[Zope-dev] Re: differences in PropertyManager._setPropValue

Florent Guillaume fg at nuxeo.com
Thu Nov 3 09:41:11 EST 2005 

Victor Safronovich wrote:
> Hello Florent Guillaume,
> 
> Monday, October 31, 2005, 6:25:20 PM, you wrote:
> 
> 
> FG> This was changed because have mutable objects stored as properties can lead 
> FG> to unexpected behavior. Do you mean you have a custom proprty type called 
> FG> "list"?
>     yes, my own property of type 'list'. I don`t find any restriction on type of
>     the property, only in comment of the PropertyManager class:
> 
>     The 'type' string must be one of the values: 'float', 'int', 'long',
>     'string', 'lines', 'text', 'date', 'tokens', 'selection', or
>     'multiple section'.
> 
>     But PropertyManager support any custom types not only types descriped above.
>     For  example Publisher supports ':list' and ':tuple' converters (but only in
>     HTTPRequest.processInputs  method,  it  is  impossible  to manage 'list',
>     'tuple', 'records' types through converters.py module, pitifully )
> 
> FG>  What's your use case for it, and why can't tuple fit the bill ?
>     My  code  use  the  'sort'  method of the python list type. Of course this is
>     ugly to trust the getProperty result, and my code should be manually convert
>     the getProperty result to list.

Indeed it should, as doing self.someprop.sort() for instance has bugs 
related to persistence if someprop is a list. The change from Zope 2.6 to 
Zope 2.7 turning all sequence properties to tuples was for this, and other, 
reasons.

>     of course i repaire my code, but how chould i escape from incompatible behavior
>     of  the  zope versions in future? may be write more tests to PropertyManager class? or
>     how?

That's one of the rare incompatibilities between 2.6 and 2.7. It's 
mentionned in the release notes for 2.7.0b4:

   Some property types were stored in a mutable data type (list) which could
   potentially allow untrusted code to effect changes on those properties
   without going through appropriate security checks in particular scenarios

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of R&D
+33 1 40 33 71 59   http://nuxeo.com   fg at nuxeo.com

More information about the Zope-Dev mailing list