[Zope-dev] information disclosure vulnerability
Hi, probably the HelpSys object shouldn't be available by default to non-authenticated users, because it gives too much information on the currently installed products. access any Zope site this way : http://your.zope.site/HelpSys and you'll learn what products are available on the server. This can't lead to a direct compromise, but this gives way too much information to anonymous users IMHO. Tested today on several low and very high profile sites. bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Problem with Zope 2.6.0 and ZShell
Hi,
Someone has reported to me a problem when running ZShell's latest
version (1.5) under Zope 2.6 CVS and Python 2.2.2
Here's the traceback :
*
Traceback (innermost last):
Module ZPublisher.Publish, line 98, in publish
Module ZPublisher.mapply, line 88, in mapply
Module ZPublisher.Publish, line 39, in call_object
Module Products.ExternalMethod.ExternalMethod, line 224, in __call__
- __traceback_info__: ((Application instance at b796560, ['man ls',
'ls'], None), {}, (None, None))
Module /home/zope/Zope/ZInstanceHome/Extensions/zshell.py, line 3501,
in zshell
Module /home/zope/Zope/ZInstanceHome/Extensions/zshell.py, line 701,
in __init__
Module /home/zope/Zope/ZInstanceHome/Extensions/zshell.py, line 1014,
in execCommands
Module /home/zope/Zope/ZInstanceHome/Extensions/zshell.py, line 1081,
in execCommand
Module /home/zope/Zope/ZInstanceHome/Extensions/zshell.py, line 891,
in ShellExpand
Module rexec, line 429, in s_exec
Module rexec, line 412, in s_apply
Module rexec, line 308, in r_exec
Module __main__, line 1, in ?
Module rexec, line 339, in r_import
Module ihooks, line 397, in import_module
Module ihooks, line 433, in find_head_package
Module ihooks, line 486, in import_it
Module ihooks, line 325, in load_module
Module glob, line 4, in ?
Module rexec, line 339, in r_import
Module ihooks, line 397, in import_module
Module ihooks, line 433, in find_head_package
Module ihooks, line 486, in import_it
Module ihooks, line 325, in load_module
Module fnmatch, line 13, in ?
Module rexec, line 339, in r_import
Module ihooks, line 397, in import_module
Module ihooks, line 433, in find_head_package
Module ihooks, line 486, in import_it
Module ihooks, line 325, in load_module
Module re, line 27, in ?
Module rexec, line 339, in r_import
Module ihooks, line 397, in import_module
Module ihooks, line 433, in find_head_package
Module ihooks, line 486, in import_it
Module ihooks, line 325, in load_module
Module sre, line 168, in ?
AttributeError: 'module' object has no attribute 'hexversion'
*
This seems to be deep in Python standard library.
Since I don't actually use Zope 2.6, does anyone have an idea on
where the problem may come from ?
Does any of you use ZShell with Zope 2.6 ?
It works fine in 2.5.1 with Python 2.1.3, so something has
changed somewhere which breaks it.
ZShell's latest version is available from :
http://www.librelogiciel.com/software
Thanks in advance for any pointer.
Jerome Alet
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Problem with Zope 2.6.0 and ZShell
Hi, On Tue, Nov 19, 2002 at 01:54:56PM -0500, Guido van Rossum wrote: Since I don't actually use Zope 2.6, does anyone have an idea on where the problem may come from ? You're using restricted mode (the rexec module) and this apparently doesn't provide sys.hexversion. This is a shallow bug; it's already fixed in Python 2.3 (CVS). ... Probably those versions of Python didn't have the test for sys.hexversion; it's testing whether this is Python 2.2 or higher. A workaround would be to set sys.hexversion to 0x0202 (or to 0 if you're not sure which Python version you're using) before importing sre for the first time. Thanks for your answer. Unfortunately I never import sre. I import re, then rexec in the main program, then in the restricted code I add the os and os.path modules, and the resticted code then import the glob modules and calls its glob method. So should I set sys.hexversion *before* my re and rexec imports in the main program, or add the sys module and a fake hexversion value in the restricted code ? thanks in advance Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Using restricted code from within a python product
On Tue, Nov 05, 2002 at 12:19:06PM -0600, Brent Hendricks wrote: I have a method in a python Product that I'd like to have run as restricted code. Is there an easy way to do this? I was hoping for a PythonScriptFile() along the lines of PageTemplateFile(), but such a thing doesn't seem to exist. Why not use PythonScripts ? bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Using Zope from a console script
On Tue, Nov 05, 2002 at 09:46:03PM +0100, Gilles Lenfant wrote: But just want to run a console application, not running it from another Zope instance. xml-rpc should be the way to go. bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Using Zope from a console script
On Tue, Nov 05, 2002 at 10:25:23PM +0100, Gilles Lenfant wrote: That's the way I started to do the stuff but this requires too many Zope side xmlrpc handlers I should not need if accessing directly to the Zope objects. shamelessplug mode=again_and_again Did you try to manipulate your ZODB with ZShell ? You can also do it in a limited way through xml-rpc with the help of Andy McKay's ZShellCLI, but ZShell commands can manipulate several (**many**) objects at a time, so the slowdown would be minimal. depending on what you want to achieve this may be useful. get it from http://www.librelogiciel.com/software/ upcoming versions of ZShellScripts will provide easier xml-rpc access to ZShell functionnalities. /shamelessplug hth Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope] Unix: Vanishing Group Ids associated with Zope process ?
On Fri, Oct 11, 2002 at 06:05:59PM +0200, Johan Carlsson [EasyPublisher] wrote: The way that Zope changes user under the start up sequence doesn't change the groups. man 2 setgroups should be called after (before?) the user id change in the Zope startup script. it is called for you by PAM when you log in, AFAIK, this is why it works from your command line hth Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] A Modest Proposal Concerning Monkey Patches
On Wed, Aug 14, 2002 at 05:08:21PM +0100, Adrian Hungate wrote: One question about zshell though, what is the box that is added left of the add product pulldown? Is it something that ABSOLUTELY has to be on the contents listing (i.e. something to do with creating or maintaining the objects listed?). Could it be backdoor'd into all_meta_types so that it, itself is listed in the pulldown, or could it have a ZMI tab of it's own (Both of these are easier than live patching the DTML)? About ZShell : IF and ONLY if you want to use ZShell from the right frame of the ZMI (manage_main) you currently have to modify manage_main to put a text input field somewhere on it. Then running ZShell from there applies ZShell commands to the current folderish object. (Of course you can in any case use ZShell by pointing your web browser to it) Of course ZShell could use a special tab, or another clever solution, but IMHO this is really NOT the problem here. The problem is not about ZShell, ExternalEditor, or any other Zope product, but if I understand correctly it is about extending, not replacing, the Zope's main management interface. Jim please correct me if I'm wrong. That's why I proposed to add three loops in manage_main, to loop over three different types of plugins. Each Zope product which wants to extend the ZMI should register itself once as a ZMI plugin of three sorts : - top ZMI plugin : displayed once at the top (ex : ZShell) - line ZMI plugin : displayed once for each object (ex : External Editor) - bottom ZMI plugin : displayed once at the bottom (ex : xxx) registering a ZMI plugin would be as simple as : root.registerZMIPlugin(top|line|bottom, self) or : root.registerTopZMIPlugin(self) root.registerLineZMIPlugin(self) root.registerBottomZMIPlugin(self) self represents the object which wants to register as a ZMI plugin. It would have to provide at least one of the three methods : TopZMIPlugin(self, obj) LineZMIPlugin(self, obj) BottomZMIPlugin(self, obj) these three methods would have to render some html snippet, e.g. a form with a text input field for ZShell, or a nice icon with a link for External Editor. obj would be the object on which the method applies, e.g. current folder, or current object in the object listing. This way manage_main could be rendered more powerful by just adding three dtml-in in it, and its aspect wouldn't even change in case no ZMI plugin would be registered (which is the case with a base Zope installation). any comment ? thx for reading Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] A Modest Proposal Concerning Monkey Patches
On Wed, Aug 14, 2002 at 09:33:02PM +0200, Jerome Alet wrote: registering a ZMI plugin would be as simple as : root.registerZMIPlugin(top|line|bottom, self) or : root.registerTopZMIPlugin(self) root.registerLineZMIPlugin(self) root.registerBottomZMIPlugin(self) self represents the object which wants to register as a ZMI plugin. I forgot to add that root in this case means any unique Zope object which we are certain is always present (e.g. the root object or the ControlPanel), which would register all plugins as its own properties and could list all plugins (that's why the ControlPanel is a good idea, but I don't know if it would support this functionnality easily). hoping this gets clearer now Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Write in a file.
