Security Problems upgrading to Zope 2.2.0
Hello zope-users, I upgraded my Zope application from version 2.1.3 to 2.2.0 . Now I have problems with the new security system. e.g. 'test.py' in Extensions directory: class test: def __init__(self): pass def sayhello(self): return "hello" def initialize(self): return test() Now I created an external method that is named 'test', it's function name is 'initialize' and the module's name is 'test'. The code <dtml-with "test()"> <dtml-var "sayhello()"> </dtml-with> produces an 'Unauthorized: sayhello' after I canceled the requester. Of course this is only a test function, because my real functions didn't work, too. All checkboxes of the external method 'test' are checked. So all users should have the rights to access this method. Right ? What's wrong with this code ? bye. Stefan Bambach
On Mon, 21 Aug 2000, Stefan Bambach wrote:
class test: def __init__(self): pass def sayhello(self): return "hello"
def initialize(self): return test()
What's wrong with this code ?
Try to add this attribute to your class 'test': __allow_access_to_unprotected_subobjects__ = 1 ololo@zeus.polsl.gliwice.pl /--------------------------------------\ | `long long long' is too long for GCC | \--------------------------------------/
participants (2)
-
Aleksander Salwa -
Stefan Bambach