[Zope] 2.1.4 to 2.1.6 nightmare

John Morton zope@zope.org
Thu, 25 May 2000 11:43:23 +1200 (NZST) 

On Wed, 24 May 2000 13:38:55 -0400 (CLT) you wrote:

 > 
 > Hi Zopistas,
 > 
 > after upgrading Zope (in a debian/Linux system) from 2.1.4 to 2.1.6
 > the acquisition rules seems to be broken.
 > 
 > As an example supose we have this tree structure
 > 
 > ---|- aviso
 >    |- foo
 >    |- bar     
 >       |- X_sql (sql method)
 > 
 > 
 > 
 > X_sql is a sql method with to parameters: objeto, aviso
 > 
 > here is the template:
 > 
 > INSERT INTO linea_publicacion
 >   (publicacion,aviso)
 > VALUES
 >   (&dtml-objeto;,&dtml-aviso;)
 > 
 > when zope renders this template to execute the sql, it renders
 > 
 > INSERT INTO linea_publicacion
 >   (publicacion,aviso)
 > VALUES
 >   (3,<Folder instance at 8580aa0>)
 > 
 > so it replaces aviso with the folder instance aviso.
 > 
 > Apart of discarding the explicit parameter "aviso", the aviso folder
 > is not parent of bar so it shoudn't acquire it.
 > 
 > So, who can explain me this??
 > 
 > is that a bug in Zope 2.1.6 ??  Zope 2.1.4 works fine.


Yes. ZSQL methods attempt to acquire values _before_ using the ones you
supply directly. It's been discussed on the list earlier this month, as I
found out when I stumbled upon it on Monday. Lots of things in 2.1.6 are
worth keeping, however, so I patched it. Just as soon as I have the time
I'll post a formal patch just as soon as I have time, but here's a quick
rundown:

In lib/python/Shared/DC/ZRDB/Aquaduct.py you should see something like
this:

class BaseQuery(Persistent, SimpleItem.Item,
                Acquisition.Implicit, RoleManager):

    def query_year(self): return self.query_date.year()
    def query_month(self): return self.query_date.month()
    def query_day(self): return self.query_date.day()
    query_date=DateTime.now()
    manage_options=()

    def quoted_input(self): return quotedHTML(self.input_src)
    def quoted_report(self): return quotedHTML(self.report_src)

    MissingArgumentError='Bad Request'

    def _convert(self): self._arg=parse(self.arguments_src)

    def _argdata(self, REQUEST):

        r=ArgWrapper()

Change that last line to:

        r={}

Then, in lib/python/Shared/DC/ZRDB/DA.py, in  __call__, look for this:

   query=apply(self.template, (p, argdata))

And change it to:

 query=apply(self.template, (p,), argdata)

That seemed to fix the problem for me. Brickbats to DC for releasing a
security update that breaks functionality this badly, but kudos to them
for releasing the code so we can patch around problems.

John