[Zope] Object's lines properties break code in Zope264rc2
Brian Lloyd
brian at zope.com
Tue Feb 10 13:23:51 EST 2004
> An object with lines properties in Zope264rc2 returns a tuple, while in
> Zope261 it returns a list.
> I haven't found information about this, neither in the 264rc2's
> changes log
> nor within this list. Is it a bug or a new feature?
It is a bug fix / security fix. Storing properties in lists
is bad because lists are mutable and cannot be protected
directly using security assertions. Theoretically, an evil-
intentioned scripter could change a property if it is stored
as a list (though they'd have to find some way to force the
persistent state of the parent object to be saved for the
change to be saved).
Brian Lloyd brian at zope.com
V.P. Engineering 540.361.1716
Zope Corporation http://www.zope.com
More information about the Zope
mailing list