> Yep, that's the situation. It appears to look for the security assertions for > "secure_url" on A instead of B. Note that "secure_url" is an attribute of B.
Yup. IOW, it looks like it used to find the first "secure_url" it could access and return that, even if there were other acquirable "secure_url" attrs before that one in the acquisition path. I'm sure the fact that it ignores any intermediate (but inaccessible) "secure_url" attrs is what Tres meant by DWIM. But I'm not sure that he intended for the patch to have this effect. I'm not even sure why it does have this effect; the "validate" function is just too byzantine to understand without taking it through the debugger. - C _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )