Christian Theune wrote:
Hi,
i have the strange feeling that somebody forgot to include the AccessControl.ZopeGuard.safe_builtins for DTML.
See DT_Utils.py around line 56 and the corresponding imports as well as the definition of safe_builtins in ZopeGuard.py.
Could someone verify this?
Could you suggest a fragment of DTML which would serve as a test case? Such a fragment would either: - fails if your suspicion is true, but shouldn't? - doesn't fail, but should. FWIW, we *did* actually do "functional" testing, including: - Creating and minimally exercising every item available through the default ZMI add list; - Creating and verifying that DTMLDocument, DTMLMethod, PythonScript, and PageTemplate objects could show dynamic content; - Bringing up CMF 1.3.3 and 1.4.2, as well both with old and new sites; - Bringing up a new Plone 1.0.5 site and adding content; - Bringing up several of our large customer-specific applications. This testing *did* find several "brown-bag" issues, before the release, which hadn't been caught be the unit tests. Tres. -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com