Hi Tim,
Just to play devil's advocate; It seems this way, that methods pulling
non-specifically from namespace could allow ways to modify the result if
someone paid close attention to whats going on... i.e The total price of
your shopping cart before its sent to the transaction broker. It
I agree. However, this is true of all DTML.
I mean, its just as true in DTML methods that might REQUEST.set the args
to the ZSQLMethod. ie. they could be tricked into REQUEST.set(ing) a
false total etc. because they lookup all of their variables in the
namespace.
Cheers,
Tim
Paul Zwarts
Anyway, I propose that ZSQLMethods change and do variable lookups in the
entire namespace, not just the REQUEST object. It seems to be a simple
enough change (at least it looks it) and I can submit the patches, but
the harder thing is to get people to agree that it is a change for the
]
Cc: Paul Zwarts; [EMAIL PROTECTED]
Subject: Re: [Zope-dev] ZSQL methods lookup vars in REQUEST only (why?)
Anyway, I propose that ZSQLMethods change and do variable lookups in
the
entire namespace, not just the REQUEST object. It seems to be a
simple
enough change (at least it looks it) and I