Thanks for clarifying. I know it's not gone, and I've seen several threads debating that. Just wonder if someone could expand how enabling regexes can be unsafe for python scripts on Zope as Ben was suggesting. I feel regexes ARE an incredibly useful tool, and wish they were available for DTML and python scripts by default.
Actually, I don't think that it's as much that they're unsafe (although apparently you can create a regex that will infinitely recurse at least until you run out of stack space), but that the re module is a C module and returns types that are C-defined and can't be protected with normal security declarations. Nobody has bothered to wrap it this in something that is usable in through the web code. (It would be a nice Product for someone to write).
I feel doing it via an external method complicates things unnecessarily IMHO (I am a Zope newbie, so don't know the reasoning behind this, but if PHP, for example, allows its use and makes developers life easier, I don't see why Zope restricts it).
PHP has no notion of untrusted code. It isn't possible (as far as I know) to safely delegate the writing of PHP code "through the web", where you have assurances that the people writing the code can't bollix up your world too much. In Zope, it's not only possible, it's the default (although it of course can be changed). - C