> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian
> Lloyd
> Sent: Thursday, June 15, 2000 5:26 PM
> Subject: [Zope] Zope security alert and 2.1.7 update [*important*]

> A Zope 2.1.7 release has been made that resolves this issue for
> Zope 2.1.x users. This release is available from Zope.org:
>   http://www.zope.org/Products/Zope/2.1.7/

I assume based on the change log that this is the only fix in 2.1.7,

I fought for a full day to get my ZSQLMethods working in 2.1.6, but
apparently the argument aquisition or something like that is still so broken
that I had to jump back to 2.1.4.  I applied the various unofficial "fixes"
from the list archives (not all at the same time, of course) and none of
them did the trick.  I know others beat themselves up over this too.

The problem I'm talking about is the one where the arguments to the sql
method seem to be ignored.  That is, if I have an argument 'order', and I
have a DTML method (or any other "item") named 'order' in the same folder,
<dtml-var order> in the sql method refers to the DTML method, not the
argument.  This breaks dozens of sql methods I have.

With all of these security issues popping up, I don't like not being able to
upgrade.  Does anyone have a real fix for the ZSQLMethod problems in 2.1.6
that could be officially applied to the 2.1 series, or should I start using
the 2.2 betas?


Ron Bickers
Logic Etc, Inc.

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to