Re: [Zope-dev] Security audit introduced problem in PageTemplates/Expression.py

2004-01-14 Thread Stuart Bishop 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 13/01/2004, at 4:19 PM, Stuart Bishop wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The 'security audit work for the 2.7 branch' commit on 8th Jan made
the following change in PageTemplates/Expression.py:
As well as in other locations such as ZopeGuards.py.

I've opened http://collector.zope.org/Zope/1182 with some
example code.
Anyone know if None is being passed as the name in some locations?
I don't think it would be helpful for me to go around reversing
code changed by a security audit without some background.
- --  Stuart Bishop <[EMAIL PROTECTED]>
http://www.stuartbishop.net/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFABgNqAfqZj7rGN0oRApeyAJ0Y4BzVbQfOdq2rpaH/m1e9cip/RACfUqzq
i1nr0FrFG544SCKh7dReZVk=
=4TUc
-END PGP SIGNATURE-
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Help with the change of URL and/or port

2004-01-14 Thread Fábio Bruno 
Dear Sir or Madame I'm wrigting because I started to do a plone site in 
zope.I would lke to know if I can change the url and/or port where the plone 
site stays.I would like to know how to chenge this path 
http:\\localhost:8080\Plone.
Yours faithfully,
  Fábio Afonso

_
MSN Messenger: converse com os seus amigos online. 
http://messenger.msn.com.br

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

RE: [Zope-dev] 2.7 management_page_charset cannot be callable anymore

2004-01-14 Thread Brian Lloyd 
I forward-ported these to the 2.7 branch & the head. Any testing 
you can do to make sure I didn't break anything would be appreciated.



Brian Lloyd[EMAIL PROTECTED]
V.P. Engineering   540.361.1716  
Zope Corporation   http://www.zope.com 


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Behalf Of Hajime Nakagami
> Sent: Wednesday, January 14, 2004 1:29 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Zope-dev] 2.7 management_page_charset cannot be callable
> anymore
> 
> 
> +1
> 
> I think the problem is same as reported by Kazuya Fukamachi
> http://mail.zope.org/pipermail/zope-dev/2003-December/021315.html
> and me.
> http://mail.zope.org/pipermail/zope-dev/2003-December/021338.html
> 
> At least this is important problem in Japanese (maybe Korea and Chinese) 
> developpers.
> 
> 
> >Hi there,
> >
> >Some changes in Zope 2.7 break the possibility to make 
> management_page_charset
> >a callable (for instance a method). 
> >
> >This breaks Formulator, as it uses this facility. This works just fine
> >in Zope 2.6, but breaks in Zope 2.7.
> >
> >The silly thing is that Formulator 2.6.0 breaks in Zope 2.7 
> exactly because
> >it actually is the release that tries to do unicode *right* (while still
> >retaining backwards compatibility with older installations and offering
> >a non-unicode mode), and then Zope 2.7 makes it impossible.
> >
> >I heard a report that a similar problem may be occuring with ZWiki..
> >
> >The problem is in lib/python/App/dtml/manage_page_header.dtml:
> >
> >
> >
> >
> > content="text/html;charset=&dtml-management_page_charset;">
> > "RESPONSE.setHeader('content-type','text/html;charset='+management
> _page_charset)">
> >
> >If I remember my DTML well, &dtml-management_page_charset; 
> should still call
> >the method if it's a callable, so that would be all right. 
> >
> >The next line however breaks, as it's going to treat my method 
> as an attribute.
> >
> >I think backwards compatibility got broken unintentionally here.. Could
> >this be restored? Using a ComputedAttribute for this would be rather
> >involved and it's possible other products are broken as well as a 
> >result.
> >
> >Regards,
> >
> >Martijn
> 
> ___
> Zope-Dev maillist  -  [EMAIL PROTECTED]
> http://mail.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope )
> 

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] 2.7 management_page_charset cannot be callable anymore

2004-01-14 Thread Hajime Nakagami 
+1

I think the problem is same as reported by Kazuya Fukamachi
http://mail.zope.org/pipermail/zope-dev/2003-December/021315.html
and me.
http://mail.zope.org/pipermail/zope-dev/2003-December/021338.html

At least this is important problem in Japanese (maybe Korea and Chinese) 
developpers.


>Hi there,
>
>Some changes in Zope 2.7 break the possibility to make management_page_charset
>a callable (for instance a method). 
>
>This breaks Formulator, as it uses this facility. This works just fine
>in Zope 2.6, but breaks in Zope 2.7.
>
>The silly thing is that Formulator 2.6.0 breaks in Zope 2.7 exactly because
>it actually is the release that tries to do unicode *right* (while still
>retaining backwards compatibility with older installations and offering
>a non-unicode mode), and then Zope 2.7 makes it impossible.
>
>I heard a report that a similar problem may be occuring with ZWiki..
>
>The problem is in lib/python/App/dtml/manage_page_header.dtml:
>
>
>
>
>content="text/html;charset=&dtml-management_page_charset;">
>"RESPONSE.setHeader('content-type','text/html;charset='+management_page_charset)">
>
>If I remember my DTML well, &dtml-management_page_charset; should still call
>the method if it's a callable, so that would be all right. 
>
>The next line however breaks, as it's going to treat my method as an attribute.
>
>I think backwards compatibility got broken unintentionally here.. Could
>this be restored? Using a ComputedAttribute for this would be rather
>involved and it's possible other products are broken as well as a 
>result.
>
>Regards,
>
>Martijn

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Re: 2.7 assertion with CVS of this morning

2004-01-14 Thread robert 
On Wednesday 14 January 2004 09:20, Yuppie wrote:
> Did you see my other mail? Adding 'hasattr' (not 'guarded_hasattr') to
> _NEED_WRAPPING works for me.

Thanks for the clarification. Now it works.

Robert


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] 2.7 management_page_charset cannot be callable anymore

2004-01-14 Thread Martijn Faassen 
Hi there,

Some changes in Zope 2.7 break the possibility to make management_page_charset
a callable (for instance a method). 

This breaks Formulator, as it uses this facility. This works just fine
in Zope 2.6, but breaks in Zope 2.7.

The silly thing is that Formulator 2.6.0 breaks in Zope 2.7 exactly because
it actually is the release that tries to do unicode *right* (while still
retaining backwards compatibility with older installations and offering
a non-unicode mode), and then Zope 2.7 makes it impossible.

I heard a report that a similar problem may be occuring with ZWiki..

The problem is in lib/python/App/dtml/manage_page_header.dtml:





http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: 2.7 assertion with CVS of this morning

2004-01-14 Thread Yuppie 
Hi Robert!

robert wrote:
I found this,
however 'has_order_support' is not the third argument.
That is why I do not unterstand what happens.
[...]
_.hasattr(this().aq_self, 'has_order_support')
I don't know that code very well, but this is how I understand what happens:

All names in the TemplateDict are bound as methods. If you call hasattr 
the TemplateDict ('self') is passed in as first argument, in our case 
'has_order_support' becomes the third argument. To avoid this functions 
need to be wrapped by NotBindable.

Did you see my other mail? Adding 'hasattr' (not 'guarded_hasattr') to 
_NEED_WRAPPING works for me.

Cheers,
Yuppie


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )