Re: [Zope-dev] Zope 2.4.2 DTML Method Bug

2001-11-02 Thread Casey Duncan

On Friday 02 November 2001 06:51 am, Steve Alexander allegedly wrote:
 Matthew T. Kromer wrote:
  I think that is fixed but I'm not positive that its in 2.4.2  -- I know
  its on my 2_4 branch; I think we just barely missed this for 2.4.2 -- I
  see the change going into the log about a week later.
 
  I'll ask Brian if we're going to put out a 2.4.3 to include the fix.

 Matt,

 Please see my report in the new Collector.
 The patch at the end of this email is better than the one in the
 Collector, and also not mangled by stx :-)


 Your fix in the trunk does only fixes the symptom. It does not address
 the problem of DTML Methods not being reenterant.

[snip]

 Here's my patch. As a bonus, we get rid of an unqualified except:
 statement.


Steve,

Your fix seems correct to me, just swallowing the exception is probably a 
subtle security hole at worst at best it is just sweeping things under the 
rug as it were.

It might be worth stating that constructs such as:

try: foo
except: pass

Smack of bad form and should be avoided at all costs... They can make 
debugging a nightmare.

It would be nice if this patch could make it into 2.4.3b3. Thanks Steve!

/---\
  Casey Duncan, Sr. Web Developer
  National Legal Aid and Defender Association
  [EMAIL PROTECTED]
\---/

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )



Re: [Zope-dev] Zope 2.4.2 DTML Method Bug

2001-11-01 Thread Matthew T. Kromer

Casey Duncan wrote:

One of my products exposed a bug in the 2.4.2 version of DTMLMethod.py. It is 
minor and can be worked around, but I wanted to point it out:

Line 203 of DTMLMethod.py now contains:

del self.__dict__['validate']

which is part of a try...finally statement.

It seems that the validate key is not always present in the object at that 
point, specifically if you recursively call an object in a different context 
then it was originally called. as in:

dtml-with name=something
  dtml-return name=this
/dtml-with

This piece of code resulted in a KeyError on validate in my product code, 
which had previously worked fine. Perhaps another try statement should be 
wrapped around this del statement?

Hi Casey,

I think that is fixed but I'm not positive that its in 2.4.2  -- I know 
its on my 2_4 branch; I think we just barely missed this for 2.4.2 -- I 
see the change going into the log about a week later.

I'll ask Brian if we're going to put out a 2.4.3 to include the fix.


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )



[Zope-dev] Zope 2.4.2 DTML Method Bug

2001-10-31 Thread Casey Duncan

One of my products exposed a bug in the 2.4.2 version of DTMLMethod.py. It is 
minor and can be worked around, but I wanted to point it out:

Line 203 of DTMLMethod.py now contains:

del self.__dict__['validate']

which is part of a try...finally statement.

It seems that the validate key is not always present in the object at that 
point, specifically if you recursively call an object in a different context 
then it was originally called. as in:

dtml-with name=something
  dtml-return name=this
/dtml-with

This piece of code resulted in a KeyError on validate in my product code, 
which had previously worked fine. Perhaps another try statement should be 
wrapped around this del statement?

/---\
  Casey Duncan, Sr. Web Developer
  National Legal Aid and Defender Association
  [EMAIL PROTECTED]
\---/

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )



Re: [Zope-dev] Zope 2.4.2 DTML Method Bug

2001-10-31 Thread Steve Alexander

Casey Duncan wrote:

 One of my products exposed a bug in the 2.4.2 version of DTMLMethod.py. It is 
 minor and can be worked around, but I wanted to point it out:
 
 Line 203 of DTMLMethod.py now contains:
 
 del self.__dict__['validate']
 
 which is part of a try...finally statement.
 
 It seems that the validate key is not always present in the object at that 
 point, specifically if you recursively call an object in a different context 
 then it was originally called. as in:
 
 dtml-with name=something
   dtml-return name=this
 /dtml-with
 
 This piece of code resulted in a KeyError on validate in my product code, 
 which had previously worked fine. Perhaps another try statement should be 
 wrapped around this del statement?


This happens when a dtml method is reentrant.

The fix needs to be a bit deeper than what you describe above, otherwise 
you'll potentially lose the validate attribute of the dtml method 
object, and you'll get strange errors.

I've put this into the new collector, with a patch:


   http://new.zope.org/Collector/4

--
Steve Alexander
Software Engineer
Cat-Box limited


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )