[on the subject of dtml picking the wrong context to look in first]
I dont see a way to test this constraint, and it has proven impossible to avoid the problems using design rules. I recently checked some of our recent products using strategically placed debugging __getattr__ hooks - with initially horrifying results.
Try applying this patch, which highlights every instance where it may be possible to subvert the behaviour of a Zope application by adding a carefully named property or subobject to the root folder. A few minutes browsing through the management interface picked up over 200 incidents, listed at http://www.zope.org/Members/htrd/names Many of these may be innocuous (and most are variations on a theme), however I am sure that many are undiscovered bugs. *** Application.py 2000/07/21 09:45:37 1.1.1.3 --- Application.py 2000/09/26 14:36:04 *************** *** 194,201 **** --- 194,207 ---- def title_and_id(self): return self.title def title_or_id(self): return self.title + def __getattr__(self,id,reg={}): + if not reg.has_key(id): + print `id` + reg[id]=id + raise AttributeError(id) + def __init__(self): # Initialize users uf=UserFolder() self.__allow_groups__=uf Toby Dickenson tdickenson@geminidataloggers.com