On Thu, 8 Nov 2001, Andrew Kenneth Milton wrote:
+-------[ Joachim Schmitz ]---------------------- | | > | Yes ! | > | > is index_html calling something that is *inside* the locked folder? | | that's the idea of this setup, you have only one index_html in the root-folder | which looks like this: | | <dtml-var header> | <dtml-var content> | <dtml-var footer> | | so you just setup a new folder with a content method in it.
You also have to be careful it doesn't just acquire one from above that it does have permissions for...
try this;
------------------------------------------------------------------------
<dtml-var header> <dtml-try> <dtml-var content> <dtml-except Unauthorized> <dtml-call "RESPONSE.redirect('acl_users/docLogin?destination='+URL)"> </dtml-try> <dtml-var footer>
------------------------------------------------------------------------
This mess will change when the traversal security is fixed to stop when it reaches somewhere you don't have permissions to.
thanks, that was the workaround similar to the one, I already found, didn't you see my mail on the list ? Mit freundlichen Grüßen Joachim Schmitz AixtraWare, Ing. Büro für Internetanwendungen Hüsgenstr. 33a, D-52457 Aldenhoven Telefon: +49-2464-8851, FAX: +49-2464-905163