator 2.6.0 breaks in Zope 2.7 > exactly because > >it actually is the release that tries to do unicode *right* (while still > >retaining backwards compatibility with older installations and offering > >a non-unicode mode), and then Zope 2.7 makes it impossible. > > > >I heard a report that a similar problem may be occuring with ZWiki.. > > > >The problem is in lib/python/App/dtml/manage_page_header.dtml: > > > > > > > > > > content="text/html;charset=&dtml-management_page_charset;"> > > "RESPONSE.setHeader('content-type','text/html;charset='+management > _page_charset)"> > > > >If I remember my DTML well, &dtml-management_page_charset; > should still call > >the method if it's a callable, so that would be all right. > > > >The next line however breaks, as it's going to treat my method > as an attribute. > > > >I think backwards compatibility got broken unintentionally here.. Could > >this be restored? Using a ComputedAttribute for this would be rather > >involved and it's possible other products are broken as well as a > >result. > > > >Regards, > > > >Martijn > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://mail.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope ) > ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.7 management_page_charset cannot be callable anymore
+1 I think the problem is same as reported by Kazuya Fukamachi http://mail.zope.org/pipermail/zope-dev/2003-December/021315.html and me. http://mail.zope.org/pipermail/zope-dev/2003-December/021338.html At least this is important problem in Japanese (maybe Korea and Chinese) developpers. >Hi there, > >Some changes in Zope 2.7 break the possibility to make management_page_charset >a callable (for instance a method). > >This breaks Formulator, as it uses this facility. This works just fine >in Zope 2.6, but breaks in Zope 2.7. > >The silly thing is that Formulator 2.6.0 breaks in Zope 2.7 exactly because >it actually is the release that tries to do unicode *right* (while still >retaining backwards compatibility with older installations and offering >a non-unicode mode), and then Zope 2.7 makes it impossible. > >I heard a report that a similar problem may be occuring with ZWiki.. > >The problem is in lib/python/App/dtml/manage_page_header.dtml: > > > > >content="text/html;charset=&dtml-management_page_charset;"> >"RESPONSE.setHeader('content-type','text/html;charset='+management_page_charset)"> > >If I remember my DTML well, &dtml-management_page_charset; should still call >the method if it's a callable, so that would be all right. > >The next line however breaks, as it's going to treat my method as an attribute. > >I think backwards compatibility got broken unintentionally here.. Could >this be restored? Using a ComputedAttribute for this would be rather >involved and it's possible other products are broken as well as a >result. > >Regards, > >Martijn ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: 2.7 assertion with CVS of this morning
On Wednesday 14 January 2004 09:20, Yuppie wrote: > Did you see my other mail? Adding 'hasattr' (not 'guarded_hasattr') to > _NEED_WRAPPING works for me. Thanks for the clarification. Now it works. Robert ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] 2.7 management_page_charset cannot be callable anymore
Hi there, Some changes in Zope 2.7 break the possibility to make management_page_charset a callable (for instance a method). This breaks Formulator, as it uses this facility. This works just fine in Zope 2.6, but breaks in Zope 2.7. The silly thing is that Formulator 2.6.0 breaks in Zope 2.7 exactly because it actually is the release that tries to do unicode *right* (while still retaining backwards compatibility with older installations and offering a non-unicode mode), and then Zope 2.7 makes it impossible. I heard a report that a similar problem may be occuring with ZWiki.. The problem is in lib/python/App/dtml/manage_page_header.dtml: http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: 2.7 assertion with CVS of this morning
Hi Robert! robert wrote: I found this, however 'has_order_support' is not the third argument. That is why I do not unterstand what happens. [...] _.hasattr(this().aq_self, 'has_order_support') I don't know that code very well, but this is how I understand what happens: All names in the TemplateDict are bound as methods. If you call hasattr the TemplateDict ('self') is passed in as first argument, in our case 'has_order_support' becomes the third argument. To avoid this functions need to be wrapped by NotBindable. Did you see my other mail? Adding 'hasattr' (not 'guarded_hasattr') to _NEED_WRAPPING works for me. Cheers, Yuppie ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )