Announce: Squishdot 0.7.0 now available!
Squishdot 0.7.0 is now available from http://www.zope.org/Members/chrisw/Squishdot/ http://www.squishdot.org/Download/Squishdot The following changes were made: - Changes to the Demo Sites and Squishdot core to make them Zope 2.2 compatible. - Updated Cataloging to use the Traversal Interface. This means 0.7.0 will not work with versions of Zope earlier than 2.2.0! - Added in some html_quoting. The Demo Sites could do with a lot more. - Some small changes to the management screens. I'm not 100% happy about how the 2.2 support was achieved, so expect a 0.7.1 release in the near future. If you run into problems, remember Squishdot has a mailing list at eGroups and a bug collector on SourceForge. cheers, Chris
On Tue, 29 Aug 2000, Chris Withers wrote:
I'm not 100% happy about how the 2.2 support was achieved, so expect a 0.7.1 release in the near future.
Is this the __allow_access_to_unprotected_subobjects__=1 within the Posting class you're referring to? How big of an issue is it using this within Squishdot, I mean, what kind of malicious things could be done to a Squishdot site with it set? Do you have any working ideas on how to deal with it without _allow_access...=1 ? -Lance
odysseus@acedsl.com wrote:
Is this the __allow_access_to_unprotected_subobjects__=1 within the Posting class you're referring to?
It is indeed...
How big of an issue is it using this within Squishdot, I mean, what kind of malicious things could be done to a Squishdot site with it set?
Well, it's not going to be any worse that it was before. In short, I don't know, but I'm not happy with it being in there. Also, if Zope has some problems in this area, I'd like to find them and help them get sorted out, for everyone's benefit...
Do you have any working ideas on how to deal with it without _allow_access...=1 ?
I'm playing now ;-) cheers, Chris
participants (2)
-
Chris Withers -
odysseus@acedsl.com