Richard Waid wrote:
Basically, if you're using a ZPT with a content-type text/xml, using a
TAL path expression to access an attribute or method causes a security
violation (Unauthorized). It does not happen if the ZPT is using
content-type text/html.
Ah, guarded_getattr is doing something wrong
Until cAccessControl.c is fixed, you can work around the problem with a
simple patch to Products/PageTemplates/Expressions.py, in
restrictedTraverse():
if isinstance(name, TupleType):
object = object(*name)
continue
+
+ name = str(name)
if
Evan Simpson wrote:
Until cAccessControl.c is fixed, you can work around the problem with a
simple patch to Products/PageTemplates/Expressions.py, in
restrictedTraverse():
if isinstance(name, TupleType):
object = object(*name)
continue
+
+ name =