[Zope-dev] ZSQL methods seriously broken

Martijn Faassen faassen@vet.uu.nl
Mon, 9 Apr 2001 16:18:59 +0200


Hi there,

Type marshalling is seriously broken in ZSQL methods. The bug is a bit
subtle, though.  There are reports of this in the collector almost a month
old, and the severity of this bug is pretty high (could seriously disrupt Zope
upgrades to recent versions which apparently have this bug; I don't know
when it was introduced), so I'm making some extra noise about it here.

First how to reproduce the bug:

Create a ZSQL method 'my_method'.

Give it an argument:

foo:int

and some body.

Now make a DTML Method, 'test_my_method'

Do something like this following:

<dtml-call "my_method(foo='blah')">

What should happen is a failure of 'my_method'. my_method however happily
continues, treating 'foo' as a string.

This can lead to subtle bugs; you push in a '0' string expecting the
type marshalling will make it a 0. Then you put a <dtml-if "foo == 0">
somewhere in your ZSQL template, and the condition will never be true, as
foo will always be a string.

This bug is relatively hard to discover; the ZSQL *test screen* does do
the proper marshalling, as the marshalling bits are placed in the test form
body (<input type="text" name="foo:int">). And of course for most ZSQL
methods, you use <dtml-sqlvar foo type="int">,  which does its own marshalling.

I've seen this bug in 2.3.0 and 2.3.1. From collector reports it also
looks like default arguments don't work either.

I hope the bug is hereby noted by the powers that be. :) The fix is
along the lines of using the ZPublisher Converters module in 
ZSQL methods somehow, I suspect.

Regards,

Martijn