[Zope-dev] ZPatterns bug. Very serious.

mike mike@if-site.com
Fri, 23 Jun 2000 13:06:55 +0800


"Phillip J. Eby" wrote:

> This is not a bug, it's a feature.  :)  If you look closely at the
> dictionary, you will see it contains empty lists for all these items.
> These empty lists are the DataSkins.NOT_FOUND singleton, which caches the
> nonexistence of these attributes.  This is not a security problem, nor any
> other kind of problem.  It is instead a performance optimization which
> keeps the DataSkin from querying all the AttributeProviders every time a
> known-to-be-nonexistent attribute is looked for.

There _IS_ a problem. Maybe _v_cachedAttr is not a guilty, but do you
know it exists only in newly created objects and do _not_ exists in
old?. Anyway, newly created DataSkin instances return wrong REQUEST (and
other things) but _old_ retrieved ones work good. I tell you this
because it is impossible to obtain AUTHENTICATE_USER from fresh
DataSkins, so things like 'manage_tabs' just do not work properly. Try
set up Rack for any real ZClass and you see this.

If you'd like I send you complete test suite reproducing the situation.

Mike