TAL Hotfix 2004-07-14 for Zope 2.7.0, 2.7.1
This hotfix product fixes a security bug in Page Templates. This fix ensures that values substituted in named slots in translated elements are properly encoded. If encoding is not desired and the source of the replacement text is trusted, the "structure" modifier can be used with the tal:content or tal:replace attribute to explicitly disable encoding. Affected Versions This fix applies to Zope 2.7.0 and 2.7.1. Zope versions 2.7.2 and newer already contain this fix, and do not require this hotfix. This fix also obsoletes 'Hotfix_20040713', so that should be uninstalled when this hotfix is installed. See the README.txt file provided with 'Hotfix_20040713' for instructions on removing that hotfix. Getting the Hotfix You can download the hotfix at: http://zope.org/Products/Zope/Hotfix_2004-07-14/Zope%202.7.0%20-%202.7.1/ The product contains a README.txt file with installation instructions. -Fred -- Fred L. Drake, Jr. <fred at zope.com> Zope Corporation
After restarting with that hotfix product installed in a Zope 2.7.0 instance, I get an exception when viewing a ZWiki (0.32.0) page: File "/usr/local/Zope-2.7.0/lib/python/TAL/TALInterpreter.py", line 656, in do_useMacro self.position) METALError: macro "python:here.wikipage_macros().macros['quickaccesskeys']" has incompatible version '1.4', at line 11, column 5 After removing that hotfix product directory and restarting ZServer, the ZWiki pages work again. -- Fred Yankowski fred@ontosys.com tel: +1.630.879.1312 OntoSys, Inc PGP keyID: 7B449345 fax: +1.630.879.1370 www.ontosys.com 38W242 Deerpath Rd, Batavia, IL 60510-9461, USA
I added a new Plone site, went to view the Contents View and this is the traceback I get: Any ideas?? Or just to take it over to the Plone group? (have not joined it yet) Thanks Traceback (innermost last): Module ZPublisher.Publish, line 100, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 40, in call_object Module Shared.DC.Scripts.Bindings, line 306, in __call__ Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec Module Products.CMFCore.FSPageTemplate, line 191, in _exec Module Products.CMFCore.FSPageTemplate, line 124, in pt_render Module Products.PageTemplates.PageTemplate, line 96, in pt_render - <FSPageTemplate at /site/folder_contents> Module TAL.TALInterpreter, line 189, in __call__ Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 663, in do_useMacro Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 408, in do_optTag_tal Module TAL.TALInterpreter, line 393, in do_optTag Module TAL.TALInterpreter, line 388, in no_tag Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 686, in do_defineSlot Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 642, in do_defineMacro Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 408, in do_optTag_tal Module TAL.TALInterpreter, line 393, in do_optTag Module TAL.TALInterpreter, line 388, in no_tag Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 629, in do_condition Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 629, in do_condition Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 262, in do_startEndTag Module TAL.TALInterpreter, line 290, in do_startTag Module TAL.TALInterpreter, line 356, in attrAction_tal Module Products.PageTemplates.TALES, line 226, in evaluateText Module Products.PageTemplates.TALES, line 220, in evaluate - Line 107, Column 12 - Expression: <PythonExpr test( num_types == 1 , here.translate('Add New ${type}', {'type': types[0].Title()},'Add New '+types[0].Title() ) , 'Add New Item')> - Names: {'container': <PloneSite instance at 41146830>, 'context': <PloneSite instance at 41146830>, 'default': <Products.PageTemplates.TALES.Default instance at 0x40854aac>, 'here': <PloneSite instance at 41146830>, 'loop': <SafeMapping instance at 41e0fc30>, 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x4084abac>, 'nothing': None, 'options': {'args': ()}, 'repeat': <SafeMapping instance at 41e0fc30>, 'request': <HTTPRequest, URL=http://www.xxxx.com/site/folder_contents>, 'root': <Application instance at 41123e00>, 'template': <FSPageTemplate at /site/folder_contents>, 'traverse_subpath': [], 'user': allen} Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__ - __traceback_info__: test( num_types == 1 , here.translate('Add New ${type}', {'type': types[0].Title()},'Add New '+types[0].Title() ) , 'Add New Item') Module Python expression "test( num_types == 1 , here.translate('Add New ${type}', {'type': types[0].Title()},'Add New '+types[0].Title() ) , 'Add New Item')", line 1, in <expression> TypeError: translate() takes exactly 2 arguments (4 given)
This error seems to emanate from Plone code. They have mailing lists where this specific problem might be solved quicker. jens On Jul 14, 2004, at 8:54 PM, Allen Schmidt wrote:
I added a new Plone site, went to view the Contents View and this is the traceback I get: Any ideas?? Or just to take it over to the Plone group? (have not joined it yet) Thanks
Traceback (innermost last): Module ZPublisher.Publish, line 100, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 40, in call_object Module Shared.DC.Scripts.Bindings, line 306, in __call__ Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec Module Products.CMFCore.FSPageTemplate, line 191, in _exec Module Products.CMFCore.FSPageTemplate, line 124, in pt_render Module Products.PageTemplates.PageTemplate, line 96, in pt_render - <FSPageTemplate at /site/folder_contents> Module TAL.TALInterpreter, line 189, in __call__ Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 663, in do_useMacro Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 408, in do_optTag_tal Module TAL.TALInterpreter, line 393, in do_optTag Module TAL.TALInterpreter, line 388, in no_tag Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 686, in do_defineSlot Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 642, in do_defineMacro Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 408, in do_optTag_tal Module TAL.TALInterpreter, line 393, in do_optTag Module TAL.TALInterpreter, line 388, in no_tag Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 629, in do_condition Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 629, in do_condition Module TAL.TALInterpreter, line 233, in interpret Module TAL.TALInterpreter, line 262, in do_startEndTag Module TAL.TALInterpreter, line 290, in do_startTag Module TAL.TALInterpreter, line 356, in attrAction_tal Module Products.PageTemplates.TALES, line 226, in evaluateText Module Products.PageTemplates.TALES, line 220, in evaluate - Line 107, Column 12 - Expression: <PythonExpr test( num_types == 1 , here.translate('Add New ${type}', {'type': types[0].Title()},'Add New '+types[0].Title() ) , 'Add New Item')> - Names: {'container': <PloneSite instance at 41146830>, 'context': <PloneSite instance at 41146830>, 'default': <Products.PageTemplates.TALES.Default instance at 0x40854aac>, 'here': <PloneSite instance at 41146830>, 'loop': <SafeMapping instance at 41e0fc30>, 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x4084abac>, 'nothing': None, 'options': {'args': ()}, 'repeat': <SafeMapping instance at 41e0fc30>, 'request': <HTTPRequest, URL=http://www.xxxx.com/site/folder_contents>, 'root': <Application instance at 41123e00>, 'template': <FSPageTemplate at /site/folder_contents>, 'traverse_subpath': [], 'user': allen} Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__ - __traceback_info__: test( num_types == 1 , here.translate('Add New ${type}', {'type': types[0].Title()},'Add New '+types[0].Title() ) , 'Add New Item') Module Python expression "test( num_types == 1 , here.translate('Add New ${type}', {'type': types[0].Title()},'Add New '+types[0].Title() ) , 'Add New Item')", line 1, in <expression> TypeError: translate() takes exactly 2 arguments (4 given)
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
participants (4)
-
Allen Schmidt -
Fred Drake -
Fred Yankowski -
Jens Vagelpohl