And since i've been digging into the vel-tools code again, i was reminded of this patch that never got committed. To refresh:
This patch allows developers to essentially override or block the standard $request, $response, $session, and $application context keys (or any sensitive values in those objects' attributes). This is desirable largely for security purposes. Some time back we had somebody on the list asking how they could prevent so-called "evil template designers" from utilizing the above objects for their nefarious schemes. yeah, most people don't care or need this patch, but the request was reasonable. so, i created this patch to give the toolbox priority in ChainedContext's search pattern. this way, developers can either put a dummy object to block access (a good one would be: <data type="boolean"><key>request</key><value>false</value></data>) or they can create a tool that acts as a wrapper around whatever they're trying to protect and thus give limited access. it's a simple patch, but it seemed to be ignored or otherwise forgotten last time. so, i'm giving it one more go... Nathan Bubna [EMAIL PROTECTED]
diff.tmp
Description: Binary data
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
