All, After upgrading to 2.1.6, I get the following traceback: Traceback (innermost last): File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line 214, in publish_module File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line 179, in publish File /usr/local/src/Zope-2.1.6/lib/python/Zope/__init__.py, line 202, in zpublisher_exception_hook (Object: ElementWithAttributes) File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line 165, in publish File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: url_referer) File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line 102, in call_object (Object: url_referer) File /usr/local/src/Zope-2.1.6/lib/python/OFS/DTMLMethod.py, line 150, in __call__ (Object: url_referer) File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_String.py, line 502, in __call__ (Object: url_referer) File /usr/local/src/Zope-2.1.6/lib/python/Shared/DC/ZRDB/DA.py, line 424, in __call__ (Object: Update_url_count) File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_String.py, line 502, in __call__ (Object: <string>) File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_In.py, line 691, in renderwob (Object: Query_options) File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_Util.py, line 335, in eval (Object: REQUEST.cookies.has_key(cookie_name)) (Info: REQUEST) File <string>, line 0, in ? NameError: (see above) This is on a SQL method, Update_url_count, that has worked fine until now: <dtml-in Query_options> update url set <dtml-if "REQUEST.cookies.has_key(cookie_name)"> <dtml-if "REQUEST.cookies[cookie_name]==cookie_value"> count = count + 1, last_dstamp = now() <dtml-else> other_count = other_count + 1, other_dstamp = now() </dtml-if> <dtml-else> other_count = other_count + 1, other_dstamp = now() </dtml-if> where <dtml-sqltest url_id column=id type=int> </dtml-in> This was quick-and-dirty coding at the time, but it worked. What's changed? Cheers, Jim
I believe this is the reason that 2.1.5 was released, namely to restrict the namepace in SQL methods because of security considerations. from the release info: o It also came to our attention that the DTML code in ZSQLMethod objects was not subject to the same security constraints as the DTML code in DTMLMethods and DTML Documents. Currently, in SQL methods you need to explicitly name your arguments to the sql method, they will be aquired from the namepsace first and then mapped over from REQUEST. The quick fix is to add the REQUEST to the arguements for your SQL method Kapil www.sin.wm.edu Jim Cain wrote:
After upgrading to 2.1.6, I get the following traceback:
Traceback (innermost last): File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line 214, in publish_module File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line 179, in publish File /usr/local/src/Zope-2.1.6/lib/python/Zope/__init__.py, line 202, in zpublisher_exception_hook (Object: ElementWithAttributes) File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line 165, in publish File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: url_referer) File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line 102, in call_object (Object: url_referer) File /usr/local/src/Zope-2.1.6/lib/python/OFS/DTMLMethod.py, line 150, in __call__ (Object: url_referer) File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_String.py, line 502, in __call__ (Object: url_referer) File /usr/local/src/Zope-2.1.6/lib/python/Shared/DC/ZRDB/DA.py, line 424, in __call__ (Object: Update_url_count) File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_String.py, line 502, in __call__ (Object: <string>) File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_In.py, line 691, in renderwob (Object: Query_options) File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_Util.py, line 335, in eval (Object: REQUEST.cookies.has_key(cookie_name)) (Info: REQUEST) File <string>, line 0, in ? NameError: (see above)
This is on a SQL method, Update_url_count, that has worked fine until now:
<dtml-in Query_options> update url set <dtml-if "REQUEST.cookies.has_key(cookie_name)"> <dtml-if "REQUEST.cookies[cookie_name]==cookie_value"> count = count + 1, last_dstamp = now() <dtml-else> other_count = other_count + 1, other_dstamp = now() </dtml-if> <dtml-else> other_count = other_count + 1, other_dstamp = now() </dtml-if> where <dtml-sqltest url_id column=id type=int> </dtml-in>
This was quick-and-dirty coding at the time, but it worked. What's changed?
participants (2)
-
Jim Cain -
Kapil Thangavelu