Shane Hathaway wrote:
> > How should I got about petitioning
> > for
> > <dtml-var anobject aq_context> to become valid syntax?
> There's one little (okay, big) problem with this idea: aq_context
> strips the security context.  In fact, it could be used to confuse the
> security machinery.
> Let's say I'm Joe Hacker and I have set up membership at
>  I create a DTML method called index_html
> with this:
> <dtml-with Members>
> <dtml-with hathawsh aq_context>
>   <dtml-call expr="index_html.manage_edit('1 0WN U')">
> </dtml-with>
> </dtml-with>

Alright, I give up :-(
This would be really useful, but if it's going to open up security holes
everywhere, then I best leave it alone :-S



Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to