i have the strange feeling that somebody forgot to include the AccessControl.ZopeGuard.safe_builtins for DTML.
See DT_Utils.py around line 56 and the corresponding imports as well as the definition of safe_builtins in ZopeGuard.py.
Could someone verify this?
Could you suggest a fragment of DTML which would serve as a test case? Such a fragment would either:
- fails if your suspicion is true, but shouldn't?
- doesn't fail, but should.
FWIW, we *did* actually do "functional" testing, including:
- Creating and minimally exercising every item available through the default ZMI add list;
- Creating and verifying that DTMLDocument, DTMLMethod, PythonScript, and PageTemplate objects could show dynamic content;
- Bringing up CMF 1.3.3 and 1.4.2, as well both with old and new sites;
- Bringing up a new Plone 1.0.5 site and adding content;
- Bringing up several of our large customer-specific applications.
This testing *did* find several "brown-bag" issues, before the release, which hadn't been caught be the unit tests.
Tres. -- =============================================================== Tres Seaver [EMAIL PROTECTED] Zope Corporation "Zope Dealers" http://www.zope.com
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce