[Zope] Re: PythonMethods and import

[Evan Simpson]

Bill Anderson wrote:

> Evan Simpson wrote:
> >
> > ----- Original Message -----
> > From: Jay, Dylan <djay@lucent.com>
> > > Python methods look really nice however why remove the use of import. I
> > > guess this is a security hazard and allows access to the filesystem but it
> > > also allows the use of many very usefull packages that to use mean the
> > > messyness of creating external methods.
> >
> > Funny you should mention that! <wink>.  I have a version for my personal use
> > with unlimited import enabled for just this reason.
>
> Any way one could get a copy of that verson to play with ? :-)

You want scarywildunchained PythonMethods?  Sign this waiver, please.  It says
that if you use what I'm about to tell you on your site, you agree that I can't
be held responsible for anything that may occur, up to and including Weird Al
Yankovic stuffing your server with gerbils and making you program in Intercal on
a Commodore PET.  Thank you.

Download the latest (0.1.1 as of this writing) PythonMethods, install it, and
append the following lines to Guarded.py:

if "you want completely unsecure, dangerous PMs" and "a classname that lies":
    from zbytecodehacks.VSExec import CodeBlock, Printing
    class GuardedBlock(CodeBlock):
        Mungers = [Printing]

then find the one-and-only call to UntupleFunction in PythonMethod.py, and
replace "safefuncs.__class__.__dict__" with "__builtins__".

Restart Zope and watch the sparks fly.