[Zope-dev] Possible security problem with DTML

kosh kosh@aesaeion.com
Mon, 24 Mar 2003 10:28:24 -0700


On Monday 24 March 2003 09:05 am, Leonardo Rochael Almeida wrote:
> On Fri, 2003-03-21 at 20:08, kosh wrote:
> > I am having a problem where DTML is allowing access to an attribute of an
> > object that restrictedTraverse and regular . notation denies from a
> > python script.
>
> This is pretty serious. You should post this as a bug in the collector.
>
> 	Cheers, Leo

Yeah I will report this to the collector I just wanted to see if anyone else 
had seen this or thought it was a bug or some really weird thing that is 
supposed to happen but not documented. It would not be the first time that 
zope had some really strange stuff in it. ;)