[Zope] 'import' directory accesible from scripting.

Dieter Maurer dieter at handshake.de
Wed Aug 27 22:11:36 EDT 2003


Luis Lavena wrote at 2003-8-26 04:07 -0300:
 > ...
 > Q: Is there a way to handle the upload and import process by a product (to
 > be created) to bypass this security?

Sure!

Look at the implementation of the import functionality.
It consists of two parts: locating the file and importing from this
file.

You can use the second part and solve the first part in any
appropriate way. Almost surely, the "file" object do not need
to be a real file, a file like object will probably sufficient.

 > or must relly on a limited FTP server
 > that only allow me upload information to the "import" directory?

This has nothing to do with FTP.

You can even use FTP (together with a "PUT_factory" (see Zope.org,
for details)) to upload "zexp"s. Note, however, that this would be a
security risk.



Dieter



More information about the Zope mailing list