[Zope-dev] Re: Security audit introduced problem in
PageTemplates/Expression.py
Tres Seaver
tseaver at zope.com
Thu Jan 15 08:48:14 EST 2004
Stuart Bishop wrote:
> On 13/01/2004, at 4:19 PM, Stuart Bishop wrote:
>
>> The 'security audit work for the 2.7 branch' commit on 8th Jan made
>> the following change in PageTemplates/Expression.py:
>
>
> As well as in other locations such as ZopeGuards.py.
>
> I've opened http://collector.zope.org/Zope/1182 with some
> example code.
>
> Anyone know if None is being passed as the name in some locations?
> I don't think it would be helpful for me to go around reversing
> code changed by a security audit without some background.
I committed that change, but didn't do the original work. I did have a
discussion with Jim which touched on it: the purpose of the change was
to make access via '__getitem__' homogenous across all keys / indexes,
because (as we thought, anyway) there was not any reasonable use case
for heterogenous access.
I will let Jim comment on your use case.
Tres.
--
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
More information about the Zope-Dev
mailing list