shouldnt this prevent that?
def dictify(p):
"""
Since the FeedParser returns a dictionary-like class instance,
rather than
a real dictionary, We must iterate through all nested instances
and convert
them to dicts to avoid security problems within Zope. I have no
idea *why*
feedparser doesn't just use real nested dicts in the first place.
"""
newdict = {}
if type(p) in [types.DictionaryType, types.InstanceType]:
d = p # for clarity
for k,v in d.items():
newdict[k] = dictify(v)
elif type(p) == types.ListType:
l = p # for clarity
for ss,v in zip(xrange(len(l)), l):
l[ss] = dictify(v)
return l
else: return p
return newdict
On Jun 15, 2007, at 11:49 AM, Andreas Jung wrote:
--On 15. Juni 2007 11:45:49 -0400 Tom Von Lahndorff
<[EMAIL PROTECTED]> wrote:
<dtml-let news="newsfeed(feedurl='http://www.modscape.com/blog/
rss.xml')">
<dtml-var "news.feed.href">
</dtml-let>
gives:
Site Error
An error was encountered while publishing this resource.
Error Type: Unauthorized
Error Value: You are not allowed to access 'feed' in this context
Likely because the module has no security assertions. All your
stuff runs
under the conditions of Restricted Python. The standard Zope
security applies.
-aj
_______________________________________________
Zope maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
