[Zope-dev] Zope 2.6.0 ZMI Problem for CJK(Collector 623) patch.

Kazuya FUKAMACHI kf@atransia.co.jp
Fri, 29 Nov 2002 03:09:28 +0900


On Thu, 28 Nov 2002 09:47:04 +0900
Hajime Nakagami <nakagami@da2.so-net.ne.jp> wrote:
>  Zope 2.6.0 have a problem for non 'iso-8859-1' user.
> And Collector 623 is still incollect now.
> http://collector.zope.org/Zope/623
> 
> It's serious problem for CJK(I'm Japanese).
> So I make patch for 2.6.0.
> 
> http://www005.upp.so-net.ne.jp/zope260-i18n-20021123.diff

This patch seems to have a minor performance problem,
that is, applying this patch, traverse() be called two times
at the time of publishing.

 1. ZPublisher/HTTPRequest.py - get_default_charset()
    - added to get default charset from the environment
 2. ZPublisher/Publish.py - publish()
    - normal call

I would like to know whether
 calling traverse() only to get 'default_charset' is inevitable.
Any good workaround?

Another thing, I'm concerning over security issues.
In this patch, extra argument is added to traverse();

 def traverse(self, path, response=None, validated_hook=None,
  auth_check=1): <-- auth_check is added

And called like this from get_default_charset();

 object=req.traverse(req.environ['PATH_INFO'][:], auth_check=0)

Putting auth_check=0 will bypass authorization check.
I don't want to add such an argument, because it might bear
a security issue. Any good workaround?

I'm hesitating to upgrading to Zope 2.6.0, partly because
of http://collector.zope.org/Zope/623.
It would be greatly appreciated if this patch would be refined.

Regards,
Kazuya

-- 
Kazuya Fukamachi                      The limits of my language are 
http://www.atransia.co.jp/home/ZenKai/   the limits of my world.
(sorry only in Japanese)                  --Ludwig Wittgenstein