[Zope] Zope 2.1.5/6/7 & ZSQLMethods problem

Ron Bickers rbickers@logicetc.com
Thu, 15 Jun 2000 19:42:04 -0400


> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Brian
> Lloyd
> Sent: Thursday, June 15, 2000 5:26 PM
> To: 'zope@zope.org'; 'zope-dev@zope.org'; 'zope-announce@zope.org'
> Subject: [Zope] Zope security alert and 2.1.7 update [*important*]
>

> A Zope 2.1.7 release has been made that resolves this issue for
> Zope 2.1.x users. This release is available from Zope.org:
>
>   http://www.zope.org/Products/Zope/2.1.7/
>

I assume based on the change log that this is the only fix in 2.1.7,
correct?

I fought for a full day to get my ZSQLMethods working in 2.1.6, but
apparently the argument aquisition or something like that is still so broken
that I had to jump back to 2.1.4.  I applied the various unofficial "fixes"
from the list archives (not all at the same time, of course) and none of
them did the trick.  I know others beat themselves up over this too.

The problem I'm talking about is the one where the arguments to the sql
method seem to be ignored.  That is, if I have an argument 'order', and I
have a DTML method (or any other "item") named 'order' in the same folder,
<dtml-var order> in the sql method refers to the DTML method, not the
argument.  This breaks dozens of sql methods I have.

With all of these security issues popping up, I don't like not being able to
upgrade.  Does anyone have a real fix for the ZSQLMethod problems in 2.1.6
that could be officially applied to the 2.1 series, or should I start using
the 2.2 betas?

Thanks!
_______________________

Ron Bickers
Logic Etc, Inc.
rbickers@logicetc.com