[Zope-dev] another validation problem
Brian Lloyd
Brian@digicool.com
Thu, 25 May 2000 15:14:45 -0400
> > The latest CVS version is giving autorization demands (and
> failures) with this DTMLmethod.
> > This kind of construct used to work fine.
> >
> > <dtml-var standard_html_header>
> > <h2><dtml-var title_or_id> <dtml-var document_title></h2>
> > <p>
> > <dtml-with "_.namespace(SUB=[1,2])">
> > <dtml-if "_.len(SUB)>0">non-empty<dtml-else>empty</dtml-if>
> > </dtml-with>
> > </p>
> > <dtml-var standard_html_footer>
>
> Perhaps newly created names in the _ namespace do not get
> understood by
> the new security guts.
Hi guys -
I _just_ checked in a fix for this. A piece of the namespace
machinery was not updated in the required way to play nice
with the new infrastructure. I've included the reply I made
to the bug report:
Thanks for the report - I've tracked this down to a bit of
the DTML rendering machinery that didn't get updated to
play nice with the new security infrastructure. Any DTML
that tried to use subobjects of an object associated with
a name via a namespace would fail validation. The manage_tabs happened
to do this.
I've fixed this for 2.2. In the meantime, if you want to
patch your current installation, you can make a one-line
change to DocumentTemplate/DT_Util.py. At line 254, change:
class namespace_: pass
to:
class namespace_:
__allow_access_to_unprotected_subobjects__=1
Brian Lloyd brian@digicool.com
Software Engineer 540.371.6909
Digital Creations http://www.digicool.com