Hi, On Mon, Jul 01, 2002 at 10:13:25PM +0200, Juliette Colmant wrote: I have a Python script that has to write a string in a file. When I launch it from Zope, I have an error message from Zope telling me I can't write in my file. Is there a way to write in a file from Zope or not? Is that a problem a rights? Do I change something about the security in Zope? You should use an external method to do that, because Python Scripts are very restricted. Just put your script in zope/Extensions and add an external method which points to this script in the ZMI. you should use the [EMAIL PROTECTED] mailing list instead of this one to ask such questions. zope-dev is dedicated to the development of Zope. bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] multiple monkeypatches
On Thu, Jun 06, 2002 at 09:24:58AM -0400, Casey Duncan wrote: I am going to experiment with ExternalEditor to see if I can dynamically patch manage_main reliably rather than replacing it outright. If I work out a reliable scheme, I'll write a how-to on it. Then maybe other products can then use the same technique. Couldn't there be a plugin mechanism for the management interface ? I can see three sort of plugins : Top plugin : * will be displayed once at the top of the ZMI (below tabs) e.g. ZShell Line plugin : * will be displayed once for each object (on each line) e.g. ExternalEditor Bottom plugin : * will be displayed once on the buttons line e.g. Your_product_of_choice Then every product would just have to register itself as a ZMITopPlugin, ZMILinePlugin, or ZMIBottomPlugin, or both. then the ZMI (main.dtml in fact) would just have to loop for each list of registered plugins whenever its needed : once at the top, once for each line listing objects, and once for the bottom. and if ZMILinePlugins could set a filter to be called only for some metatypes this would be really cool ! Any comment ? BTW Casey and others, if you need some help then I'd be pleased to do whatever I can, with a small amount of free time though... The problem is somewhat easier to solve for methods since you can detect whether they have already been replaced (with func_globals) and you can do the old run my code and call the old one trick. agreed, unfortunately... bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] multiple monkeypatches
On Wed, Jun 05, 2002 at 05:15:10PM +, Florent Guillaume wrote: Jim Penny [EMAIL PROTECTED] wrote: Is there a safe way to handle multiple monkeypatches? Without an existing framework (I haven't looked at Adrian's PatchKit), it's the same old problem as intercepting interrupts on good old 8-bit computers. You just have to save and call the previous one. What I do is this: # 1. define my method def manage_main(...): # ... ... res = self._myproduct_old_manage_main(...) Yes, I remember ;-) except that what we want to patch there is the user interface HTML code itself. I think parsing the HTML code to insert some tags where needed would do it, but this seems somewhat complicated to do for a simple thing like that. Would be fine if the main.dtml file would allow a plugin system... bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] [PATCH] to Zope's Management Interface
Hi the attached patch to apply to zope/lib/python/OFS/dtml/main.dtml allows people who want to use ZShell to type ZShell commands directly from the Zope's Management Interface. It should be transparent for people who don't want to use ZShell at all. to use this patch, you have to : - download ZShell v1.42 from : http://www.librelogiciel.com/software/ This is mandatory to stay in the ZMI when running commands, otherwise, with older ZShell versions you'll enter ZShell user interface after entering a command. - extract it in your home directory - cd to the Zope's home, e.g. /usr/lib/zope - type the following command (as root) : patch -p0 ~myusername/zshell-1.42/main.dtml.patch - restart Zope Enjoy !!! (At least you should) This was tested against Zope 2.5.0-4 (Debian package) but applying the patch manually to other versions if needed is very easy. As always any comment is very welcome. PS : This procedure and the patch are now included in the ZShell 1.42 package. Jerome Alet --- lib/python/OFS/dtml/main.dtml.orig Mon Apr 29 12:18:12 2002 +++ lib/python/OFS/dtml/main.dtml Mon Apr 29 12:38:34 2002 -60,6 +60,15 /table /dtml-if +dtml-if _.hasattr(this(), 'zshell') + form action=zshell method=GET +input type=text name=zshellscript:string width=60 / +input type=hidden name=zshellredirect:string value=dtml-URL0; / +nbsp; +input type=submit name=zshellbutton value=ZShell! / + /form +/dtml-if + form action=dtml-URL1;/ name=objectItems method=post dtml-if objectItems table width=100% cellspacing=0 cellpadding=2 border=0
[Zope-dev] Re: [Zope] [PATCH] to Zope's Management Interface
NB : not CCed to [EMAIL PROTECTED] On 29 Apr 2002, Hannu Krosing wrote: On Mon, 2002-04-29 at 13:21, Jerome Alet wrote: the attached patch to apply to zope/lib/python/OFS/dtml/main.dtml allows people who want to use ZShell to type ZShell commands directly from the Zope's Management Interface. It should be transparent for people who don't want to use ZShell at all. Have you thougth of making this a Hotfix instead of patch ? No. I often don't think a lot, especially considering that the idea to do this 4 lines patch only came to my mind this morning... Is there a howto somewhere ? thanks in advance. Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope] [PATCH] to Zope's Management Interface
