> > The latest CVS version is giving autorization demands (and 
> failures) with this DTMLmethod.
> > This kind of construct used to work fine.
> > 
> > <dtml-var standard_html_header>
> > <h2><dtml-var title_or_id> <dtml-var document_title></h2>
> > <p>
> > <dtml-with "_.namespace(SUB=[1,2])">
> > <dtml-if "_.len(SUB)>0">non-empty<dtml-else>empty</dtml-if>
> > </dtml-with>
> > </p>
> > <dtml-var standard_html_footer>
> Perhaps newly created names in the _ namespace do not get 
> understood by
> the new security guts.

Hi guys - 
I _just_ checked in a fix for this. A piece of the namespace
machinery was not updated in the required way to play nice 
with the new infrastructure. I've included the reply I made
to the bug report:

Thanks for the report - I've tracked this down to a bit of 
the DTML rendering machinery that didn't get updated to 
play nice with the new security infrastructure. Any DTML 
that tried to use subobjects of an object associated with 
a name via a namespace would fail validation. The manage_tabs happened
to do this.

I've fixed this for 2.2. In the meantime, if you want to 
patch your current installation, you can make a one-line
change to DocumentTemplate/DT_Util.py. At line 254, change:

class namespace_: pass


class namespace_:

Brian Lloyd        [EMAIL PROTECTED]
Software Engineer  540.371.6909              
Digital Creations  http://www.digicool.com 

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to