[Zope-Perl] security
Gisle Aas
gisle@ActiveState.com
24 Jan 2001 11:34:55 -0800
Gisle Aas <gisle@ActiveState.com> writes:
> You should really be able to force this yourself with a Script(Perl)
> thing that does:
>
> my %hash = ( a => 42 );
> return Python::dict(%hash);
>
> But I don't really see how that helps, as you can't set the __roles__
> attribute on dicts either. Currently this does not work because the
> Python:: namespace is not really set up for safe compartments, but
> that should not be hard to fix. Setting up all the Python constructor
> functions is probably needed if you want to reliably determine what
> type a PerlMethod returns (int vs. float vs. strings).
This is a patch that should make the code above work:
Change 14071 by gisle@caliper on 2001/01/24 11:33:19
Make the Python::* constructor functions available in the compartment
of Script(Python).
Affected files ...
... //depot/main/Apps/Bifrost/zoperl/lib/perl/Zope.pm#7 edit
Differences ...
==== //depot/main/Apps/Bifrost/zoperl/lib/perl/Zope.pm#7 (text) ====
@@ -155,6 +155,15 @@
*{"$root\::Python::Object::AUTOLOAD"} = \&compartment_pyobject_AUTOLOAD;
*{"$root\::AUTOLOAD"} = *AUTOLOAD;
+ # make python constructors available
+ *{"$root\::Python::int"} = \&Python::int;
+ *{"$root\::Python::long"} = \&Python::long;
+ *{"$root\::Python::float"} = \&Python::float;
+ *{"$root\::Python::complex"} = \&Python::complex;
+ *{"$root\::Python::list"} = \&Python::list;
+ *{"$root\::Python::tuple"} = \&Python::tuple;
+ *{"$root\::Python::dict"} = \&Python::dict;
+
# This hack make sure Python::Object objects in the compartment will
# not get confused about their names.
require Hack::Names;