> Yep, that's the situation. It appears to look for the security assertions for
> "secure_url" on A instead of B. Note that "secure_url" is an attribute of B.
Yup. IOW, it looks like it used to find the first "secure_url" it could
access and return that, even if there were other acquirable "secure_url"
attrs before that one in the acquisition path. I'm sure the fact that
it ignores any intermediate (but inaccessible) "secure_url" attrs is
what Tres meant by DWIM.
But I'm not sure that he intended for the patch to have this effect.
I'm not even sure why it does have this effect; the "validate" function
is just too byzantine to understand without taking it through the
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -