On Wed, Mar 14, 2001 at 12:43:55PM -0000, Peter Bengtsson wrote:
A simple Script (Python) of mine: Id: randomtext_pys Title: Returns a random text <params>length=500</params> [code] import string import random text=''
pool = "qwertyuioplkjhgfdsazxcvbnm 1234567890 \n"
for i in range(int(length)): text='%s%s'%(text,pool[random.randint(0,(len(pool)-1))])
return text [/code]
When I test this script within the management interface of Python Scripts everything looks good and I can enter values of "length" like 100 to 10 000. However, when I call this script from a DTML Method like this: <dtml-var "randomtext_pys(1000)"> it throws an error at me. <dtml-var "randomgtext_pys(500)"> and <dtml-var "randomgtext_pys(999)"> works fine.
Error Type: ValueError Error Value: range() too large
(traceback below)
So according to the traceback the error you find this:
----------- lib/python/DocumentTemplate/DT_Util.py ------------ def careful_range(md, iFirst, *args): # limited range function from Martijn Pieters RANGELIMIT = 1000 if not len(args): iStart, iEnd, iStep = 0, iFirst, 1 elif len(args) == 1: iStart, iEnd, iStep = iFirst, args[0], 1 elif len(args) == 2: iStart, iEnd, iStep = iFirst, args[0], args[1] else: raise AttributeError, 'range() requires 1-3 int arguments' if iStep == 0: raise ValueError, 'zero step for range()' iLen = int((iEnd - iStart) / iStep) if iLen < 0: iLen = 0 if iLen >= RANGELIMIT: raise ValueError, 'range() too large' return range(iStart, iEnd, iStep) -------------------------------------------------------------------
WHY is that LIMIT there? I can mod my Python Script to accomodate for the value of 1000, but I am just curious of it.
I wrote that code originally for DTML, in the days before I worked for DC. You can tell by the variable names I used; I still had too much Microsoft influence on me... ;) Orginially, the safe Python environment created for DTML couldn't do any range at all. In a mailinglist discussion on why this was so, I wrote the above code and someone at DC (I believe it was Amos) incorporated it into Zope. The idea of DTML expressions and Python Script is that you can do powerful scripting of a Zope server through the web without opening up your server to security breaches and denial-of-service (DOS) attacks. Limiting the number of items resulting from a range() call is but one way of limiting the possibilies of DOS attacks. If you look through the file you found this sinippet in, you'll find more careful_* methods for other operations. If you are interested in the original thread; you'll find it here: http://lists.zope.org/pipermail/zope/1999-March/086690.html -- Martijn Pieters | Software Engineer mailto:mj@digicool.com | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ ---------------------------------------------