The values are validated and are simple strings. For our testing purpose
they are things like 'aaa'. Also, if that were the problem, eval would
have thrown a different error since it most likely evaluates the
parameters before trying to bind the call. In our testing we have
replaced the catenation with a static string but still get the error.
On Fri, 27 Jul 2007, Jonathan wrote:
> ----- Original Message -----
> From: "Dennis Allison" <[EMAIL PROTECTED]>
> To: <email@example.com>
> Sent: Friday, July 27, 2007 1:18 PM
> Subject: [Zope] acquisition failure puuzzle or maybe something else
> > I have a dtml method is a folder C and a folder setup
> > /
> > A
> > B
> > C
> > scripts
> > In the dtml method, there is a call to a script passing in a composed
> > string made up of variables passed in through request inside of a
> > dtml-let,
> > <dtml-let someval="scripts.cleanfilename(cgivar1+'_'+cgivar2)"
> > >
> > --- methods that use someval ---
> > </dtml-let>
> > a pattern we have used in many places without a problem.
> > In this particular case, Zope throws an error
> > File "<string>", line 1, in <expression>
> > AttributeError: cleanfilename
> > The failing line is (literally)
> > <dtml-let sname="scripts.cleanfilename(user_lastname+'_'+user_firstname)"
> What are the values of cgivar1 and cgivar2 when the error is thrown? (ie.
> does the cgivar1+'_'+cgivar2 code evaluate to an illegal string - possible
> if someone enters a name with a character that will kill your code, such as
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -