[Zope-dev] validate() trouble in Zope-2.5.0a1

[Matthew T. Kromer]

Jens Vagelpohl wrote:

> steve,
>
> unfortunately 2.5.0a1 had some serious issues.... alpha2 should come 
> out really soon and fix them. in a nutshell, alpha1 is unusable. you 
> can stop playing ;)
>
> jens
>
>
> On Sunday, October 28, 2001, at 04:20 , Steve Spicklemire wrote:
>
>> [...]
>> )
>> -> if validate(container=self, value=o):
>> (Pdb) n
>> [...]
>

Yup, this was my bad -- that line should be changed to read

    if validate(None, self, None, o, None):

since the C machinery isn't taking keyword arguments.  Its in the 
2.5.0a2 announcment.  In some regards, it baffles me that it worked in 
the first place, because the first 4 or 5 arguments to validate are NOT 
optional, and have no default.  I suspect that someone along the way was 
plugging in None for those options that weren't specified.  But I'm 
ignorant on the exact details of Python argument marshalling...  The 
particular code in SecurityManager.py has a validate() method which does 
supply None as defaults, but then passes them as positional parameters 
to the underlying implementation.  So, I think the DTML security manager 
is accelerating this by skipping what basically is an empty wrapper 
stage (promoting the policy's validate() method into the object), and 
thats what is tripping the bug.

Alternatively, the setting the environment variable ZOPE_SECURITY_POLICY 
to PYTHON will disable the C version of the security policy.