[Zope] Zope 2.1.5/6/7 & ZSQLMethods problem
Ron Bickers
rbickers@logicetc.com
Thu, 15 Jun 2000 19:42:04 -0400
> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Brian
> Lloyd
> Sent: Thursday, June 15, 2000 5:26 PM
> To: 'zope@zope.org'; 'zope-dev@zope.org'; 'zope-announce@zope.org'
> Subject: [Zope] Zope security alert and 2.1.7 update [*important*]
>
> A Zope 2.1.7 release has been made that resolves this issue for
> Zope 2.1.x users. This release is available from Zope.org:
>
> http://www.zope.org/Products/Zope/2.1.7/
>
I assume based on the change log that this is the only fix in 2.1.7,
correct?
I fought for a full day to get my ZSQLMethods working in 2.1.6, but
apparently the argument aquisition or something like that is still so broken
that I had to jump back to 2.1.4. I applied the various unofficial "fixes"
from the list archives (not all at the same time, of course) and none of
them did the trick. I know others beat themselves up over this too.
The problem I'm talking about is the one where the arguments to the sql
method seem to be ignored. That is, if I have an argument 'order', and I
have a DTML method (or any other "item") named 'order' in the same folder,
<dtml-var order> in the sql method refers to the DTML method, not the
argument. This breaks dozens of sql methods I have.
With all of these security issues popping up, I don't like not being able to
upgrade. Does anyone have a real fix for the ZSQLMethod problems in 2.1.6
that could be officially applied to the 2.1 series, or should I start using
the 2.2 betas?
Thanks!
_______________________
Ron Bickers
Logic Etc, Inc.
rbickers@logicetc.com