[Zope-dev] Re: struggeling with a sessionbased LoginMethod

Thu, 8 Nov 2001 11:11:33 +0100 (CET)

On Thu, 8 Nov 2001, Andrew Kenneth Milton wrote:

> +-------[ Joachim Schmitz ]----------------------
> |
> | > | Yes !
> | >
> | > is index_html calling something that is *inside* the locked folder?
> |
> | that's the idea of this setup, you have only one index_html in the ro=
ot-folder
> | which looks like this:
> |
> | <dtml-var header>
> | <dtml-var content>
> | <dtml-var footer>
> |
> | so you just setup a new folder with a content method in it.
>
> You also have to be careful it doesn't just acquire one from above that=
 it
> does have permissions for...
>
> try this;
>
> -----------------------------------------------------------------------=
-
>
> <dtml-var header>
> <dtml-try>
> 	<dtml-var content>
> <dtml-except Unauthorized>
> 	<dtml-call "RESPONSE.redirect('acl_users/docLogin?destination=3D'+URL)=
">
> </dtml-try>
> <dtml-var footer>
>
> -----------------------------------------------------------------------=
-
>
> This mess will change when the traversal security is fixed to stop when=
 it
> reaches somewhere you don't have permissions to.
>

thanks, that was the workaround similar to the one, I already found, didn=
't
you see my mail on the list ?

Mit freundlichen Gr=FC=DFen

Joachim Schmitz

AixtraWare, Ing. B=FCro f=FCr Internetanwendungen
H=FCsgenstr. 33a, D-52457 Aldenhoven
Telefon: +49-2464-8851, FAX: +49-2464-905163