On Mon, 29 Apr 2002, Steve Alexander wrote: Hannu Krosing wrote: As always any comment is very welcome. Have you thougth of making this a Hotfix instead of patch ? Please don't call this a hotfix. That term is reserved for products that fix important bugs (especially security bugs) in Zope. A product can dynamically patch things, using the same mechanism as a Hotfix. However, use of this mechanism does not qualify a product as a Hotfix. The terms monkeypatch and dynamic patch have been used to describe this mechanism. Please use one of these in preference to Hotfix. Perhaps you could tell me if I have to use the App.Hotfixes interface or not when doing such a not-Hotfix thing. Thanks in advance. Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope] [PATCH] to Zope's Management Interface
On Mon, 29 Apr 2002, Steve Alexander wrote: You should certainly not use the App.Hotfixes interface for this. The App.Hotfixes interface is for registering dynamic patches that will become part of Zope in a future release, at which point the dynamic patch can be removed. ok, so if I understand correctly all I have to do to make a not-hotfix product is just do an unconditionnal assignment of my new complete main.dtml file to ObjectManager.ObjectManager.manage_main in my product's __init__.py file ? am I right ? While you are dynamically extending Zope, I don't think there are any plans to incorporate this into the core Zope distribution. :-) bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope] [PATCH] to Zope's Management Interface
On Mon, 29 Apr 2002, Steve Alexander wrote: Jerome Alet wrote: ok, so if I understand correctly all I have to do to make a not-hotfix product is just do an unconditionnal assignment of my new complete main.dtml file to ObjectManager.ObjectManager.manage_main in my product's __init__.py file ? If the ObjectManager class has already been initialized, then its security declarations will have been applied to the preexisting main DTMLFile object. In which case, you'll have to re-initialise the class, or process your own security declarations, or something like that. Ok, for now I will go with the patch, and I'll think more about this for the next version. thanks for the help. Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] RE: [Zope] [PATCH] to Zope's Management Interface
On Mon, 29 Apr 2002, Roel Van den Bergh wrote: The download file at http://www.librelogiciel.com/software/ZShell/tarballs/zshell-1.42.tar.gz cannot be opened on W2K with Winzip 8.0 (tested on several different machines) could you download it again ? I've tested here (no windows, sorry) and it's ok, file size is 46686 bytes and md5sum is : 6efb9c10e532d534fb843354ac28c5bb maybe it was corrupted during the download phase. hth. Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] RFC : AnyScripts
Hi, I'm finally toying, after having stalled a too long time, with the creation of ZShellScripts, which would be for ZShell commands what PythonScripts are for Python... The current, not yet available, incarnation is very highly based on PythonScripts, however I wondered if something better couldn't be done, because it seems to me to be an unneeded repetition of most of the PythonScripts' code : AnyScripts AnyScripts would have a mandatory first line similar to the one of any Unix shell script. By unix shell script I mean any script which can be launched directly under Unix, not only bash or csh scripts, but also perl, tcl, etc... So an AnyScript would contain a first line like : #! /scripts/interpreter And the execution of this script in the context on which it is applied would be delegated to another object present in the path which was set on this very first line, i.e. /scripts/interpreter So you could put any interpreter object of your choice in for example the /scripts folder (no path would mean search the interpreter object within the acquisition path) For example PythonScripts would contain something like : #! /builtins/python or something like that. Out of my mind I can already think of a ZShell interpreter object, but why not other types of interpreter objects : perl tcl C (the language ! Why not after all) etc... Each interpreter object would have at least two methods : compile() = returns a code object from source code, if meaningful (otherwise returns the source unchanged), to be stored in the AnyScript object which calls the compile() method. execute() = executes the above code object. This method of the Interpreter object would be called by the AnyScript object at run time, passing it the code object obtained with compile() Of course all of this come straight out of my mind, and there would probably be some problems I'm not able to understand yet... Bound variables would be like for PythonScripts, with the exception of their content would be the best format for the Interpreter