The latest CVS version is giving autorization demands (and failures) with this DTMLmethod. This kind of construct used to work fine.
<dtml-var standard_html_header> <h2><dtml-var title_or_id> <dtml-var document_title></h2> <p> <dtml-with "_.namespace(SUB=[1,2])"> <dtml-if "_.len(SUB)>0">non-empty<dtml-else>empty</dtml-if> </dtml-with> </p> <dtml-var standard_html_footer>
Perhaps newly created names in the _ namespace do not get understood by the new security guts.
Hi guys - I _just_ checked in a fix for this. A piece of the namespace machinery was not updated in the required way to play nice with the new infrastructure. I've included the reply I made to the bug report: Thanks for the report - I've tracked this down to a bit of the DTML rendering machinery that didn't get updated to play nice with the new security infrastructure. Any DTML that tried to use subobjects of an object associated with a name via a namespace would fail validation. The manage_tabs happened to do this. I've fixed this for 2.2. In the meantime, if you want to patch your current installation, you can make a one-line change to DocumentTemplate/DT_Util.py. At line 254, change: class namespace_: pass to: class namespace_: __allow_access_to_unprotected_subobjects__=1 Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com