[Zope] Security on email.Message.Message

Andreas Jung lists at andreas-jung.com
Tue Apr 12 11:23:07 EDT 2005



--On Dienstag, 12. April 2005 16:18 Uhr +0100 Tim Hicks 
<tim at sitefusion.co.uk> wrote:

> Hi,
>
> I'm trying to import and use the email.Message.Message class in a zope
> 'Script (Python)'.
>
> I have the following security assertions in my product code::
>
>   from AccessControl import allow_module, allow_class
>   from AccessControl import ModuleSecurityInfo
>
>   ModuleSecurityInfo('email.Message').declarePublic('Message')
>   from email.Message import Message
>   allow_class(Message)
>
> As a result, I can successfully import like::
>
>   from email.Message import Message
>
> I can even create an instance and call most methods on it::
>
>   m = Message()
>   m.set_payload('read that')
>
> However, when I try to use the mapping interface, I get an error.  For
> example, the following::
>
>   m['from'] = 'tim at example.com'
>
> produces a traceback like::
>
>   Traceback (innermost last):
>     Module ZPublisher.Publish, line 101, in publish
>     Module ZPublisher.mapply, line 88, in mapply
>     Module ZPublisher.Publish, line 39, in call_object
>     Module Shared.DC.Scripts.Bindings, line 306, in __call__
>     Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec
>     Module Products.PythonScripts.PythonScript, line 323, in _exec
>     Module None, line 6, in AAA
>      - <PythonScript at /test/AAA>
>      - Line 6
>     Module RestrictedPython.Guards, line 96, in handler
>   TypeError: object does not support item or slice assignment
>
> Does anyone have any idea what the problem is?

Move your code into an external method which is less painful than dealing
with module security issues. As an alternative: look at TrustedExecutables.

-aj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20050412/a436a0c4/attachment.bin


More information about the Zope mailing list