Tim Hicks said: > Andreas Jung said: > >>> Module RestrictedPython.Guards, line 96, in handler >>> TypeError: object does not support item or slice assignment >>> >>> Does anyone have any idea what the problem is? > > Digging further... > > I made the TypeError a little more revealing on line 96 of > RestrictedPython/Guards.py so it now shows the 'secattr' (method) being > accessed, and its args:: > > def handler(self, *args): > try: > f = getattr(self.ob, secattr) > except AttributeError: > raise TypeError, '%s | %s | %s' % (error_msg, secattr, > str(args)) > > The value of 'secattr' is apparently '__guarded_setitem__' in my case. > So, it seems that the email.Message.Message class does not have a > __guarded_setitem__ on it. This is unsurprising. I assume that it is > supposed to get added during zope initialisation somewhere, right? Can > anybody point out where?
Well, I've fixed this with an awful hack. My security assertions now look like:: from AccessControl import allow_module, allow_class from AccessControl import ModuleSecurityInfo def _secure_mapping(klass): """XXX Awful hack!! """ klass.__guarded_getitem__ = klass.__getitem__ klass.__guarded_setitem__ = klass.__setitem__ klass.__guarded_delitem__ = klass.__delitem__ ModuleSecurityInfo('email.Message').declarePublic('Message') from email.Message import Message _secure_mapping(Message) allow_class(Message) That gets me to where I want (for now). I'd still love the 'correct' answer though. Tim _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )