[Zope] Security on email.Message.Message
Andreas Jung
lists at andreas-jung.com
Tue Apr 12 11:23:07 EDT 2005
--On Dienstag, 12. April 2005 16:18 Uhr +0100 Tim Hicks
<tim at sitefusion.co.uk> wrote:
> Hi,
>
> I'm trying to import and use the email.Message.Message class in a zope
> 'Script (Python)'.
>
> I have the following security assertions in my product code::
>
> from AccessControl import allow_module, allow_class
> from AccessControl import ModuleSecurityInfo
>
> ModuleSecurityInfo('email.Message').declarePublic('Message')
> from email.Message import Message
> allow_class(Message)
>
> As a result, I can successfully import like::
>
> from email.Message import Message
>
> I can even create an instance and call most methods on it::
>
> m = Message()
> m.set_payload('read that')
>
> However, when I try to use the mapping interface, I get an error. For
> example, the following::
>
> m['from'] = 'tim at example.com'
>
> produces a traceback like::
>
> Traceback (innermost last):
> Module ZPublisher.Publish, line 101, in publish
> Module ZPublisher.mapply, line 88, in mapply
> Module ZPublisher.Publish, line 39, in call_object
> Module Shared.DC.Scripts.Bindings, line 306, in __call__
> Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec
> Module Products.PythonScripts.PythonScript, line 323, in _exec
> Module None, line 6, in AAA
> - <PythonScript at /test/AAA>
> - Line 6
> Module RestrictedPython.Guards, line 96, in handler
> TypeError: object does not support item or slice assignment
>
> Does anyone have any idea what the problem is?
Move your code into an external method which is less painful than dealing
with module security issues. As an alternative: look at TrustedExecutables.
-aj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20050412/a436a0c4/attachment.bin
More information about the Zope
mailing list