[Zope] acquisition failure puuzzle or maybe something else

Dennis Allison allison at shasta.stanford.edu
Fri Jul 27 14:35:22 EDT 2007


The values are validated and are simple strings.  For our testing purpose 
they are things like 'aaa'.  Also, if that were the problem, eval would 
have thrown a different error since it most likely evaluates the 
parameters before trying to bind the call.  In our testing we have 
replaced the catenation with a static string but still get the error.


On Fri, 27 Jul 2007, Jonathan wrote:

> 
> ----- Original Message ----- 
> From: "Dennis Allison" <allison at shasta.stanford.edu>
> To: <zope at zope.org>
> Sent: Friday, July 27, 2007 1:18 PM
> Subject: [Zope] acquisition failure puuzzle or maybe something else
> >
> > I have a dtml method is a folder C and a folder setup
> >
> > /
> >  A
> >  B
> >  C
> >  scripts
> >
> >
> > In the dtml method, there is a call to a script passing in a composed
> > string made up of variables passed in through request inside of a
> > dtml-let,
> >
> > <dtml-let  someval="scripts.cleanfilename(cgivar1+'_'+cgivar2)"
> >        >
> >             --- methods that use someval ---
> >        </dtml-let>
> >
> > a pattern we have used in many places without a problem.
> >
> > In this particular case, Zope throws an error
> >     File "<string>", line 1, in <expression>
> >   AttributeError: cleanfilename
> >
> > The failing line is (literally)
> >
> >  <dtml-let sname="scripts.cleanfilename(user_lastname+'_'+user_firstname)"
> 
> What are the values of cgivar1 and cgivar2 when the error is thrown? (ie. 
> does the cgivar1+'_'+cgivar2 code evaluate to an illegal string - possible 
> if someone enters a name with a character that will kill your code, such as 
> o'neil)
> 
> 
> Jonathan
> 
> 

-- 



More information about the Zope mailing list