Brian Lloyd writes: > If you or Hajime can send me a patch against the current 2.7 > branch, I'll make sure they get in before the beta is cut (or if > either of you are committers it is also fine to checkin yourselves > to the Zope-2_7-branch and head and let me know when its done).
Here is a patch that solves the issue with "manage_page_charset" not beeing called if it is a method instead of a string-valued attribute: Index: lib/python/App/dtml/manage_page_header.dtml =================================================================== RCS file: /cvs-repository/Zope/lib/python/App/dtml/manage_page_header.dtml,v retrieving revision 1.12 diff -w -u -r1.12 manage_page_header.dtml --- lib/python/App/dtml/manage_page_header.dtml 22 Dec 2002 17:53:57 -0000 1.12 +++ lib/python/App/dtml/manage_page_header.dtml 15 Jan 2004 17:17:50 -0000 @@ -5,7 +5,7 @@ <dtml-call "REQUEST.set('management_page_charset','iso-8859-1')"> </dtml-unless> <meta http-equiv="content-type" content="text/html;charset=&dtml-management_page_charset;"> -<dtml-call "RESPONSE.setHeader('content-type','text/html;charset='+management_page_charset)"> +<dtml-call "RESPONSE.setHeader('content-type','text/html;charset='+_.render(management_page_charset))"> <title><dtml-if title>&dtml-title;</dtml-if></title> <dtml-let ag="REQUEST.get('HTTP_USER_AGENT', '')" is_nav4="ag[:9] == 'Mozilla/4' and _.string.find(ag, 'MSIE') < 0" I have not found any bad side effects after the patch, but I am not very experienced with the soemwhat arcane DTML hacks, so it would be nice if someone else does some testing with it. At least it fulfills the requirements that manage_page_charset is called if it is callable, and thus recovers Formulator. What I am not certain about is if this reopens some XSS-security holes the original change intended to close. However as long as one does not have an utterly broken "manage_page_charset" method I cannot see why this should happen. Oh, I see Martijn already responded to the posting, so its maybe superfluous anyway. Cheers, Clemens _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )