Re: [Zope] Silly question
The DWIM of not disallowing traversal of underscore names is useful (because it makes it easy to conventionally mark attrs as private) but it can definitely be a drag if you really do want to publish something that begins with an underscore; this happens a lot when you need to deal with allowing uploads of arbitrary filenames. It might be useful to add something like you propose, except I might take exception to the name isTraversable (everything is traversable, really); maybe just set a magic attr on the object like __allow_underscore_traversal__. However, adding such a feature would need to be done carefully. Much usage of the Zope security machinery utterly depends on not being able to traverse underscore names. - C On Thu, 2005-06-02 at 15:59 -0400, Dan Pozmanter wrote: Wouldn't it be cool if instead of checking explicitly for a leading '_' during traversal, you ran a method isTraversable (On SimpleItem for instance), which by default just checks for a leading '_', but could be overridden in a particular class? Dan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Silly question
The name could change easily enough. How about __bobo_always_allow__ Which can either be: None A List of traversable items A method that takes the path, and returns whether or not it is traversable. So for a path p: if p[0] == '_': if p_object.__bobo_always_allow__: if type(p_object.__bobo_always_allow__) is type([]): if p in p_object.__bobo_always_allow__: #allow else: #Do what is normally done for '_' bits. else: if p_object.__bobo_always_allow__(p): #allow else: #Do what is normally done for '_' bits. else: #Do what is normally done for '_' bits. Something vaguely like that. That way you could either specify the exact items that start with '_', or have a method determine it on the fly. This way you would not automatically make all attributes that start with an underscore accessible, and the developer could specify exceptions. -Original Message- From: Chris McDonough [mailto:[EMAIL PROTECTED] Sent: Thursday, June 02, 2005 4:15 PM To: Dan Pozmanter Cc: zope@zope.org Subject: Re: [Zope] Silly question The DWIM of not disallowing traversal of underscore names is useful (because it makes it easy to conventionally mark attrs as private) but it can definitely be a drag if you really do want to publish something that begins with an underscore; this happens a lot when you need to deal with allowing uploads of arbitrary filenames. It might be useful to add something like you propose, except I might take exception to the name isTraversable (everything is traversable, really); maybe just set a magic attr on the object like __allow_underscore_traversal__. However, adding such a feature would need to be done carefully. Much usage of the Zope security machinery utterly depends on not being able to traverse underscore names. - C On Thu, 2005-06-02 at 15:59 -0400, Dan Pozmanter wrote: Wouldn't it be cool if instead of checking explicitly for a leading '_' during traversal, you ran a method isTraversable (On SimpleItem for instance), which by default just checks for a leading '_', but could be overridden in a particular class? Dan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Silly question
Yup. FWIW, the actual bit of code that would need to change is around line 299 of ZPublisher/BaseRequest.py: if entry_name[:1]=='_': if debug_mode: return response.debugError( Object name begins with an underscore at: %s % URL) else: return response.forbiddenError(entry_name) Those five lines are pretty important, and though a patch might be small, the impact of any change is potentially very large. I probably wouldn't be able to spare the time to review any patch for inclusion in mainline Zope that allowed underscore traversal from a security perspective just because I'd be paranoid enough to need to do a lot of work to properly do the review. OTOH, you can probably get what you want by patching your source locally. - C On Thu, 2005-06-02 at 16:34 -0400, Dan Pozmanter wrote: The name could change easily enough. How about __bobo_always_allow__ Which can either be: None A List of traversable items A method that takes the path, and returns whether or not it is traversable. So for a path p: if p[0] == '_': if p_object.__bobo_always_allow__: if type(p_object.__bobo_always_allow__) is type([]): if p in p_object.__bobo_always_allow__: #allow else: #Do what is normally done for '_' bits. else: if p_object.__bobo_always_allow__(p): #allow else: #Do what is normally done for '_' bits. else: #Do what is normally done for '_' bits. Something vaguely like that. That way you could either specify the exact items that start with '_', or have a method determine it on the fly. This way you would not automatically make all attributes that start with an underscore accessible, and the developer could specify exceptions. -Original Message- From: Chris McDonough [mailto:[EMAIL PROTECTED] Sent: Thursday, June 02, 2005 4:15 PM To: Dan Pozmanter Cc: zope@zope.org Subject: Re: [Zope] Silly question The DWIM of not disallowing traversal of underscore names is useful (because it makes it easy to conventionally mark attrs as private) but it can definitely be a drag if you really do want to publish something that begins with an underscore; this happens a lot when you need to deal with allowing uploads of arbitrary filenames. It might be useful to add something like you propose, except I might take exception to the name isTraversable (everything is traversable, really); maybe just set a magic attr on the object like __allow_underscore_traversal__. However, adding such a feature would need to be done carefully. Much usage of the Zope security machinery utterly depends on not being able to traverse underscore names. - C On Thu, 2005-06-02 at 15:59 -0400, Dan Pozmanter wrote: Wouldn't it be cool if instead of checking explicitly for a leading '_' during traversal, you ran a method isTraversable (On SimpleItem for instance), which by default just checks for a leading '_', but could be overridden in a particular class? Dan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
