[Zope] Re: ExternalFile errors

Steve McMahon steve at dcn.org
Fri Jan 7 12:23:16 EST 2005 

Two (late) solutions:

1) If you don't need the batch addition support, just comment out the 
section of create.pt that calls gethostname and the whole div that 
supports batch addition.

2) If you're more adventurous, add to __init__.py security declarations 
to make the needed module functions public. The code will look like:

from AccessControl import ModuleSecurityInfo

ModuleSecurityInfo('ExternalFile').declarePublic('gethostname')
ModuleSecurityInfo('ExternalFile').declarePublic('illegalCharsAsString')
ModuleSecurityInfo('ExternalFile').declarePublic('omittedDirNamesAsString')
ModuleSecurityInfo('ExternalFile').declarePublic('omittedDirPrefixesAsString')
ModuleSecurityInfo('ExternalFile').declarePublic('omittedDirSuffixesAsString')
ModuleSecurityInfo('ExternalFile').declarePublic('omittedFileNamesAsString')
ModuleSecurityInfo('ExternalFile').declarePublic('omittedFilePrefixesAsString')
ModuleSecurityInfo('ExternalFile').declarePublic('omittedFileSuffixesAsString')

ModuleSecurityInfo('ExternalFile').apply(globals())

Then, in www/create.pt, add a line like:

   <tal:work define="global ef modules/Products/ExternalFile" />

change

tal:content="container/gethostname"

to

tal:content="ef/gethostname"

and ALL the code like:

tal:attributes="value container/illegalCharsAsString"

to

tal:attributes="value python: ef.illegalCharsAsString(container)"

If you don't want to mess with the security declarations, you could also 
just edit www/create.pt to remove the section that prints the hostname 
and all the "tal:attributes..." that supply default values in the batch 
section.

Steve

BTW, I don't regularly watch this list; so if you'd like my attention in 
a reply, please CC me.

Chris H wrote:
> Greets;
> 
> Testing externalFile from collective cvs consistantly gives the 
> following error upon creating an instance, regardless of user that 
> starts the zope process.
> 
> URL: manage_addExternalFileForm
> Line 36, Column 5
> Expression: standard:'container/gethostname'
> Names:
> {'container': <__FactoryDispatcher__ instance at 40f65340>,
> 'context': <__FactoryDispatcher__ instance at 40f65340>,
> 'default': <Products.PageTemplates.TALES.Default instance at 0x40b8ae6c>,
> 'here': <__FactoryDispatcher__ instance at 40f65340>,
> 'loop': <SafeMapping instance at 40f653e0>,
> 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter 
> instance at 0x40b8fb0c>,
> 'nothing': None,
> 'options': {'args': ()},
> 'repeat': <SafeMapping instance at 40f653e0>,
> 'request': <HTTPRequest, 
> URL=http://localhost:8080/manage_addProduct/ExternalFile/create>,
> 'root': <Application instance at 417e2a10>,
> 'template': <PageTemplateFile at /manage_addExternalFileForm>,
> 'traverse_subpath': [],
> 'user': chris}
> Module Products.PageTemplates.Expressions, line 201, in __call__
> Module Products.PageTemplates.Expressions, line 189, in _eval
> Module Products.PageTemplates.Expressions, line 145, in _eval
> __traceback_info__: container
> Module Products.PageTemplates.Expressions, line 340, in restrictedTraverse
> __traceback_info__: {'path': ['gethostname'], 
> 'TraversalRequestNameStack': []}
> Unauthorized: You are not allowed to access 'gethostname' in this 
> context (Also, an error occurred while attempting to render the standard 
> error message.)
> 
> Any suggestions on how to resolve this?
> 
> /ch

More information about the Zope mailing list