Yeh, and now that ZSQLMethods don't work neither does GUF with MySQL - e.g., the following code fails: <dtml-in "sqlGetUserRoles(username=username)"> <dtml-call "REQUEST.set('ret', ret + ' ' + _['sequence-item'].rolename)"> </dtml-in> <dtml-return ret> With the error message: "You are not authorised to access 'rolename'" The method has a Proxy role with appropriate access to the MySQL method. It just doesn't seem able to access the results variable!? Regards, Chris "Graham Chiu" <anon_emouse@hotmail.com> wrote in message news:<Gl2o8NAvI$04EwL1@compkarori.com>...
In article <613145F79272D211914B0020AFF6401914DE7D@gandalf.digicool.com> , Brian Lloyd <Brian@digicool.com> writes
o It also came to our attention that the DTML code in ZSQLMethod objects was not subject to the same security constraints as the DTML code in DTMLMethods and DTML Documents.
Hmm. This update has broken all my zsqlmethods I've tested so far. I've reverting to 2.1.4.
Eg when testing from the management interface:
File D:\zope2\lib\python\Shared\DC\ZRDB\DA.py, line 459, in __call__ (Object: sqlShowComment) TypeError: too many arguments; expected 4, got 5
SQLSESSION has also died with this version release.
------- Regards, Graham Chiu gchiu<at>compkarori.co.nz http://www.compkarori.com/dynamo - The Homebuilt Dynamo http://www.compkarori.com/dbase - The dBase bulletin