[Zope-dev] RestrictedPython, TALES Expressions and CMF

Sidnei da Silva sidnei at enfoldsystems.com
Mon Oct 10 18:37:19 EDT 2005


(sorry for the cross-post)

I'm currently facing an issue that seems to be a result of a bad
interaction between CMF, TALES and Restricted Python.

The issue currently happens when:

  1. A TALES 'Path Expression' in 'Caching Policy Manager' is evaluated
  2. The result of evaluating a sub-expression is a Python Script (eg:
     object/modified where 'modified' is a Python Script)
  3. The context as built by CMF doesn't define 'here'

What happens in this case is that the call will end up in
PageTemplates/ZRPythonExpr.py:call_with_ns, which is reproduced here
for your pleasure:

  def call_with_ns(f, ns, arg=1):
      td = Rtd()
      td.this = ns['here']
      td._push(ns['request'])
      td._push(InstanceDict(td.this, td))
      td._push(ns)
      try:
          if arg==2:
              return f(None, td)
          else:
              return f(td)
      finally:
          td._pop(3)

Now, given that there has been a decision of deprecating 'here' in
favor of 'context', I'm not exactly sure about the fix.

CMF seems to create expression contexts in two places off the top of
my head: In 'CMFCore/Expression.py' and
'CMFCore/CachingPolicyManager.py'. None of those define 'here' or
'context' but instead just 'object'.

In 'Products/PageTemplates/TALES.py', in the 'translate' function,
'here' is also hardcoded, but that should be less of an issue as code
reaching into that function *should* have a proper expression context.

The question then is, which code is wrong? PageTemplates for relying
on 'here' being defined, or CMF for not defining 'here'? I volunteer
to provide a fix with tests as soon as someone clarifies which one
needs to be fixed.

As a reminder, 'actions' as defined by 'portal_actions' tool and
anything that derives from 'ActionProviderBase' suffer from the same
issue.

-- 
Sidnei da Silva
Enfold Systems, LLC.
http://enfoldsystems.com


More information about the Zope-Dev mailing list