I recently asked how to read in and render the contents of an external file, which doesn't work anymore using Zope 2.2.2 an LocalFS' xxx.read(), and You responded that

...

The quickest solution for you would be an external method that gets the file, performs the "read" and returns the result.

Now I use in an external method fsreadin a .py-module with

import sys def readinfile (self, html): """Ralf Herolds way to read in local file objects.""" file = open(html, "r") filecontent = file.read() file.close() return filecontent

which is referenced in a DTML method by <dtml-var "fsreadin('/tmp/var/thewantedtext.html')">.

It works, but I almost cannot believe that this is that simple - am I missing something, is security a concern?

It *is* that simple. The only problem is security. That way, you can read *any* file that has read permission for the user, the zope process is running on, e.g. everybody could use something like http://your.host/fsreadin?html='/etc/passwd' to view your password file. If you want to read files only from one directory, you could use: import sys, os, string def readinfile (self, file): """Ralf Herolds way to read in local file objects.""" file=file[max(string.rfind(id,'/'),string.rfind(id,'\\'),string.rfind(id,':' ))+1:] path=os.path.join('/tmp','var',file) file = open(path, "r") filecontent = file.read() file.close() return filecontent This would ensure, that only files from /tmp/var can be read. Cheers, Gregor!