Custom unauthorized message
Is there a simple way to define a custom "Unauthorized" message, like a "Standard Unauthorized Message" dtml method? If not, why not? Jean-François Ménard Intranet DPAS Pratiques d'affaires et orientations * (514) 840-3000 poste 3939 * (514) 840-5585 * menard.jean-francois@hydro.qc.ca * 855 Ste-Catherine est, 6e étage Montréal, Qué. H2L 4P5
Yes, make your method "standard_unauthorized_message".... and then call it from "standard_error_message" when an Unauthorized error occurs: <dtml-if "_.str(error_type)=='Unauthorized'"> <dtml-var standard_unauthorized_message> </dtml-if> Cheers. -- Andy McKay. ----- Original Message ----- From: <Menard.Jean-Francois@hydro.qc.ca> To: <zope@zope.org> Sent: Tuesday, April 17, 2001 10:25 AM Subject: [Zope] Custom unauthorized message Is there a simple way to define a custom "Unauthorized" message, like a "Standard Unauthorized Message" dtml method? If not, why not? Jean-François Ménard Intranet DPAS Pratiques d'affaires et orientations * (514) 840-3000 poste 3939 * (514) 840-5585 * menard.jean-francois@hydro.qc.ca * 855 Ste-Catherine est, 6e étage Montréal, Qué. H2L 4P5
2.3 perhaps, I was expecting to go the same old route of hacking the source but then I found all error message now go to standard_error_message. If there is an error rendering that then off it goes to the source. http://www.activestate.com/ASPN/Perl/Books/advperl/appa_01.html for example :) Cheers. -- Andy McKay. ----- Original Message ----- From: "Chris Withers" <chrisw@nipltd.com> To: "Andy McKay" <andym@activestate.com>; <Menard.Jean-Francois@hydro.qc.ca>; <zope@zope.org> Sent: Tuesday, April 17, 2001 11:43 AM Subject: Re: [Zope] Custom unauthorized message
<dtml-if "_.str(error_type)=='Unauthorized'"> <dtml-var standard_unauthorized_message> </dtml-if>
When did that start working?!
cheers,
Chris
Andy McKay wrote: (re. "when did that start working?")
2.3 perhaps, I was expecting to go the same old route of hacking the source but then I found all error message now go to standard_error_message. If there is an error rendering that then off it goes to the source.
Works for me with 2.2.2. One question - how did you get the traceback error to be an html comment? I've been wanting to "hide" that... -- ................... paul winkler .................... custom calendars & printing: http://www.calendargalaxy.com A member of ARMS: http://www.reacharms.com home page: http://www.slinkp.com
Isn't the traceback a html comment by default? Dont think I changed that. -- Andy McKay. ----- Original Message ----- From: "Paul Winkler" <slinkp23@yahoo.com> To: <zope@zope.org> Sent: Tuesday, April 17, 2001 12:00 PM Subject: Re: [Zope] Custom unauthorized message
Andy McKay wrote: (re. "when did that start working?")
2.3 perhaps, I was expecting to go the same old route of hacking the
source
but then I found all error message now go to standard_error_message. If there is an error rendering that then off it goes to the source.
Works for me with 2.2.2. One question - how did you get the traceback error to be an html comment? I've been wanting to "hide" that...
-- ................... paul winkler .................... custom calendars & printing: http://www.calendargalaxy.com A member of ARMS: http://www.reacharms.com home page: http://www.slinkp.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Andy McKay wrote:
Isn't the traceback a html comment by default? Dont think I changed that.
Not in 2.2.2. Maybe I should finally upgrade. -- ................... paul winkler .................... custom calendars & printing: http://www.calendargalaxy.com A member of ARMS: http://www.reacharms.com home page: http://www.slinkp.com
Doesn't commenting of traceback depend on debug settings? -- Loren
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Paul Winkler Sent: Tuesday, April 17, 2001 12:23 To: Andy McKay Cc: zope@zope.org Subject: Re: [Zope] Custom unauthorized message
Andy McKay wrote:
Isn't the traceback a html comment by default? Dont think I
changed that.
