[ZCM] [ZC] 1186/ 4 Comment "Stopped working in 2.7.B4: <dtml-var
"[x for x in ['list', 'comprehension']]">"
Collector: Zope Bugs, Features,
and Patches ...
zope-coders-admin at zope.org
Fri Jan 16 13:29:11 EST 2004
Issue #1186 Update (Comment) "Stopped working in 2.7.B4: <dtml-var "[x for x in ['list','comprehension']]">"
Status Resolved, Zope/bug medium
To followup, visit:
http://zope.org/Collectors/Zope/1186
==============================================================
= Comment - Entry #4 by mgf on Jan 16, 2004 1:29 pm
Tested - works fine now. Thanks a lot & best regards. Martin
________________________________________
= Resolve - Entry #3 by tseaver on Jan 16, 2004 1:21 pm
Status: Accepted => Resolved
Fixed for 2.6, 2.7, and the head:
http://cvs.zope.org/Zope/lib/python/AccessControl/ZopeGuards.py.diff?r1=1.12.4.4&r2=1.12.4.5
http://cvs.zope.org/Zope/lib/python/AccessControl/ZopeGuards.py.diff?r1=1.16.2.1&r2=1.16.2.2
http://cvs.zope.org/Zope/lib/python/AccessControl/ZopeGuards.py.diff?r1=1.17&r2=1.18
________________________________________
= Assign - Entry #2 by tim_one on Jan 16, 2004 10:20 am
Status: Pending => Accepted
Supporters added: tim_one
Yes, this is a consequence of security fixes. Iteration extracts objects from a container, and before the fixes no security check was made on the objects getting extracted. The new internal _getiter_() function wraps iteration to perform such checks before delivering the extracted objects.
Alas, I don't understand the implementation of DTML, and so far haven't been able to figure out a correct way to add this (& other new security wrappers) to the environment DTML runs under.
________________________________________
= Request - Entry #1 by mgf on Jan 16, 2004 4:09 am
The following DTML worked fine in Zope 2.6.2/Py 2.1.3:
<dtml-var "[x for x in ['a','b']]">
Under Zope 2.7.0-b4 (python 2.3.3, win32), it fails with a
NameError name '_getiter_' is not defined.
This may perhaps be a undesired side-effect of the security fixes made to 2.6.3/2.7.b4, although I couldn't test under 2.6.3.
Best regards,
Martin
==============================================================
More information about the Zope-Collector-Monitor
mailing list