[Zope] acquisition failure puuzzle or maybe something else
Dennis Allison
allison at shasta.stanford.edu
Fri Jul 27 14:35:22 EDT 2007
The values are validated and are simple strings. For our testing purpose
they are things like 'aaa'. Also, if that were the problem, eval would
have thrown a different error since it most likely evaluates the
parameters before trying to bind the call. In our testing we have
replaced the catenation with a static string but still get the error.
On Fri, 27 Jul 2007, Jonathan wrote:
>
> ----- Original Message -----
> From: "Dennis Allison" <allison at shasta.stanford.edu>
> To: <zope at zope.org>
> Sent: Friday, July 27, 2007 1:18 PM
> Subject: [Zope] acquisition failure puuzzle or maybe something else
> >
> > I have a dtml method is a folder C and a folder setup
> >
> > /
> > A
> > B
> > C
> > scripts
> >
> >
> > In the dtml method, there is a call to a script passing in a composed
> > string made up of variables passed in through request inside of a
> > dtml-let,
> >
> > <dtml-let someval="scripts.cleanfilename(cgivar1+'_'+cgivar2)"
> > >
> > --- methods that use someval ---
> > </dtml-let>
> >
> > a pattern we have used in many places without a problem.
> >
> > In this particular case, Zope throws an error
> > File "<string>", line 1, in <expression>
> > AttributeError: cleanfilename
> >
> > The failing line is (literally)
> >
> > <dtml-let sname="scripts.cleanfilename(user_lastname+'_'+user_firstname)"
>
> What are the values of cgivar1 and cgivar2 when the error is thrown? (ie.
> does the cgivar1+'_'+cgivar2 code evaluate to an illegal string - possible
> if someone enters a name with a character that will kill your code, such as
> o'neil)
>
>
> Jonathan
>
>
--
More information about the Zope
mailing list