[Zope] DTML Document class Id bug, somewhat fixed. But now se
tName ...
Brian Lloyd
Brian@digicool.com
Thu, 29 Jun 2000 14:08:56 -0400
> And indeed the problem was with the fact that I was
> subclassing the
> DTML Document, which as explained in
> http://www.zope.org/Members/AlexR/ZClassIDBug
> somewhat mangles the Id property. Public thanks to Rik
> Hoekstra <rik.hoekstra@inghist.nl>
> for suggesting that.
> I added this fix (from the page I mention above) to the
> constructor method,
>
> <!--#with "myZClass.createInObjectManager(REQUEST['id'], REQUEST)"-->
> <dtml-call "setName(REQUEST['id'])">
> <!--#/with-->
>
> And when I try creating a new object, it blows up in my face with this
> error:
Walter -
this is sort of a tricky one :( The problem is that the
ZClass id bug is a legitimate bug (fixed in the 2.2 series),
but your fix uses a method that should never have been
accessible in the first place (and in fact the hotfix makes
it inaccessible, as it should have been all along).
So there are two things you could do here to get along until
you can upgrade to 2.2. One, you could edit the __init__.py
in the Hotfix product's directory and comment out the line:
DocumentTemplate.DT_String.String.setName__roles__=[]
...and restart Zope. That will make the setName method
unprotected again though, so don't do this lightly. By
unprotected I mean that other people could call setName
on _your_ objects and screw things up if they wanted to.
An alternative would be to create an external method like
the following in your class:
def temporary_hack(self, id):
self._setId(id)
...and try using:
<!--#with "myZClass.createInObjectManager(REQUEST['id'], REQUEST)"-->
<dtml-call "temporary_hack(REQUEST['id'])">
<!--#/with-->
That should let you solve it without reopening a security hole.
Hope this helps!
Brian Lloyd brian@digicool.com
Software Engineer 540.371.6909
Digital Creations http://www.digicool.com