[Zope-dev] Re: Security audit introduced problem
in PageTemplates/Expression.py
Stuart Bishop
stuart at stuartbishop.net
Mon Jan 19 00:13:22 EST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 17/01/2004, at 10:34 AM, Jim Fulton wrote:
>> I I'm pretty sure that I can redo the way we protect dictionaries and
>> lists so that we can provide backward compatability. If I can do
>> this,
>> I will, because backward compatability *is* important, especially for
>> bug-fix
>> releases.
>
> This is done and checked into the Zope 2.7 branch (Zope-2_7-branch).
>
> Stuart, can you try this out and make sure that your application
> works as it did before?
All appears to be working as before. If this is definitely
deprecated, I'll note that in AccessControl.py.
I don't have a problem with deprecating this feature if it makes
the Zope code saner - I was only using it because it was there
and did what I wanted.
I don't particularly like the idea of this mechanism working
for getattr access but not for getitem access. I've always
tended to stick with using getitem over getattr, partly as a
holdover from when it was incredibly painful to mix getattr
overrides with ExtensionClass, and partly because you are less
likely to recursively shoot yourself in the foot. Indeed - an
argument could be made for deprecating getattr in favor of
getitem, as the latter could make use of Unicode keys if Zope's
traversal mechanisms were updated to cope.
- --
Stuart Bishop <stuart at stuartbishop.net>
http://www.stuartbishop.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFAC2d1AfqZj7rGN0oRAjPWAJ0VHsN8Rptk21xf90EyXTk5abgWiACeKZXM
l6yznxwTidlY2vooA9b+o0s=
=xCpW
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list