We are running Zope 2.6.x and I noticed yesterday that I could do the
acl_users = container.acl_users
user = acl_users.getUser('test_user')
This isn't a huge deal since it doesn't seem to change the permissions
available to the user. But many of our scripts rely on
AUTHENTICATED_USER.getUserName() to return the actual logged in user. Is
this addressed in later versions of Zope? Is there a better way to get
the current user's user name?
We allow untrusted developers on our Zope server and this may allow them
to exploit certain systems.
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -