Joshua Newman wrote:
Code for form: (in html without the end brackets)
(when you're posting in plain text, it's fine to put in real html ;-)
input name="prop" type="hidden" value="<dtml-var prop>" textarea name="propval" rows="15" cols="65" wrap="hard" /textarea
if ( context.index_html.hasProperty(REQUEST['prop']) ): context.index_html.manage_changeProperties({ REQUEST['prop'] : propval }) else: context.index_html.manage_addProperty(REQUEST['prop'], propval, 'text')
oh how many times I've wishes for an "addOrChangeProperties" method ;-)
What's interesting is that it works when a user is already authenticated and makes it to the edit form. It fails only when the form is arrived at by an anonymous user and has to authenticate in the middle of the form submission when the python script requires privileges in order to change properties.
Bingo :-) Of course that'll happen thinking about it. Cookie auth involved http redirects, which means different requests. the solution is to make your form only viewable by authenticated people :-)
I'm using Cookie crumbler (newest version). And I've tried making the individual pages secured but the same problem occurs. When the form is secured it disables the passed variables needed to use the form.
Then you need to make whatever passes those variable not anonymously viewable as well. Either that, or store stuff in the SESSION instead of the REQUEST, since that'll last through redirects. cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk