[Zope-dev] Zope 2.6.0 ZMI Problem for CJK(Collector 623) patch.
Kazuya FUKAMACHI
kf@atransia.co.jp
Fri, 29 Nov 2002 03:09:28 +0900
On Thu, 28 Nov 2002 09:47:04 +0900
Hajime Nakagami <nakagami@da2.so-net.ne.jp> wrote:
> Zope 2.6.0 have a problem for non 'iso-8859-1' user.
> And Collector 623 is still incollect now.
> http://collector.zope.org/Zope/623
>
> It's serious problem for CJK(I'm Japanese).
> So I make patch for 2.6.0.
>
> http://www005.upp.so-net.ne.jp/zope260-i18n-20021123.diff
This patch seems to have a minor performance problem,
that is, applying this patch, traverse() be called two times
at the time of publishing.
1. ZPublisher/HTTPRequest.py - get_default_charset()
- added to get default charset from the environment
2. ZPublisher/Publish.py - publish()
- normal call
I would like to know whether
calling traverse() only to get 'default_charset' is inevitable.
Any good workaround?
Another thing, I'm concerning over security issues.
In this patch, extra argument is added to traverse();
def traverse(self, path, response=None, validated_hook=None,
auth_check=1): <-- auth_check is added
And called like this from get_default_charset();
object=req.traverse(req.environ['PATH_INFO'][:], auth_check=0)
Putting auth_check=0 will bypass authorization check.
I don't want to add such an argument, because it might bear
a security issue. Any good workaround?
I'm hesitating to upgrading to Zope 2.6.0, partly because
of http://collector.zope.org/Zope/623.
It would be greatly appreciated if this patch would be refined.
Regards,
Kazuya
--
Kazuya Fukamachi The limits of my language are
http://www.atransia.co.jp/home/ZenKai/ the limits of my world.
(sorry only in Japanese) --Ludwig Wittgenstein