Here's a snippet of the rendered RSS feed: {'feed': {'subtitle': u'', 'links': [{'href': u'http:// www.modscape.com/blog', 'type': 'text/html', 'rel': 'alternate'}], 'title': u'modscape.com Home', 'subtitle_detail': {'base': 'http:// www.modscape.com/blog/rss.xml', 'type': 'text/html', 'value': u'', 'language': None}, 'title_detail': {'base': 'http://www.modscape.com/ blog/rss.xml', 'type': 'text/plain', 'value': u'modscape.com Home', 'language': None}, 'link': u'http://www.modscape.com/blog'}, 'status': 200, 'updated': (2007, 6, 15, 16, 48, 28, 4, 166, 0), 'version': 'rss20', 'encoding': 'iso-8859-15', 'bozo': 0, 'headers': {'content-length': '18486', 'via': '1.0 px04.bc.fw.cbs.net:80 (squid)', 'x-cache': 'MISS from px04.bc.fw.cbs.net', 'x-powered-by': 'Zope (www.zope.org), Python (www.python.org)', 'x-cache-lookup': 'HIT from px04.bc.fw.cbs.net:80', 'expires': 'Fri, 15 Jun 2007 17:48:28 GMT', 'server': 'Apache/2.0.52 (Red Hat) DAV/2 SVN/1.2.3 mod_ssl/2.0.52 OpenSSL/0.9.7a PHP/5.1.2 mod_fastcgi/2.4.2', 'last- modified': 'Fri, 15 Jun 2007 16:48:28 GMT', 'connection': 'close', 'cache-control': 'max-age=3600', 'date': 'Fri, 15 Jun 2007 16:48:28 GMT', 'content-type': 'text/xml; charset=iso-8859-15'}, 'etag': None, 'href': 'http://www.modscape.com/blog/rss.xml', 'namespaces': {}, 'entries': [{'updated': u'Mon, Sep 04 2006, 06:23PM', 'updated_parsed': None, 'links': [{'href': u'http://www.modscape.com/ blog/index_html?showall=yes#id1157412223', 'type': 'text/html', 'rel': 'alternate'}], 'title': u'Ubuntu: Linux For Human Beings', 'summary_detail': {'base': 'http://www.modscape.com/blog/rss.xml', 'type': 'text/html', 'value': u'<img src="http://www.modscape.com/ blog/1157412223/ubuntu.jpg" width="150" alt="ubuntu.jpg" align="right" hspace="10" />\n\nTom wrote:<br /><br />\n\n<a href="http://www.ubuntu.com/">Ubuntu</a> is an easy On Jun 15, 2007, at 12:17 PM, Andreas Jung wrote:
No idea what this method should tell use?! Your code uses "news.feed.href"...nothing's like that can be found here in the code. We can not guess what this snippet is doing and where and why.
-aj
--On 15. Juni 2007 12:02:48 -0400 Tom Von Lahndorff <tom@modscape.com> wrote:
shouldnt this prevent that?
def dictify(p): """ Since the FeedParser returns a dictionary-like class instance, rather than a real dictionary, We must iterate through all nested instances and convert them to dicts to avoid security problems within Zope. I have no idea *why* feedparser doesn't just use real nested dicts in the first place. """ newdict = {} if type(p) in [types.DictionaryType, types.InstanceType]: d = p # for clarity for k,v in d.items(): newdict[k] = dictify(v) elif type(p) == types.ListType: l = p # for clarity for ss,v in zip(xrange(len(l)), l): l[ss] = dictify(v) return l else: return p return newdict
On Jun 15, 2007, at 11:49 AM, Andreas Jung wrote:
--On 15. Juni 2007 11:45:49 -0400 Tom Von Lahndorff <tom@modscape.com> wrote:
<dtml-let news="newsfeed(feedurl='http://www.modscape.com/blog/ rss.xml')">
<dtml-var "news.feed.href">
</dtml-let>
gives:
Site Error
An error was encountered while publishing this resource.
Error Type: Unauthorized Error Value: You are not allowed to access 'feed' in this context
Likely because the module has no security assertions. All your stuff runs under the conditions of Restricted Python. The standard Zope security applies.
-aj
-- ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: info@zopyx.com - Phone +49 - 7071 - 793376 Registergericht: Amtsgericht Stuttgart, Handelsregister A 381535 Geschäftsführer/Gesellschafter: ZOPYX Limited, Birmingham, UK ---------------------------------------------------------------------- -- E-Publishing, Python, Zope & Plone development, Consulting