At 09:04 29-8-99 , Andreas Kostyrka wrote:
On Sun, 29 Aug 1999, Martijn Pieters wrote:
At 02:03 29-8-99 , Mike Winter wrote:
Hi, just a quick question: how do you get Zope to display DTML without evaluating it?
There are two methods, one of which is (to me) a very serious security breach: document_src (for which you need the View management screens permission), and PrincipiaSearchSource, for which you do not need any permissions at all. At any Zope2 site, I can add /PrincipiaSearchSource to the URL and see the source of that DTML Method/Document. Well, I've tried this with www.mtg.co.at (Z2.0b1), and I get this:
http://www.mtg.co.at/index_html/PrincipiaSearchSource <html><head></head> <!--#var standard_html_header--> <H1> Willkommen auf dem Webserver der Fa. MTG</H1> <P>Wir stellen unseren Webserver gerade auf <A HREF="http://www.zope.org/">Zope</A>, dem führenden <A HREF="http://www.opensource.org/">Opensource (engl. link)</A> Webapplikationsserver um. </P> <P> Deshalb können Sie momentan nicht alle Inhalte sehen. Was bereits vorhanden ist, können Sie links sehen. </P> <P>We changing our website at the moment. This site is basically intended for a German speaking audience, so don't wonder if you don't find to much material in English. </P> <P> <!--#var standard_html_footer--> It only works on DTML Methods and Documents, not on Folders. -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | T: +31 35 7502100 F: +31 35 7502111 | mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ---------------------------------------------
participants (1)
-
Martijn Pieters