[Zope3-dev] datetime module

Marius Gedminas mgedmin@codeworks.lt
Thu, 7 Nov 2002 16:38:23 +0200


On Thu, Nov 07, 2002 at 10:29:43AM +0000, Steve Alexander wrote:
> In Python2.3, datetime is a builtin.
> In Python2.2 with Zope3, datetime is in the same place (lib/python), and 
> so is a "given".

(At the moment is looks like Zope3 _datetime module is used even when
running under Python 2.3)

> So, I think its security declarations belong in Checker.py, along with 
> the declarations for other builtins such as dicts, tuples, lists and 
> strings.

Added those.

On Thu, Nov 07, 2002 at 08:36:37AM -0500, Guido van Rossum wrote:
> > - date/time objects cannot be pickled, betcause datetime.basetime
[...]
> 
> I think it's better to tip out the __slots__; I see no need for it.
> (But do run the datetime test suite before committing.)

OK, done.  Both test suites (datetime and the global Zope one) pass with
both Python versions (2.2 and 2.3a0).

(BTW both commits will appear from Vika as we were pair-programming from
her account.)

> > - date/time objects are inaccessible from untrusted code (e.g. you
> >   cannot do a somedateobject.isoformat() from a page template).
> >   Should there be appropriate security declarations somewhere in the
> >   configure.zcml forest, or should these date/time objects be kept
> >   unwrapped like objects of Python builtin types?
> 
> I think so.  Jim?

I should think twice before asking a question that can be
(mis)interpreted as a Boolean expression. ;-)

Marius Gedminas
-- 
Bumper sticker: No radio - Already stolen.