Brian Lloyd writes:
If you or Hajime can send me a patch against the current 2.7 branch, I'll make sure they get in before the beta is cut (or if either of you are committers it is also fine to checkin yourselves to the Zope-2_7-branch and head and let me know when its done).
Here is a patch that solves the issue with "manage_page_charset" not beeing called if it is a method instead of a string-valued attribute: Index: lib/python/App/dtml/manage_page_header.dtml =================================================================== RCS file: /cvs-repository/Zope/lib/python/App/dtml/manage_page_header.dtml,v retrieving revision 1.12 diff -w -u -r1.12 manage_page_header.dtml --- lib/python/App/dtml/manage_page_header.dtml 22 Dec 2002 17:53:57 -0000 1.12 +++ lib/python/App/dtml/manage_page_header.dtml 15 Jan 2004 17:17:50 -0000 @@ -5,7 +5,7 @@ <dtml-call "REQUEST.set('management_page_charset','iso-8859-1')"> </dtml-unless> <meta http-equiv="content-type" content="text/html;charset=&dtml-management_page_charset;"> -<dtml-call "RESPONSE.setHeader('content-type','text/html;charset='+management_page_charset)"> +<dtml-call "RESPONSE.setHeader('content-type','text/html;charset='+_.render(management_page_charset))"> <title><dtml-if title>&dtml-title;</dtml-if></title> <dtml-let ag="REQUEST.get('HTTP_USER_AGENT', '')" is_nav4="ag[:9] == 'Mozilla/4' and _.string.find(ag, 'MSIE') < 0" I have not found any bad side effects after the patch, but I am not very experienced with the soemwhat arcane DTML hacks, so it would be nice if someone else does some testing with it. At least it fulfills the requirements that manage_page_charset is called if it is callable, and thus recovers Formulator. What I am not certain about is if this reopens some XSS-security holes the original change intended to close. However as long as one does not have an utterly broken "manage_page_charset" method I cannot see why this should happen. Oh, I see Martijn already responded to the posting, so its maybe superfluous anyway. Cheers, Clemens