[Zope] Re: getSlice error in wiki folder with many objects?
Jamie Heilman
jamie@audible.transient.net
Wed, 16 Jul 2003 14:49:35 -0700
Bill Seitz wrote:
> By jove, you've got it!
I wish I could say I'm surprised. As long as the ZMI uses DTML it
will be vulnerable to a host of stupid attacks like this one, wherever
a user is allowed to create objects in the zodb with an id of their
choosing.
The ZMI really needs to be completely redone using page templates but
its a) a lot of work, and b) very tricky in parts thanks to import
dependancies.
--
Jamie Heilman http://audible.transient.net/~jamie/
"We must be born with an intuition of mortality. Before we know the words
for it, before we know there are words, out we come bloodied and squalling
with the knowledge that for all the compasses in the world, there's only
one direction, and time is its only measure." -Rosencrantz