[Zope-dev] ZPatterns bug. Very serious.

Phillip J. Eby pje@telecommunity.com
Thu, 22 Jun 2000 10:56:02 -0500


At 11:11 PM 6/22/00 +0800, mike wrote:
>
>000000000025 'self'={'_v_attrCache': {'a_': [],
>'filtered_manage_optionsisDocTemp': [],
>'_Change_permissions_Permission': [], 'MANAGE_TABS_NO_BANNER': [],
>'im_func': [], '__allow_groups__': [], '_Manage_properties_Permission':
>[], 'tabs_path_infoisDocTemp': [], '__roles__': [], 'target': [],
>'_View_Permission': [], 'Zope-Version': [],
>'locked_in_versionisDocTemp': [], 'n_': [], 'PATH_INFO': [],
>'AUTHENTICATED_USER': [], 'manage_tabs_message': [],
>'tabs_path_info__roles__': [], 'SCRIPT_NAME': [], 'REQUEST': [],
>'__bobo_traverse__': [], 'URL': [], 'locked_in_version__roles__': [],
>'_isBeingUsedAsAMethod_': []}, 'id': '000000000025', '_v_dm_': <Rack
>instance at 8649988>, '_v_writeableSlot': <PersistentMapping instance at
>864ae78>, '_v_readableSlot': <PersistentMapping instance at 864ae78>,
>'_v_currentSheets': (<PropertySheet instance at 864a240>,),
>'_rackMounted': 1}
>
>-------------------------------------------
>
>Wow! _v_attrCache stores a lot of various junk, including REQUEST!!!
>This disables, by the way, all the security mechanisms on traversed
>items!
>
>
>Phillip, would you be so kind and fix this? ;-)
>

This is not a bug, it's a feature.  :)  If you look closely at the
dictionary, you will see it contains empty lists for all these items.
These empty lists are the DataSkins.NOT_FOUND singleton, which caches the
nonexistence of these attributes.  This is not a security problem, nor any
other kind of problem.  It is instead a performance optimization which
keeps the DataSkin from querying all the AttributeProviders every time a
known-to-be-nonexistent attribute is looked for.