On Tuesday, January 13, 2004, at 11:21 PM, Travis Miller wrote:
hi Dirk,
i just (configure/make/make install)ed Zope-2.7.0-b4 and i immediately ran into the .min/.max/... security changes when i tried to rename an object through the ZMI.
I got around the min/max by adding them to the list on RestrictedPython/Guards.py. But b4 seemed to make any script trying to pass a zero-value parameter raise unauthorized exceptions. Code like ob.edit( is_exemplar=0 ) non longer worked. Traceback from another attempt attached below, when "notify_instantly" was set to 0. (Passing an integer 1 *would* work.) Roger Traceback (most recent call last): File "/usr/local/zope/App/lib/python/ZPublisher/Publish.py", line 100, in publ ish request, bind=1) File "/usr/local/zope/App/lib/python/ZPublisher/mapply.py", line 88, in mapply if debug is not None: return debug(object,args,context) File "/usr/local/zope/App/lib/python/ZPublisher/Publish.py", line 40, in call_ object result=apply(object,args) # Type s<cr> to step into published object. File "/usr/local/zope/App/lib/python/Products/CMFCore/FSPythonScript.py", line 92, in __call__ return Script.__call__(self, *args, **kw) File "/usr/local/zope/App/lib/python/Shared/DC/Scripts/Bindings.py", line 261, in __call__ return self._bindAndExec(args, kw, None) File "/usr/local/zope/App/lib/python/Shared/DC/Scripts/Bindings.py", line 292, in _bindAndExec return self._exec(bound_data, args, kw) File "/usr/local/zope/App/lib/python/Products/CMFCore/FSPythonScript.py", line 126, in _exec result = apply(f, args, kw) File "Script (Python)", line 55, in post_feedback File "/usr/local/zope/App/lib/python/AccessControl/ZopeGuards.py", line 349, i n guarded_apply return builtin_guarded_apply(func, args, kws) File "/usr/local/zope/App/lib/python/AccessControl/ZopeGuards.py", line 371, i n builtin_guarded_apply return func(*arglist, **argdict) File "/usr/local/zope/App/lib/python/Products/CMFCore/PortalFolder.py", line 3 62, in invokeFactory , kw File "/usr/local/zope/App/lib/python/Products/CMFCore/TypesTool.py", line 824, in constructContent ob = apply(info.constructInstance, (container, id) + args, kw) File "/usr/local/zope/App/lib/python/Products/CMFCore/TypesTool.py", line 513, in constructInstance id = apply( m, args, kw ) or id # allow factory to munge ID File "/usr/local/zope/M2K3/Products/Mousetrap/FeedbackPost.py", line 84, in ad dFeedbackPost o.setupFeedbackType(defaults=kw) File "/usr/local/zope/M2K3/Products/Mousetrap/FeedbackPost.py", line 124, in s etupFeedbackType method(defaults=defaults) File "/usr/local/zope/App/lib/python/Products/CMFCore/FSPythonScript.py", line 92, in __call__ return Script.__call__(self, *args, **kw) File "/usr/local/zope/App/lib/python/Shared/DC/Scripts/Bindings.py", line 261, in __call__ return self._bindAndExec(args, kw, None) File "/usr/local/zope/App/lib/python/Shared/DC/Scripts/Bindings.py", line 292, in _bindAndExec return self._exec(bound_data, args, kw) File "/usr/local/zope/App/lib/python/Products/CMFCore/FSPythonScript.py", line 126, in _exec result = apply(f, args, kw) File "Script (Python)", line 5, in apply_CommentSchema File "/usr/local/zope/App/lib/python/AccessControl/ZopeGuards.py", line 349, i n guarded_apply return builtin_guarded_apply(func, args, kws) File "/usr/local/zope/App/lib/python/AccessControl/ZopeGuards.py", line 369, i n builtin_guarded_apply guard(kws, v, k) File "/usr/local/zope/App/lib/python/AccessControl/ZopeGuards.py", line 219, i n guard if getSecurityManager().validate(container, container, index, value): File "/usr/local/zope/App/lib/python/AccessControl/ImplPython.py", line 263, i n validate raise Unauthorized(name, value) Unauthorized: You are not allowed to access 'notify_instantly' in this context