At 02:03 29-8-99 , Mike Winter wrote:
Hi, just a quick question: how do you get Zope to display DTML without evaluating it?
There are two methods, one of which is (to me) a very serious security breach: document_src (for which you need the View management screens permission), and PrincipiaSearchSource, for which you do not need any permissions at all. At any Zope2 site, I can add /PrincipiaSearchSource to the URL and see the source of that DTML Method/Document. I just discovered this, and will report it to the Collector. -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | T: +31 35 7502100 F: +31 35 7502111 | mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ---------------------------------------------