[Zope-dev] Re: struggeling with a sessionbased LoginMethod
Andrew Kenneth Milton
akm@theinternet.com.au
Thu, 8 Nov 2001 20:04:22 +1000
+-------[ Joachim Schmitz ]----------------------
|
| > | Yes !
| >
| > is index_html calling something that is *inside* the locked folder?
|
| that's the idea of this setup, you have only one index_html in the root-folder
| which looks like this:
|
| <dtml-var header>
| <dtml-var content>
| <dtml-var footer>
|
| so you just setup a new folder with a content method in it.
You also have to be careful it doesn't just acquire one from above that it
does have permissions for...
try this;
------------------------------------------------------------------------
<dtml-var header>
<dtml-try>
<dtml-var content>
<dtml-except Unauthorized>
<dtml-call "RESPONSE.redirect('acl_users/docLogin?destination='+URL)">
</dtml-try>
<dtml-var footer>
------------------------------------------------------------------------
This mess will change when the traversal security is fixed to stop when it
reaches somewhere you don't have permissions to.
--
Totally Holistic Enterprises Internet| | Andrew Milton
The Internet (Aust) Pty Ltd | |
ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|