Martin Dougiamas wrote:
Paul Everitt wrote:
Martin Dougiamas wrote:
The funny thing is that
<!--#var "myapp.myfunction"-->
correctly returns all the raw content of the DTML document, so it *can* find it OK.
Any ideas?
The quotes switch DTML into "expr" (expression) mode. Outside of expressions, DTML is limited to very safe operations. Getting attributes (the dot) is an operation that requires the security machinery to get involved, to make sure that you have permission.
Oh. I was logged in as manager .... so I didn't think security was a problem. Is there any other way to do this?
I think you misunderstood Paul just now; he didn't mean security was a problem, he just intended to give an explanation of why the foo.bar trick only works in quotes. The quotes are simply a short cut to 'expr="foo.bar"', i.e.: <!--#var "foo.bar"--> is the same as <!--#var expr="foo.bar"--> but <!--#var foo.bar--> doesn't work, as apparently this expression is too complicated to evaluate safely without the quotes. The quotes *are* necessary, though. Is this a big problem? Perhaps a Next Generation DTML could do away with the first 'quoteless' notation altogether, to avoid such confusion? Hm.. Regards, Martijn