Not in 2.2.2. Maybe I should finally upgrade.
On Tue, Apr 17, 2001 at 12:15:44PM -0700, Andy McKay wrote:
Isn't the traceback a html comment by default? Dont think I changed that.
Lord, no. My client is always pointing out the little tiny bugs to me. "Uh, Zac, got another 'Zope Error'..." Not quiet, not commented, not in the least. Well, at least it keeps me on my toes. :) Zac -- $name="zachery bir"; $email="zbir@urbanape.com"; $position="systems administrator"; $altposition="witch doctor"; $voice="804.644.6230"; $web="http://www.urbanape.com";
Isn't the traceback a html comment by default? Dont think I changed that.
Only if you're running in production mode... <rant type="boring" age="old" frequency="often"> In either case, it's incorrect HTML and a security risk. The traceback should only be displayed if you choose to display it in your standard_error_message with something like: <dtml-var error_tb> ...not just tacked on the end of the generated page, after the </HTML>! </rant> *grinz* Chris
Isn't the traceback a html comment by default? Dont think I changed that.
Only if you're running in production mode...
<rant type="boring" age="old" frequency="often"> In either case, it's incorrect HTML and a security risk.
<reply type="standard" age="old" frequency="often"> You could supply the patch to do that... </reply> ;P -- Andy McKay.
* Andy McKay (andym@ActiveState.com) [010417 17:43]:
Isn't the traceback a html comment by default? Dont think I changed that.
Only if you're running in production mode...
<rant type="boring" age="old" frequency="often"> In either case, it's incorrect HTML and a security risk.
<reply type="standard" age="old" frequency="often"> You could supply the patch to do that... </reply>
<patch type="boring" age="new" frequency="once"> --- /tmp/ZPublisher.orig/HTTPResponse.py Mon Feb 12 12:53:20 2001 +++ HTTPResponse.py Wed Apr 18 10:29:36 2001 @@ -471,9 +471,11 @@ tb=self.format_exception(t,v,tb,200) tb=join(tb,'\n') tb=self.quoteHTML(tb) - if self.debug_mode: _tbopen, _tbclose = '<PRE>', '</PRE>' - else: _tbopen, _tbclose = '<!--', '-->' - return "\n%s\n%s\n%s" % (_tbopen, tb, _tbclose) + if self.debug_mode: + _tbopen, _tbclose = '<PRE>', '</PRE>' + return "\n%s\n%s\n%s" % (_tbopen, tb, _tbclose) + else: + return "\n" def redirect(self, location, status=302, lock=0): """Cause a redirection without raising an error""" </patch> Ciao! -- "Generally you don't see that kind of behavior in major appliances." --Dr. Peter Venkmann (Ghostbusters)" The Doctor What: A Holtje Production http://docwhat.gerf.org/ docwhat@gerf.org KF6VNC
The Doctor What wrote:
--- /tmp/ZPublisher.orig/HTTPResponse.py Mon Feb 12 12:53:20 2001 +++ HTTPResponse.py Wed Apr 18 10:29:36 2001 @@ -471,9 +471,11 @@ tb=self.format_exception(t,v,tb,200) tb=join(tb,'\n') tb=self.quoteHTML(tb) - if self.debug_mode: _tbopen, _tbclose = '<PRE>', '</PRE>' - else: _tbopen, _tbclose = '<!--', '-->' - return "\n%s\n%s\n%s" % (_tbopen, tb, _tbclose) + if self.debug_mode: + _tbopen, _tbclose = '<PRE>', '</PRE>' + return "\n%s\n%s\n%s" % (_tbopen, tb, _tbclose) + else: + return "\n"
Cool, I've stuck this in the collector. Let's pray this one doesn't get ignored as well (I'd really like to see someone argue why its a bad idea!) cheers, Chris
* Chris Withers (chrisw@nipltd.com) [010419 03:52]:
The Doctor What wrote:
--- /tmp/ZPublisher.orig/HTTPResponse.py Mon Feb 12 12:53:20 2001 +++ HTTPResponse.py Wed Apr 18 10:29:36 2001 @@ -471,9 +471,11 @@ tb=self.format_exception(t,v,tb,200) tb=join(tb,'\n') tb=self.quoteHTML(tb) - if self.debug_mode: _tbopen, _tbclose = '<PRE>', '</PRE>' - else: _tbopen, _tbclose = '<!--', '-->' - return "\n%s\n%s\n%s" % (_tbopen, tb, _tbclose) + if self.debug_mode: + _tbopen, _tbclose = '<PRE>', '</PRE>' + return "\n%s\n%s\n%s" % (_tbopen, tb, _tbclose) + else: + return "\n"
Cool, I've stuck this in the collector. Let's pray this one doesn't get ignored as well (I'd really like to see someone argue why its a bad idea!)
