10 Feb
2004
10 Feb
'04
6:23 p.m.
An object with lines properties in Zope264rc2 returns a tuple, while in Zope261 it returns a list. I haven't found information about this, neither in the 264rc2's changes log nor within this list. Is it a bug or a new feature?
It is a bug fix / security fix. Storing properties in lists is bad because lists are mutable and cannot be protected directly using security assertions. Theoretically, an evil- intentioned scripter could change a property if it is stored as a list (though they'd have to find some way to force the persistent state of the parent object to be saved for the change to be saved). Brian Lloyd brian@zope.com V.P. Engineering 540.361.1716 Zope Corporation http://www.zope.com