[Zope-dev] can't put !--#BCODE -- in dtml

2002-04-11 Thread Yuan-Chen Cheng
hi, Can't put !--#BCODE -- in dtml, but !-- #BCODE -- is okay. Is this correct. Thank you very much. Yuan-Chen Cheng The traceback is here: Unexpected tag, for tag !--#BCODE --, on line 8 of ttt Traceback (innermost last): File /home/ycheng/zope/zope/lib/python/ZPublisher/Publish.py, line

Re: [Zope-dev] [RFClet]: What about the request method and the client side trojan?

2002-04-11 Thread Toby Dickenson
On Wednesday 10 April 2002 5:07 pm, Brian Lloyd wrote: should not accept REQUESTs with REQUEST_METHOD GET. This is hard, hard, problem. While some good ideas have been proposed, there is not really a quick fix that doesn't have some downside that some group somewhere considers a

Re: Support for X-HTTPD-FORWARDED-FOR Re: [Zope-dev] Speaking of 2.6...

2002-04-11 Thread Toby Dickenson
On Wed, 10 Apr 2002 12:16:35 -0400, Jim Washington [EMAIL PROTECTED] wrote: 2. If we want to get fancy about allowing authentication using that ip address like naked ZServers can do, to if request.has_key('HTTP_X_FORWARDED_FOR'): addr=request['HTTP_X_FORWARDED_FOR'] elif

Re: [Zope-dev] can't put !--#BCODE -- in dtml

2002-04-11 Thread Matt Behrens
[For future reference, questions like this one should go to [EMAIL PROTECTED] [EMAIL PROTECTED] is for discussion of development of Zope. Replies/followups directed there.] Yuan-Chen Cheng wrote: Can't put !--#BCODE -- in dtml, but !-- #BCODE -- is okay. The !--# syntax is an old DTML

Re: Support for X-HTTPD-FORWARDED-FOR Re: [Zope-dev] Speaking of2.6...

2002-04-11 Thread Jim Washington
Toby Dickenson wrote: On Wed, 10 Apr 2002 12:16:35 -0400, Jim Washington [EMAIL PROTECTED] wrote: 2. If we want to get fancy about allowing authentication using that ip address like naked ZServers can do, to if request.has_key('HTTP_X_FORWARDED_FOR'):

Re: [Zope-dev] [RFClet]: What about the request method and the client side trojan?

2002-04-11 Thread Casey Duncan
Toby Dickenson wrote: [snip] 4. Change dtml to not allow dtml-var someNonIdempotentMethod, although it should still allow dtml-var someNonIdempotentMethod() Ahhh! How do you propose to do that? I see a lot of bruised foreheads resulting from this... How many problems would this cause.

[Zope-dev] requestprofiler.py output width

2002-04-11 Thread Julián Muñoz
Hello, requestprofiles.py is generating an output (on standard output) of 80columns width, and I don't know how to expand it. At the begining I thought it was related with my xterm, but that's not the case, the output is truncated to 80chars indepently if I use xterm, or if I redirect the

Re: [Zope-dev] requestprofiler.py output width

2002-04-11 Thread Andreas Jung
--verbose - Original Message - From: Julián Muñoz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 11, 2002 10:38 Subject: [Zope-dev] requestprofiler.py output width Hello, requestprofiles.py is generating an output (on standard output) of 80columns width, and I don't know

Re: [Zope-dev] [RFClet]: What about the request method and the client side trojan?

2002-04-11 Thread Toby Dickenson
On Thursday 11 April 2002 4:39 pm, Casey Duncan wrote: Toby Dickenson wrote: [snip] 4. Change dtml to not allow dtml-var someNonIdempotentMethod, although it should still allow dtml-var someNonIdempotentMethod() Ahhh! How do you propose to do that? I see a lot of bruised foreheads resulting

Re: [Zope-dev] [RFClet]: What about the request method and the client side trojan?

2002-04-11 Thread Casey Duncan
dtml-var foo is not even close to the equivilant of dtml-var foo() The former uses mapply to comb the namespace for arguments and maps them to the callable and then calls it (if it is a callable, that is). IOW foo could have any number of arguments. The latter always calls foo with no

Re: [Zope-dev] [RFClet]: What about the request method and the client side trojan?

