[Zope] Security and containment (was Re: [Zope]
Acquisition? Did I just lose my Zen?) Zen?)
Martijn Pieters
mj@antraciet.nl
Tue, 21 Sep 1999 21:04:48 +0200
At 19:25 21-9-99 , Ross J. Reedstrom wrote:
>This doesn't answer Martijn's question, though, about overriding the root
>standard_header and standard_footer, overcoming the order-of-aquisition
>problem. Any clever ideas out there?
I have a few ideas, just haven't had the time to work them out yet. I have
a deadline on a paper on Thursday, and an important exhibition tomorrow.
Basically I do this:
1. Only one standard_html_header and -_footer, that include context_header
and -_footer.
2. frames and noframes standard_html_header and -_footer renamed to
context_header and -_footer.
3. A third folder (lets name it content) that has the old root folder
standard_html_header and -_footer copied to context_header and -_footer.
4. Hack standard_error_message to look out for a AttributeError on
context_header. If it occurs, a direct URL to content (without a /frames,
/noframes or /content prefix) was called, so we redirect with a prepended
/frames or /noframes (depending on the cookie).
Now a frameset uses the same URL, but with /content prepended.
So:
/frames/home gives you a frameset with in the content frame the page
/content/home. The no-frames version has the URL /noframes/home
--
Martijn Pieters, Web Developer
| Antraciet http://www.antraciet.nl
| T: +31 35 7502100 F: +31 35 7502111
| mj@antraciet.nl http://www.antraciet.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
---------------------------------------------