shouldnt this prevent that?

def dictify(p):
Since the FeedParser returns a dictionary-like class instance, rather than a real dictionary, We must iterate through all nested instances and convert them to dicts to avoid security problems within Zope. I have no idea *why*
    feedparser doesn't just use real nested dicts in the first place.
    newdict = {}
    if type(p) in [types.DictionaryType, types.InstanceType]:
        d = p # for clarity
        for k,v in d.items():
            newdict[k] = dictify(v)
    elif type(p) == types.ListType:
        l = p # for clarity
        for ss,v in zip(xrange(len(l)), l):
            l[ss] = dictify(v)
        return l
    else: return p
    return newdict

On Jun 15, 2007, at 11:49 AM, Andreas Jung wrote:

--On 15. Juni 2007 11:45:49 -0400 Tom Von Lahndorff <[EMAIL PROTECTED]> wrote:

<dtml-let news="newsfeed(feedurl=' rss.xml')">

<dtml-var "news.feed.href">



Site Error

An error was encountered while publishing this resource.

Error Type: Unauthorized
Error Value: You are not allowed to access 'feed' in this context

Likely because the module has no security assertions. All your stuff runs under the conditions of Restricted Python. The standard Zope security applies.


Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to