[Zope] Security Problems upgrading to Zope 2.2.0

Stefan Bambach Stefan Bambach <bambach@triplex.de>
Mon, 21 Aug 2000 18:54:27 +0200


Hello zope-users,

I upgraded my Zope application from version 2.1.3 to 2.2.0 . Now I
have problems with the new security system.

e.g. 'test.py' in Extensions directory:

class test:
  def __init__(self):
    pass
  def sayhello(self):
    return "hello"

def initialize(self):
  return test()

Now I created an external method that is named 'test', it's function
name is 'initialize' and the module's name is 'test'.

The code
<dtml-with "test()">
<dtml-var "sayhello()">
</dtml-with>
produces an 'Unauthorized: sayhello' after I canceled the requester.

Of course this is only a test function, because my real functions
didn't work, too.

All checkboxes of the external method 'test' are checked. So all users
should have the rights to access this method. Right ?

What's wrong with this code ?



bye.
Stefan Bambach