[Zope-Perl] Security and CODE
Andy McKay
andym@ActiveState.com
Mon, 26 Mar 2001 13:09:56 -0800
Oops forgot to cc list on this one. Jim pointed out that there are ways to
fix this in the product and it would be fixed by the time it became final.
--
Andy McKay.
----- Original Message -----
From: "Andy McKay" <andym@ActiveState.com>
To: "David Kulp" <David_Kulp@affymetrix.com>
Sent: Monday, March 26, 2001 9:32 AM
Subject: Re: [Zope-Perl] Security and CODE
> Have you added the security hack in to
> lib/python/AccessControl/SimpleObjectPolicies.py as per Chris's example?
>
> http://www.zope.org/Members/andym/wiki/SampleApp
>
> --
> Andy McKay.
>
>
> ----- Original Message -----
> From: "David Kulp" <David_Kulp@affymetrix.com>
> To: <zope-perl@zope.org>
> Sent: Sunday, March 25, 2001 12:01 AM
> Subject: [Zope-Perl] Security and CODE
>
>
> > OK, I've been pulling my hair out and am about to throw in the towel. I
> > think I'm working on something that's a litle too bleeding edge?
> >
> > My problem: I cannot get Perl scripts to return hash refs. Returning
> > references to hashes causes a security violation like
> > below (why?). Similar problem with array refs.
> >
> > Perl script is simple:
> >
> > my %a = ('a',2);
> > return \%a;
> >
> > DTML is simple:
> >
> > The value is <dtml-let x="perlref()"><dtml-var
> expr="x.get('a')"></dtml-let>
> >
> >
> > I've studied the examples on zwiki and I believe I'm doing things
> > correctly! I've tried too many minor modifications in syntax, using
> > explicit vars, etc., but no dice.
> >
> > What's even stranger is that I also have an external Perl script that
I've
> > boiled down at this point to just "return [ 1, 2 ];" and there's a
> > corresponding <dtml-let rec="func(...)"><dtml-in rec>...
> > and I get the error "Error Type: PerlError. Error Value: Not a CODE
> > reference" on the <dtml-in>. I have the same problem if I
> > "return { 1, 2 }". No problem at all when just "return 2;" with
> > <dtml-let rec="func(...)"><dtml-var rec>. Works fine.
> >
> > I've got the latest everything as of 1 or 2 days ago.
> >
> > Zope 2.3.0
> > zoperl-1.0.beta5
> > pyperl-1.0.1
> > Python 2.0
> > ActivePerl v5.6.1-TRIAL2
> >
> >
> > Thanks for any help.
> > -david
> >
> >
> >
> >
> > Zope Error
> >
> > Zope has encountered an error while publishing this resource.
> >
> > Unauthorized
> >
> > Sorry, a Zope error occurred.
> >
> > Traceback (innermost last):
> > File /home/dkulp/Zope-2.3.0-src/lib/python/ZPublisher/Publish.py, line
> > 222, in publish_module
> > File /home/dkulp/Zope-2.3.0-src/lib/python/ZPublisher/Publish.py, line
> > 187, in publish
> > File /home/dkulp/Zope-2.3.0-src/lib/python/ZPublisher/Publish.py, line
> > 171, in publish
> > File /home/dkulp/Zope-2.3.0-src/lib/python/ZPublisher/mapply.py, line
> > 160, in mapply
> > (Object: testperlref)
> > File /home/dkulp/Zope-2.3.0-src/lib/python/ZPublisher/Publish.py, line
> > 112, in call_object
> > (Object: testperlref)
> > File /home/dkulp/Zope-2.3.0-src/lib/python/OFS/DTMLMethod.py, line
189,
> > in __call__
> > (Object: testperlref)
> > File
> > /home/dkulp/Zope-2.3.0-src/lib/python/DocumentTemplate/DT_String.py,
line
> > 538, in __call__
> > (Object: testperlref)
> > File /home/dkulp/Zope-2.3.0-src/lib/python/DocumentTemplate/DT_Let.py,
> > line 147, in render
> > (Object: x="perlref()")
> > File
/home/dkulp/Zope-2.3.0-src/lib/python/DocumentTemplate/DT_Util.py,
> > line 334, in eval
> > (Object: x.get('a'))
> > (Info: x)
> > File <string>, line 0, in ?
> > File
/home/dkulp/Zope-2.3.0-src/lib/python/DocumentTemplate/DT_Util.py,
> > line 140, in careful_getattr
> > File /home/dkulp/Zope-2.3.0-src/lib/python/OFS/DTMLMethod.py, line
261,
> > in validate
> > (Object: testperlref)
> > File
> > /home/dkulp/Zope-2.3.0-src/lib/python/AccessControl/SecurityManager.py,
> > line 144, in validate
> > File
> >
/home/dkulp/Zope-2.3.0-src/lib/python/AccessControl/ZopeSecurityPolicy.py,
> > line 168, in validate
> > Unauthorized: get
> >
> >
> >
> > _______________________________________________
> > Zope-perl maillist - Zope-perl@zope.org
> > http://lists.zope.org/mailman/listinfo/zope-perl
> >
>