2002-04-11 Thread Oliver Bleutgen
First, Toby, thanks for that proposal, it's indeed far more elegant than the mess I had in mind. Casey Duncan wrote: Toby Dickenson wrote: [snip] 4. Change dtml to not allow dtml-var someNonIdempotentMethod, although it should still allow dtml-var someNonIdempotentMethod() Ahhh!

Re: [Zope-dev] [RFClet]: What about the request method and the client side trojan?

2002-04-11 Thread Lennart Regebro
From: Casey Duncan [EMAIL PROTECTED] My point is how do you disinguish dtml-var foo meaning Call foo passing everything from the namespace that maps to an arg from dtml-var foo meaning Call foo passing everything, but foo doesn't use anything from dtml-var foo Call foo and foo takes no

Re: [Zope-dev] [RFClet]: What about the request method and the client side trojan?

2002-04-11 Thread Toby Dickenson
On Thursday 11 April 2002 5:16 pm, Casey Duncan wrote: The most troublesome case is where foo accepts any number of arguments (such as a DTML method or ZPT or any other method with **kw), and you cannot know whether it changes objects or simply returns some string or something. Yes, that is a

Re: [Zope-dev] [RFClet]: What about the request method and the client side trojan?

2002-04-11 Thread Oliver Bleutgen
Casey Duncan wrote: [SNIP] Also, are we talking about only fixing the action on GET for the ZMI or for all Zope apps? If the answer is Just the ZMI then we are talking about doing something that has not been done before: Making the ZMI different from all other Zope apps. If the answer is

Re: [Zope-dev] [RFClet]: What about the request method and the client side trojan?

2002-04-11 Thread Toby Dickenson
On Thu, 11 Apr 2002 18:53:54 +0200, Oliver Bleutgen [EMAIL PROTECTED] wrote: With the implementation of Toby's proposal (barring the dtml-var thing, which isn't needed for that, as far as I see) Correct. The dtml-var change only helps guard against a careless dtml/zpt author reopening the same

Re: [Zope-dev] [RFClet]: What about the request method and theclient side trojan?

2002-04-11 Thread Jeffrey P Shell
On 4/11/02 7:55 AM, Toby Dickenson [EMAIL PROTECTED] wrote: On Thursday 11 April 2002 4:39 pm, Casey Duncan wrote: Toby Dickenson wrote: [snip] 4. Change dtml to not allow dtml-var someNonIdempotentMethod, although it should still allow dtml-var someNonIdempotentMethod() Ahhh! How

[Zope-dev] REMINDER: Bug day tomorrow...

2002-04-11 Thread Brian Lloyd
Hi all - Just a quick reminder that our inaugural Bug Day is tomorrow Friday, April 12 9:00 am EST until... until we've all had enough. We'll be coordinating on the #zope-dev channel on irc.zope.org. Some more info and general guidelines for bugdays are at: http://dev.zope.org/CVS/BugDays

[Zope-dev] Re: [Zope] setting default security permissions

2002-04-11 Thread Sidnei da Silva
I had the same problem a few weeks ago, and i posted my bug to the collector with a example class. See there: http://collector.zope.org/Zope/275 This friday, 9:00am EST there will be a BugDay on irc://irc.zope.org/#zope-dev Description of BugDays here: http://dev.zope.org/CVS/BugDays I

[Zope-dev] RE: [Zope] setting default security permissions

2002-04-11 Thread Tom Cameron
After more experimenting, I discovered that a restart of the zope server solved the problem. Nice to know, but I dont really wish to restart zope everytime I make a change. I am using Zope 2.5 and it appears that the refresh does not refresh the default security permissions. Tom =

[Zope-dev] problems downloading CVS tarballs

2002-04-11 Thread Andrew Sydelko
When I try to download a CVS tarball of the Zope_2_5-branch branch, I get a corrupt tar archive. The .../ISO_8859_1_Splitter/src directory contains one c file whose name gets truncated. I'm using gnutar so I'm pretty sure it's not a problem on my end. What tar is used on the CVS server?

Re: [Zope-dev] can't put !--#BCODE -- in dtml

2002-04-11 Thread Eron Lloyd
Zope thinks you're trying to use an ancient version of DTML. Make sure your comments are syntactically correct (!-- comment --) and try to avoid using !-- #(comment) -- anywhere as this could trip you up down the road. That format for variable insertion is still supported for legacy reasons.