[Zope] Re: Problem Augmented assignment
Dieter Maurer
dieter at handshake.de
Fri Jun 8 14:19:34 EDT 2007
julian wrote at 2007-6-4 10:34 +0200:
>The event.log
> ...
> Module None, line 8, in getProduct
> - <PythonScript at /SITES/my_site/directory1/sub_directory1/getProduct>
> - Line 8
> Module AccessControl.ZopeGuards, line 478, in protected_inplacevar
>TypeError: Augmented assignment to And objects is not allowed in
>untrusted code
Someone introduced a new security mechanism between Zope 2.8
and Zope 2.9:
Inplace operations (such as "&=") are only allowed for
"list" and "set".
The implementer did not realize that there are situation when
such inplace operations should be allowed -- as for e.g.
"AdvancedQuery.And". They did not provide for any declarations
that would allow this.
Consequence:
Until Zope is fixed, "AdvancedQuery" can do nothing
that "&=" and "|=" and friends work in untrusted code.
You have already found a workaround:
"x &= y" is very similar to "x = x & y".
It is slightly less efficient (not an issue in this case)
and it does not affect other bindings of "x".
--
Dieter
More information about the Zope
mailing list