[Zope] seeing every name in the current dtml namespace

Marcus Collins mcollins@sunesi.com
Fri, 7 Apr 2000 10:22:35 +0200


Hi,

It looks like I was a little off-base there...

From CHANGES.TXT:

Zope 2.1.4

      Bugs Fixed 

        - Removed the "feature" that allowed the REQUEST object to be
          traversed through the web. While useful for debugging, this 
          could be a security issue.

-- Marcus

> -----Original Message-----
> From: Daryl Tester [mailto:dt@picknowl.com.au]
> Sent: 07 April 2000 09:51
> To: zope@zope.org
> Subject: Re: [Zope] seeing every name in the current dtml namespace
> 
> 
> Marcus Collins wrote:
> 
> > Older versions of Zope (pre-2.1.2, IIRC)
> > allowed you to view the REQUEST object of a document/method 
> by appending
> > REQUEST to its URL: http://path/to/some/object/REQUEST.
> 
> I've seen this comment several times now, and have been puzzled by
> it before.  This appending of /REQUEST to the URL works on my 2.1.4
> development platform (installed from Jeff Rush's RPMs, having never
> seen another version of Zope on this box).  What gives?
> 
> 
> Regards,
>   Daryl Tester
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>