On Thu, Jul 8, 2010 at 3:02 PM, Martin Aspeli <optilude+li...@gmail.com> wrote:
>> Ideally I'd love to add support for the permission attribute, as
>> clearly people have been using it. But if there's nobody who can
>> figure out how to do that, I'd at least like to clarify the add view
>> case.
> Why can't we just copy the relevant code from the browser:page directive?
> The ViewSecurityGrokker in
> http://svn.zope.org/five.grok/trunk/src/five/grok/meta.py?rev=112163&view=auto
> may be useful reading too. It should be doing the same thing, no?

It seems you have some idea about this code, so are you volunteering
to implement this?

Since we are dealing with a disclosed real security vulnerability
here, I need to have some resolution by next Tuesday. Either that is
disabling the functionality or protecting it with some security.

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to