> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian
> Sent: Thursday, June 15, 2000 5:26 PM
> To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
> Subject: [Zope] Zope security alert and 2.1.7 update [*important*]
> A Zope 2.1.7 release has been made that resolves this issue for
> Zope 2.1.x users. This release is available from Zope.org:
I assume based on the change log that this is the only fix in 2.1.7,
I fought for a full day to get my ZSQLMethods working in 2.1.6, but
apparently the argument aquisition or something like that is still so broken
that I had to jump back to 2.1.4. I applied the various unofficial "fixes"
from the list archives (not all at the same time, of course) and none of
them did the trick. I know others beat themselves up over this too.
The problem I'm talking about is the one where the arguments to the sql
method seem to be ignored. That is, if I have an argument 'order', and I
have a DTML method (or any other "item") named 'order' in the same folder,
<dtml-var order> in the sql method refers to the DTML method, not the
argument. This breaks dozens of sql methods I have.
With all of these security issues popping up, I don't like not being able to
upgrade. Does anyone have a real fix for the ZSQLMethod problems in 2.1.6
that could be officially applied to the 2.1 series, or should I start using
the 2.2 betas?
Logic Etc, Inc.
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -