On Wed, 24 May 2000 13:38:55 -0400 (CLT) you wrote:

 > Hi Zopistas,
 > after upgrading Zope (in a debian/Linux system) from 2.1.4 to 2.1.6
 > the acquisition rules seems to be broken.
 > As an example supose we have this tree structure
 > ---|- aviso
 >    |- foo
 >    |- bar     
 >       |- X_sql (sql method)
 > X_sql is a sql method with to parameters: objeto, aviso
 > here is the template:
 > INSERT INTO linea_publicacion
 >   (publicacion,aviso)
 >   (&dtml-objeto;,&dtml-aviso;)
 > when zope renders this template to execute the sql, it renders
 > INSERT INTO linea_publicacion
 >   (publicacion,aviso)
 >   (3,<Folder instance at 8580aa0>)
 > so it replaces aviso with the folder instance aviso.
 > Apart of discarding the explicit parameter "aviso", the aviso folder
 > is not parent of bar so it shoudn't acquire it.
 > So, who can explain me this??
 > is that a bug in Zope 2.1.6 ??  Zope 2.1.4 works fine.

Yes. ZSQL methods attempt to acquire values _before_ using the ones you
supply directly. It's been discussed on the list earlier this month, as I
found out when I stumbled upon it on Monday. Lots of things in 2.1.6 are
worth keeping, however, so I patched it. Just as soon as I have the time
I'll post a formal patch just as soon as I have time, but here's a quick

In lib/python/Shared/DC/ZRDB/Aquaduct.py you should see something like

class BaseQuery(Persistent, SimpleItem.Item,
                Acquisition.Implicit, RoleManager):

    def query_year(self): return self.query_date.year()
    def query_month(self): return self.query_date.month()
    def query_day(self): return self.query_date.day()

    def quoted_input(self): return quotedHTML(self.input_src)
    def quoted_report(self): return quotedHTML(self.report_src)

    MissingArgumentError='Bad Request'

    def _convert(self): self._arg=parse(self.arguments_src)

    def _argdata(self, REQUEST):


Change that last line to:


Then, in lib/python/Shared/DC/ZRDB/DA.py, in  __call__, look for this:

   query=apply(self.template, (p, argdata))

And change it to:

 query=apply(self.template, (p,), argdata)

That seemed to fix the problem for me. Brickbats to DC for releasing a
security update that breaks functionality this badly, but kudos to them
for releasing the code so we can patch around problems.


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to