[Zope] Prevent recursive and multiple URLs in Zope

Dieter Maurer dieter@handshake.de
Sun, 11 Aug 2002 20:02:14 +0200 

Urs van Binsbergen writes:
 > ...
 > > > b) Technically: Working with relative links becomes unreliable and
 > > > dangerous. Problem #1 causes a relative URL to sometimes work and
 > > > sometimes not work, depending on whether the visitor accesses "foo/bar/"
 > > > or "foo/bar".
 > >Only, when you do strange strings. Usually, Zope sets the HTML base
 > >tag, such that it does not matter whether the user uses "foo/bar/"
 > >or "foo/bar".
 > It does? Not with my installation (2.5)! I am using the default
 > header/footer, or looking at a zpt page (with the default code
 > auto-created after adding it) - no base href appears.  Is this a setting
 > I must change?
Zope will only add a "base" tag when it (implicitly) changed the URL
(e.g. by appending "index_html").

I have almost the same Zope version (2.5.1) and it does it for me.
Moreover, it is a very old feature. It is very unlikely that recent
Zope versions (from 2.1.6 onwards) do it differently.

 > >When you use relative links in the same way you are forced to do it
 > >in a file system based publishing environment, there will be no
 > >infinite recursion. Simply avoid relative links containing a "/"
 > >not preceeded by "..". Use an absolute URL otherwise.
 > Ok, but who can guarantee me that anybody working with the system
 > (especially the non-technical guys) will always stick to this rule?
 > Nobody! Errare humanum est. Unless I validate all user-generated code I
 > can't expect this is done in a correct way all the time.
Then check for them.

 > >You may also learn about SiteAccess AccessRules (--> documentation
 > >on Zope.org).
 > As I wrote I already checked this out:
 > "I tried to do it using an Access Rule with SiteAccess2
 > ...
You should read my responses more carefully ;-)

  I said, forget about the trailing "/" URL problem (you correctly found out,
  that SiteAccess can not help you with this).

  Look at SiteAccess. Of course, this refers only to the remaining
  second problem, the repeated URL segments.
  Here, SiteAccess can help you...


Dieter