in question, so each Interpreter object would probably also have a bind() method which would bind vars in the preferred format for the AnyScript object which calls this method, and would be accessible using the preferred syntax of the langage in question, e.g. : for PythonScripts, vars like context would be Zope Objects, like they currently are. for ZShell AnyScripts, vars like context, would be paths to Zope Objects, and accessible with names like $context for example. for C AnyScripts, vars would probably be something like PyObjects pointers. etc... So AnyScripts objects would interact with their interpreter object of choice to compile their source code, bind their vars, then finally execute the code and get the result back. What do you all think about this idea ? Are any of you interested ? I admit I don't know anything about the feasability of such a project with other languages than ZShell, however if a single implementation could be done, then anyone could add his own interpreter later... PS : I'll do ZShellScripts anyway... bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] multiple database connections
Hi, First I have to say I've not tried what is discussed below, I'm just thinking about how this could be done... Say I have several relationnal databases, both have an identical structure. Since these databases are identical, all my ZSQL methods can be used with any of them. So I plan to architecture my Folder tree like that : Level0 | +-- ZSQLMethod1 +-- ZSQLMethod2 +-- ... +-- Level1-1 | | | +-- DAConnection | +-- ... some stuf specific to this database ... | +-- Level1-2 | +-- DAConnection +-- ... some stuff specific to this database ... Each DAConnection connects to a different database, but the id is identical in order for the ZSQL methods to find it in whichever folder they are called. Now the problem is : one can't create a ZSQL method if there's no DAConnection at the same level or above. I suppose that creating all my ZSQL methods in for example Level1-1, then cuttingpasting them in Level0 could work, but I find this very counter intuitive. And if this would work, then the ZSQL methods wouldn't be editable anymore since at Level0 there's no DA... So my question is : why the hell can't developpers create ZSQL methods as they see fit, and be allowed to type-in the name of a possibly not-yet-existing Database Connection ? After all, creating ZSQL methods isn't for end users, so maybe Zope could trust developpers in knowing exactly what they want to do... Adding a free text field and allowing a Free entry in the drop-down list in the ZSQL method creation form would help. The Test tab form could also be modified to allow the developper to choose any DA at test time. Any comment or a solution to do this the right way ? thanks in advance. Jerome Alet - [EMAIL PROTECTED] - http://cortex.unice.fr/~jerome Fac de Medecine de Nicehttp://wwwmed.unice.fr Tel: (+33) 4 93 37 76 30 Fax: (+33) 4 93 53 15 15 28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] WebDAV locks disappearing...
Hi, I've just tested webDAV access for the very first time using cadaver, so maybe this is a known problem. I've locked some objects using cadaver's lock command, and then opened a browser keeping cadaver's connection opened. then I've searched for this locks using the ZMI and also a method of my own. All worked fine, the locks were found. Then some time later I've retried to find the locks, and both the ZMI and my method returned no lock. However in cadaver the locks still seemed to be there... Then I've unlocked the objects and relocked them in cadaver and retried, this time the locks were found again... I hadn't the time to do some more testing but I find this surprising. Does anyone have seen the same problem ? FYI Zope 2.5.0 + Python 2.1.2 both up-to-date Debian Woody packages. bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] multiple database connections
On Thu, Mar 07, 2002 at 03:28:28AM -0800, kapil thangavelu wrote: On Thursday 07 March 2002 02:34 am, you wrote: not-yet-existing Database Connection ? After all, creating ZSQL methods isn't for end users, so maybe Zope could trust developpers in knowing exactly what they want to do... that said, zope doesn't stop a *developer* from doing it themselves. Thanks! Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] WebDAV locks disappearing...
On Thu, Mar 07, 2002 at 01:55:45PM -0500, Andreas Jung wrote: From: Jerome Alet [EMAIL PROTECTED] All worked fine, the locks were found. Then some time later I've retried to find the locks, and both the ZMI and my method returned no lock. However in cadaver the locks still seemed to be there... perhaps a problem with the lock timeout ? i think webdav clients can specify a timeout for locks. I don't think so since the client still saw the locks. The Zope server however showed that they had disappeared, as seen from the ZMI and from my method's result. for further investigations you can use the WebDAVLogger product to capture webdav related traffic. Ok I'll try to do this. thanks for the tip ! bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Zope 2.6 planning - call for contributors!
