> I noticed that the most recent hotfix completely
> denies access to the getClassAttr, setClassAttr and
> delClassAttr from DTML. Is this going to be the
> behavior for future Zope versions?

Yes - I think that manipulating actual class objects from 
DTML is a Bad Thing.

> I know this will break code, so it might be prudent to
> alert people when the fix is rolled into the next Zope
> release.
> I would like to argue for deprecating these functions
> in favor of making the ZClass act like a dictionary so
> that:
> ZClass.set('name',value)
> ZClass.get('name'[,inherit])
> ZClass['name']
> could be called securely from scripts. I would be
> willing to write the code for this if you think it
> would be a good idea.

I'm not sure why you're wanting to do that, so it scares 
me :) I think that manipulation of class objects is 
beyond the scope of what "DTML scripters" should reasonably 
expect to be able to do.

Brian Lloyd        [EMAIL PROTECTED]
Software Engineer  540.371.6909              
Digital Creations  http://www.digicool.com 

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to