[Zope-dev] ZPatterns bug. Very serious.
mike
mike@if-site.com
Fri, 23 Jun 2000 13:06:55 +0800
"Phillip J. Eby" wrote:
> This is not a bug, it's a feature. :) If you look closely at the
> dictionary, you will see it contains empty lists for all these items.
> These empty lists are the DataSkins.NOT_FOUND singleton, which caches the
> nonexistence of these attributes. This is not a security problem, nor any
> other kind of problem. It is instead a performance optimization which
> keeps the DataSkin from querying all the AttributeProviders every time a
> known-to-be-nonexistent attribute is looked for.
There _IS_ a problem. Maybe _v_cachedAttr is not a guilty, but do you
know it exists only in newly created objects and do _not_ exists in
old?. Anyway, newly created DataSkin instances return wrong REQUEST (and
other things) but _old_ retrieved ones work good. I tell you this
because it is impossible to obtain AUTHENTICATE_USER from fresh
DataSkins, so things like 'manage_tabs' just do not work properly. Try
set up Rack for any real ZClass and you see this.
If you'd like I send you complete test suite reproducing the situation.
Mike