[ZCM] [ZC] 1186/ 2 Assign "Stopped working in 2.7.B4: <dtml-var "[x
for x in ['list', 'comprehension']]">"
Collector: Zope Bugs, Features,
and Patches ...
zope-coders-admin at zope.org
Fri Jan 16 10:20:43 EST 2004
Issue #1186 Update (Assign) "Stopped working in 2.7.B4: <dtml-var "[x for x in ['list','comprehension']]">"
Status Accepted, Zope/bug medium
To followup, visit:
http://zope.org/Collectors/Zope/1186
==============================================================
= Assign - Entry #2 by tim_one on Jan 16, 2004 10:20 am
Status: Pending => Accepted
Supporters added: tim_one
Yes, this is a consequence of security fixes. Iteration extracts objects from a container, and before the fixes no security check was made on the objects getting extracted. The new internal _getiter_() function wraps iteration to perform such checks before delivering the extracted objects.
Alas, I don't understand the implementation of DTML, and so far haven't been able to figure out a correct way to add this (& other new security wrappers) to the environment DTML runs under.
________________________________________
= Request - Entry #1 by mgf on Jan 16, 2004 4:09 am
The following DTML worked fine in Zope 2.6.2/Py 2.1.3:
<dtml-var "[x for x in ['a','b']]">
Under Zope 2.7.0-b4 (python 2.3.3, win32), it fails with a
NameError name '_getiter_' is not defined.
This may perhaps be a undesired side-effect of the security fixes made to 2.6.3/2.7.b4, although I couldn't test under 2.6.3.
Best regards,
Martin
==============================================================
More information about the Zope-Collector-Monitor
mailing list