Unfortunately, I have a reason: It kills the traceback for hardcoded error pages. :-( This would be great if you have *no* hardcoded pages except in the case of a catastrophic failure (ie, the error page produces an error. Ciao! -- You have been infected by the Unix variant of the "love bug" virus. Please delet a bunch of files and forward this message to everyone you know. The Doctor What: "What, Doctor What" http://docwhat.gerf.org/ docwhat@gerf.org KF6VNC
The Doctor What wrote:
Unfortunately, I have a reason: It kills the traceback for hardcoded error pages. :-( This would be great if you have *no* hardcoded pages except in the case of a catastrophic failure (ie, the error page produces an error.
Well, you answer your own point. There should be no hardcoded error messages. The only one I knew of was for authentication errors. Andy McKay has found a way around that but no-one else seems to be able to get it to work :-S cheers, Chris
You have been infected by the Unix variant of the "love bug" virus. Please delet a bunch of files and forward this message to everyone you know.
Please virus check your mails too, this one arrived with a lethal embedded virus ;-)
All right time to come clean, sorry this was such a big project I cant remember how some things got done. a) im not using the standard zope security model to raise errors, the few places that do this are done in python or even dtml b) what I did is raise a different error, "NotAllowed" which standard_error_message does parse... Sorry. -- Andy McKay. ----- Original Message ----- From: "Chris Withers" <chrisw@nipltd.com> To: "The Doctor What" <docwhat@gerf.org> Cc: <zope@zope.org> Sent: Thursday, April 19, 2001 8:06 AM Subject: Re: [Zope] Custom unauthorized message
The Doctor What wrote:
Unfortunately, I have a reason: It kills the traceback for hardcoded error pages. :-( This would be great if you have *no* hardcoded pages except in the case of a catastrophic failure (ie, the error page produces an error.
Well, you answer your own point. There should be no hardcoded error messages.
The only one I knew of was for authentication errors. Andy McKay has found a way around that but no-one else seems to be able to get it to work :-S
cheers,
Chris
You have been infected by the Unix variant of the "love bug" virus. Please delet a bunch of files and forward this message to everyone you know.
Please virus check your mails too, this one arrived with a lethal embedded virus ;-)
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Andy McKay wrote:
a) im not using the standard zope security model to raise errors, the few places that do this are done in python or even dtml
What security model are you using then?
b) what I did is raise a different error, "NotAllowed" which standard_error_message does parse...
Waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagh! :-( Chris
Paul Winkler wrote:
Andy McKay wrote: (re. "when did that start working?")
2.3 perhaps, I was expecting to go the same old route of hacking the source but then I found all error message now go to standard_error_message. If there is an error rendering that then off it goes to the source.
Works for me with 2.2.2. One question - how did you get the traceback error to be an html comment? I've been wanting to "hide" that...
Turn off the debug option (-D) on the start script -- | Casey Duncan | Kaivo, Inc. | cduncan@kaivo.com `------------------>
participants (8)
-
Andy McKay -
Casey Duncan -
Chris Withers -
Loren Stafford -
Menard.Jean-Francois@hydro.qc.ca -
Paul Winkler -
The Doctor What -
Zachery Bir