[Zope] Newbie needs help - Zope 2.6.1 corrupting user objects?

John Pedersen charles.pedersen@sri.com
Fri, 25 Jul 2003 08:46:56 -0700 

Danke Dieter for your timely reply.

I panicked a bit when I first saw the trace.  After I sent out my message, I
looked at it more carefully and realized that indeed, the "Favorites" folder
was the problem.

In this user's case (and in one other) there was a Favorites folder created,
and a link placed inside in after a script action was triggered by clicking
on an 'add to favorites' link.  I did a bit of experimenting, creating some
bogus accounts and discovered that for those with 'member' roles, I could
cause this problem either by invoking the link or by trying to create a
'Favorites' folder by hand in the proper location.

After I figured out that it was associated with this bit of site
functionality, I went back and checked all of my site members and discovered
that only two members, who have full admin privileges on the site, have this
working properly, two used it and blew their accounts away, and other 100 or
so hadn't used it yet.  So I assumed there was a permissions problem and
that's driven me back into reviewing how we've got this bit configured.

I went back and looked at the links in the accounts that displayed the
runtime error and those that didn't, and I found that through the ZMI
interface, I would 'view' the links in those accounts where it worked, but
in those where the runtime error was displayed, the links under this folder
couldn't be viewed.  I also noted that the 'bad' links were to pages which
ought to be viewable to that member.

In the meantime, this seems like a pretty catastrophic way to fail for a
simple you don't have permission to do this kind of error.

I'm going to take this discussion over to the Plone list, since I think that
this Add to My Favorites is their bit, but any other thoughts you have for
resolving this would really be appreciated.

Vielen dank fur alles

John



> -----Original Message-----
> From: Dieter Maurer [mailto:dieter@handshake.de]
> Sent: Thursday, July 24, 2003 4:40 PM
> To: John Pedersen
> Cc: zope@zope.org
> Subject: Re: [Zope] Newbie needs help - Zope 2.6.1 corrupting user
> objects?
>
>
> John Pedersen wrote at 2003-7-23 14:44 -0700:
>  > ...
>  > I've got about a hundred site members and I've had three
> instances now where
>  > for some as yet undetermined reason, something in a user's
> account becomes
>  > corrupted and they can no longer log in.  When this happens,
> each time the
>  > user goes to log in, a stack trace is created.  Apparently this happens
>  > after the user password is  compared to what Zope knows,
> because changing
>  > the user password through the management interface will
> instead cause the
>  > expected password failure page to be rendered.
>  > ...
>  > RuntimeError
>  > ...
>  >    * Module Products.PageTemplates.PageTemplate, line 95, in pt_render
>  >      <FSPageTemplate at /Plone/folder_listing used for
> /Plone/Members/lvoss/Favorites>
>  > ...
>  >     * Module Products.PageTemplates.TALES, line 217, in evaluate
>  >       Line 184, Column 24
>  >       Expression: standard:'folder'
>  > ...
>  >    * Module Products.PageTemplates.PageTemplate, line 95, in pt_render
>  >      <FSPageTemplate at /Plone/folder_listing used for
> /Plone/Members/lvoss/Favorites>
>  > ...
>  >     * Module Products.PageTemplates.TALES, line 217, in evaluate
>  >       Line 184, Column 24
>  >       Expression: standard:'folder'
>  > ...
>  >
>  > RuntimeError: maximum recursion depth exceeded (Also, an error
> occurred while attempting to render the standard error message.)
>
> This is not a corrupted user information. It's a standard
> endless recursion broken by Python's "maximal recursion depth".
>
> Somehow, the evaluation of "folder" in "folder_listing" for
> "/Plone/Members/lvoss/Favorites" results in calling itself.
> Look at ".../lvoss/Favorites". It probably contains
> an object with a dangerous id, maybe "folder" or "folder_listing".
>
> If not obvious, tell us what you see there (after you asked
> user "lvoss" for permission).
>
>
> Dieter

> -----Original Message-----
> From: Dieter Maurer [mailto:dieter@handshake.de]
> Sent: Thursday, July 24, 2003 4:40 PM
> To: John Pedersen
> Cc: zope@zope.org
> Subject: Re: [Zope] Newbie needs help - Zope 2.6.1 corrupting user
> objects?

> This is not a corrupted user information. It's a standard
> endless recursion broken by Python's "maximal recursion depth".
>
> Somehow, the evaluation of "folder" in "folder_listing" for
> "/Plone/Members/lvoss/Favorites" results in calling itself.
> Look at ".../lvoss/Favorites". It probably contains
> an object with a dangerous id, maybe "folder" or "folder_listing".
>
> If not obvious, tell us what you see there (after you asked
> user "lvoss" for permission).
>
>
> Dieter