This is a part of the navbar on our site. When I try to access this directly through a folder (without the header), Zope seems to go into an seemingly infinite loop. Let's call the navbar 'test', and put it in the root folder. It contains the code below. Then make a folder testfolder, and call the navbar like this http://machine/testfolder/test On our machines, Zope goes into an infinite loop. By removing lines, it seems to recover from the "loop" more quickly. Seems like a n^x loop, where n is the number of lines. By removing the <dtml-in PARENTS skip_unauthorized> part it works. Is this somehow iterating all the lines in the dtml-method? Normally this is not a problem, as the header adds the <html> tags, which seems to make it work, but what worries me is that anybody can stop our site by trying to access this directly. Here's the code of the navbar: <dtml-unless expr="PARENTS[0]==PARENTS[-1]"> <dtml-if "meta_type == 'Artist'"> <dtml-call "REQUEST.set('artist_alias', id)"> <dtml-else> <dtml-in PARENTS skip_unauthorized> <dtml-if "meta_type == 'Artist'"> <dtml-call "REQUEST.set('artist_alias', id)"> </dtml-if> </dtml-in> </dtml-if> </dtml-unless> <!------ Start of artist admin navbar -------> <table border="0" width="100%" bgcolor="#000000" cellspacing="0" cellpadding="0"> <tr> <td width="100%"> <table border="0" width="100%" cellspacing=1 cellpadding=3> <tr bgcolor="#7D8DAF" align="center" valign="center"> <td width="100%">Manager-meny</td> -- Helge Tesdal tesdal@stud.ntnu.no
----- Original Message ----- From: Helge Tesdal <tesdal@stud.ntnu.no>
By removing the <dtml-in PARENTS skip_unauthorized> part it works. Is this somehow iterating all the lines in the dtml-method?
<dtml-in PARENTS skip_unauthorized> <dtml-if "meta_type == 'Artist'"> <dtml-call "REQUEST.set('artist_alias', id)"> </dtml-if> </dtml-in>
This code sets REQUEST.artist_alias to the id of the highest (closest to root) accessible Artist in the current access path. Is this what you wanted it to do? Cheers, Evan @ digicool
On Thu, 3 Feb 2000, Evan Simpson wrote:
<dtml-in PARENTS skip_unauthorized> <dtml-if "meta_type == 'Artist'"> <dtml-call "REQUEST.set('artist_alias', id)"> </dtml-if> </dtml-in>
This code sets REQUEST.artist_alias to the id of the highest (closest to root) accessible Artist in the current access path. Is this what you wanted it to do?
Yes it is. At least it was until you mentioned it. :) It would probably be a good thing to use the lowest, as this is the way acquisition works? How do I set alias to the lowest id? What I'm really wondering about is why this iteration makes Zope go into loops and occasionaly die. Are there other ways to do a DoS attack against Zope that I should know about when programming? -- Helge Tesdal
----- Original Message ----- From: Helge Tesdal <tesdal@stud.ntnu.no>
This code sets REQUEST.artist_alias to the id of the highest (closest to root) accessible Artist in the current access path. Is this what you wanted it to do?
Yes it is.
At least it was until you mentioned it. :)
It would probably be a good thing to use the lowest, as this is the way acquisition works? How do I set alias to the lowest id?
Just put 'reverse' into your <dtml-in>.
What I'm really wondering about is why this iteration makes Zope go into loops and occasionaly die.
I couldn't see the rest of your object's code (it looks like it was cut off), so I'm not sure. Cheers, Evan @ digicool
On Thu, 3 Feb 2000, Evan Simpson wrote:
It would probably be a good thing to use the lowest, as this is the way acquisition works? How do I set alias to the lowest id?
Just put 'reverse' into your <dtml-in>.
Thanks, I will.
What I'm really wondering about is why this iteration makes Zope go into loops and occasionaly die.
I couldn't see the rest of your object's code (it looks like it was cut off), so I'm not sure.
The reason why I didn't include more of the code in the original post was that it wasn't necessary. Adding more lines made it loop longer, removing lines made it recover from the loop more quickly. That's the reason I think Zope is doing some kind of n^x operation. -- Helge
participants (2)
-
Evan Simpson -
Helge Tesdal