[Zope-dev] Allowing python logging from restricted code
Hi All, Would anyone have a problem if I added the necessary security declarations to allow the python logging module to be used from restricted code? I'd like do this both for the trunk and the 2.8 branch, unless anyone has huge objections... Furthermore, I'd like to change zope.conf to allow the flexibility of defining loggers that ZConfig normally provides out of the box, rather than being limited to just the event log and the access log. I'd like to just do this for the trunk... Anyway, please let me know what you think! cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope-Checkins] SVN: Zope/trunk/lib/python/Shared/DC/ZRDB/ Collector #556: sqlvar now returns 'null' rather than 'None'.
Andreas Jung wrote: Argh...there is also a gadfly package coming from Zope 3. So when we remove it from the Zope 2 core we get it back with Zope 3 :-) Well, having a lightweight semi-functional rdb engine in the distro has always seemed handy for me, mainly for testing rdb-related components with the certainty that the rdb engine you're testing with will always be there... Maybe we should move it to the testing package? cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Gadfly (was: Collector #556: sqlvar now returns 'null' rather than 'None'.)
On 10 Oct 2005, at 08:58, Chris Withers wrote: Andreas Jung wrote: Argh...there is also a gadfly package coming from Zope 3. So when we remove it from the Zope 2 core we get it back with Zope 3 :-) Well, having a lightweight semi-functional rdb engine in the distro has always seemed handy for me, mainly for testing rdb-related components with the certainty that the rdb engine you're testing with will always be there... Maybe we should move it to the testing package? You're just moving the problem around with that. What's the point? jens ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Allowing python logging from restricted code
Chris Withers wrote: Hi All, Would anyone have a problem if I added the necessary security declarations to allow the python logging module to be used from restricted code? I'd like do this both for the trunk and the 2.8 branch, unless anyone has huge objections... I think you need to be very careful with this. IMO, this is something that should not be turned on by default. OTOH, I have no problem with making this possible to turn on. Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope-Checkins] SVN: Zope/trunk/lib/python/Shared/DC/ZRDB/ Collector #556: sqlvar now returns 'null' rather than 'None'.
On Mon, Oct 10, 2005 at 08:58:53AM +0100, Chris Withers wrote: | Andreas Jung wrote: | Argh...there is also a gadfly package coming from Zope 3. So when we | remove it from the Zope 2 core we get it back with Zope 3 :-) | | Well, having a lightweight semi-functional rdb engine in the distro has | always seemed handy for me, mainly for testing rdb-related components | with the certainty that the rdb engine you're testing with will always | be there... | | Maybe we should move it to the testing package? If I'm allowed to say anything, I would like to see gadfly being replaced by sqlite. It's available mostly everywhere except in Windows by default, as many products already use it. sqlite itself is 'public domain' and the python da has the same license as zlib if i recall, which is very permissive as well. -- Sidnei da Silva Enfold Systems, LLC. http://enfoldsystems.com ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope-Checkins] SVN: Zope/trunk/lib/python/Shared/DC/ZRDB/ Collector #556: sqlvar now returns 'null' rather than 'None'.
SQLite implements enough of a subset of SQL to be genuinely useful and it's performance isn't too bad either. There is a Zope DA for it somewhere too. We've never been able to use Gadfly for testing as it's so far from standard SQL that it just causes more problems than it solves - as we saw at the beginning of this thread. A On 10 Oct 2005, at 15:03, Sidnei da Silva wrote: On Mon, Oct 10, 2005 at 08:58:53AM +0100, Chris Withers wrote: | Andreas Jung wrote: | Argh...there is also a gadfly package coming from Zope 3. So when we | remove it from the Zope 2 core we get it back with Zope 3 :-) | | Well, having a lightweight semi-functional rdb engine in the distro has | always seemed handy for me, mainly for testing rdb-related components | with the certainty that the rdb engine you're testing with will always | be there... | | Maybe we should move it to the testing package? If I'm allowed to say anything, I would like to see gadfly being replaced by sqlite. It's available mostly everywhere except in Windows by default, as many products already use it. sqlite itself is 'public domain' and the python da has the same license as zlib if i recall, which is very permissive as well. -- Sidnei da Silva Enfold Systems, LLC. http://enfoldsystems.com -- Logicalware Ltd Stuart House, Eskmills, Musselburgh, EH21 7PQ, UK Tel: +44(0)131 273 5130 http://www.logicalware.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope-Checkins] SVN: Zope/trunk/lib/python/Shared/DC/ZRDB/ Collector #556: sqlvar now returns 'null' rather than 'None'.
--On 10. Oktober 2005 11:03:54 -0300 Sidnei da Silva [EMAIL PROTECTED] wrote: If I'm allowed to say anything, I would like to see gadfly being replaced by sqlite. It's available mostly everywhere except in Windows by default, as many products already use it. sqlite itself is 'public domain' and the python da has the same license as zlib if i recall, which is very permissive as well. IMO there is no need to ship the Zope core with *any* DB package except the ZODB. From the maintenance point of view we should basically ship with packages that we really need and that provide value to the core distribution. In Zope 2.6 we included Docutils with provided reStructuredText functionality. Updating and maintaining the package has been a minor pain in the past. Dealing with exploits in 3rd-party-packages (as it happened yesterday with Docutils) is another issue. The core distribution should only ship with packages where we have a certain amount of expertise to deal with such issues. I assume nobody of us is a sqlite core developer and knows the sources. Otherwise we end up like Plone and ship with more 3rd-party packages from release to release. -aj pgpbgm8FNc4S3.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] RestrictedPython, TALES Expressions and CMF
(sorry for the cross-post) I'm currently facing an issue that seems to be a result of a bad interaction between CMF, TALES and Restricted Python. The issue currently happens when: 1. A TALES 'Path Expression' in 'Caching Policy Manager' is evaluated 2. The result of evaluating a sub-expression is a Python Script (eg: object/modified where 'modified' is a Python Script) 3. The context as built by CMF doesn't define 'here' What happens in this case is that the call will end up in PageTemplates/ZRPythonExpr.py:call_with_ns, which is reproduced here for your pleasure: def call_with_ns(f, ns, arg=1): td = Rtd() td.this = ns['here'] td._push(ns['request']) td._push(InstanceDict(td.this, td)) td._push(ns) try: if arg==2: return f(None, td) else: return f(td) finally: td._pop(3) Now, given that there has been a decision of deprecating 'here' in favor of 'context', I'm not exactly sure about the fix. CMF seems to create expression contexts in two places off the top of my head: In 'CMFCore/Expression.py' and 'CMFCore/CachingPolicyManager.py'. None of those define 'here' or 'context' but instead just 'object'. In 'Products/PageTemplates/TALES.py', in the 'translate' function, 'here' is also hardcoded, but that should be less of an issue as code reaching into that function *should* have a proper expression context. The question then is, which code is wrong? PageTemplates for relying on 'here' being defined, or CMF for not defining 'here'? I volunteer to provide a fix with tests as soon as someone clarifies which one needs to be fixed. As a reminder, 'actions' as defined by 'portal_actions' tool and anything that derives from 'ActionProviderBase' suffer from the same issue. -- Sidnei da Silva Enfold Systems, LLC. http://enfoldsystems.com ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
