Christian Theune wrote:

i have the strange feeling that somebody forgot to include the
AccessControl.ZopeGuard.safe_builtins for DTML.

See around line 56 and the corresponding imports as well as
the definition of safe_builtins in

Could someone verify this?

Could you suggest a fragment of DTML which would serve as a test case? Such a fragment would either:

- fails if your suspicion is true, but shouldn't?

- doesn't fail, but should.

FWIW, we *did* actually do "functional" testing, including:

  - Creating and minimally exercising every item available through the
    default ZMI add list;

  - Creating and verifying that DTMLDocument, DTMLMethod, PythonScript,
    and PageTemplate objects could show dynamic content;

  - Bringing up CMF 1.3.3 and 1.4.2, as well both with old and new

- Bringing up a new Plone 1.0.5 site and adding content;

- Bringing up several of our large customer-specific applications.

This testing *did* find several "brown-bag" issues, before the release, which hadn't been caught be the unit tests.

Tres Seaver                                [EMAIL PROTECTED]
Zope Corporation      "Zope Dealers"

Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - )

Reply via email to