[ZCM] [ZC] 1182/ 1 Request "security.setDefaultAccess crippled"
Collector: Zope Bugs, Features,
and Patches ...
zope-coders-admin at zope.org
Wed Jan 14 21:59:51 EST 2004
Issue #1182 Update (Request) "security.setDefaultAccess crippled"
Status Pending, Zope/bug critical
To followup, visit:
http://collector.zope.org/Zope/1182
==============================================================
= Request - Entry #1 by Zen on Jan 14, 2004 9:59 pm
Uploaded: "AccessEg.py"
- http://collector.zope.org/Zope/1182/AccessEg.py/view
Before Zope 2.7.0 b4, products could use SecurityInfo.setDefaultAccess to set an access
control method. In beta 4, the 'name' parameter is being lost. This seems to be because
in a number of places (ZopeGuards.py line 70, PageTemplates/Expressions.py) the validate
method is being called with None passed as the 'name' parameter. This seems to be an explicit
change made as part of the recent security audit, but I can't find a change notice or comment
mentioning this.
I've attached an example product that triggers this issue.
==============================================================
More information about the Zope-Collector-Monitor
mailing list