On Wed, 6 Mar 2002, Joachim Werner wrote: - All the basic API (like store, delete, edit, ...) must be free of HTTP specifics, so that I can modifiy content either over a web frontend or over WebDAV, FTP, ... - and even via a fat client application like a wxPython application. Currently that one is a mess. +5 Jerome ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] syslog
On Wed, 3 Oct 2001, Toby Dickenson wrote: On Mon, 1 Oct 2001 20:53:00 +0200, Jerome Alet [EMAIL PROTECTED] wrote: It may prove to be useful when you want to do remote logging: you send all to the local syslog which in fact forwards it to a remote syslog server. I understand the interest for remote logging of events - thats what I am using syslog for. Does the same apply to access logs too? (that is, the entries which also get written to var/Z2.log) Sorry, I don't know. In fact I don't use syslog with Zope, this was just a general answer. Because Apache is often used in front of Zope, it's probably even better (quicker) to let Apache do the access logging and disable it entirely from Zope. bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] syslog
On Mon, Oct 01, 2001 at 04:14:47PM +0100, Toby Dickenson wrote: A question for all syslog users; is it ever useful to send access logs to syslog? (I can't think of good reason, but my syslog zen quotient is still low). Is anyone else even using syslog? It may prove to be useful when you want to do remote logging: you send all to the local syslog which in fact forwards it to a remote syslog server. hth. Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Vulnerability in Zope
On Sun, Sep 23, 2001 at 10:36:33AM -0400, Paul Everitt wrote: Do others consider this a vulnerability? While it reveals more information than people might want, I'm curious about scenarios under which it could be exploited. If any of you know of something *specific*, meaning it's a genuinely exploitable vulnerability, please email me or Brian Lloyd ([EMAIL PROTECTED]) directly, rather than explain to the world how to do it. ... ... Bobo-Exception-File: /usr/local/base/Zope-2.3.2-modified/lib/python/OFS/Property Think about social engeniering. Knowing this sort of things, while this is not a vulnerability in itself, allows everybody to remotely know were Data.fs is. bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Weird message from Python Scripts
Hi, On Wed, 4 Jul 2001, Chris Withers wrote: Shane Hathaway wrote: It's behaving correctly. Visit the scripts and click Save changes to compile. (You don't have too many, do you?) 30-40 :-( What short python script would do this for me? I'm guessign something like: for s in context.ZopeFind(spec=['Python Script']): s.edit() ...or something? I think ZShell could do that, probably with its call command. get it from: http://cortex.unice.fr/~jerome/zshell and remember: the man command is your best friend. bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZPL and GPL
On Mon, Jun 25, 2001 at 12:22:32PM -0700, Michael R. Bernstein wrote: Other than keeping the door open for this eventuality, is there any other reason to choose a BSD style license over the GPL? ... Unless I've misunderstood something (which is certainly possible), DC doesn't seem to have anything to lose by switching from a BSD style license to the GPL (or a GPL style license with an additional optional attribution clause), and quite a bit to gain. I personnally would love to see both Python and Zope be GPLed. However we should take into consideration the fact that this would mandate that any Zope product should be GPLed too, since in the FSF view we link them to Zope. The same for Python C extensions, we would link them to a GPLed software (Python), so they would have to be GPLed too. That's why I'm pretty sure that unfortunately both Zope and Python would loose supporters if they were GPLed. bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: command-line zope.org product upload ?
Hi, Simon Michael wrote: Morten W. Petersen [EMAIL PROTECTED] writes: Cool. And maybe some apt-get functionality? Like 'zope-apt-get dist-upgrade'? :-) uh, Jerome ? Hey, uh, me and the folks on the list think there's this one little extra that would make zshell perfect.. :) Sorry for being late, I hadn't yet subscribed to this list. I'd love to do this, however it seems to be very difficult until a standard Zope package file format exists. See my posts on this subject on [EMAIL PROTECTED] However I think a shell command could help, e.g. in ZShell dialog box you'd type something like: shell apt-get update shell apt-get upgrade This would do it, but you'll need to have an apt-get wrapper which would have to be setuid root, so this would be very dangerous. the best solution is of course to standardize on one file format, and tweak Distutils to do what we want, then adding zope-apt-get to ZShell (or why not directly to Zope) will be trivial. bye, Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope] IE5 / Medusa bug?
On Thu, 14 Dec 2000, Evan Simpson wrote: From: seb bacon [EMAIL PROTECTED] I imagine the fact that I can make it work by adding index_html is the most telling point, but it's not telling me anything ;) Leaving off index_html causes Zope to add a base href to the head. That's WHOW ! base href is exactly 11 bytes long. Couldn't it be that the content-length is computed by Zope before you automatically add this tag ? just my 0.02 euros Jerome Alet ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
