Robin Becker wrote:
> The latest CVS version is giving autorization demands (and failures) with this 
> This kind of construct used to work fine.
> <dtml-var standard_html_header>
> <h2><dtml-var title_or_id> <dtml-var document_title></h2>
> <p>
> <dtml-with "_.namespace(SUB=[1,2])">
> <dtml-if "_.len(SUB)>0">non-empty<dtml-else>empty</dtml-if>
> </dtml-with>
> </p>
> <dtml-var standard_html_footer>

Perhaps newly created names in the _ namespace do not get understood by
the new security guts.

Does it work if you:

<dtml-with "_(SUB=[1,2])">

and call the namespace directly?  The two are supposed to be synonymous
but your method is depricated so perhaps it works the other way, if not,
I'd suggest putting this in the collector for us to fix before the next

>              (Object: _.namespace(SUB=[1,2]))
>            File C:\Python\devel\Zope\lib\python\DocumentTemplate\, line 
>327, in eval
>              (Object: _.len(SUB)>0)
>              (Info: SUB)
>            File C:\Python\devel\Zope\lib\python\OFS\, line 184, in 
>              (Object: xxx)
>            File C:\Python\devel\Zope\lib\python\AccessControl\, 
>line 139, in validate
>            File C:\Python\devel\Zope\lib\python\AccessControl\, 
>line 160, in validate
>          Unauthorized: SUB


-Michel Pelletier

Visit WikiCentral for the latest Zen:

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to