Re: [Zope] Datetime bug in Zope-2.7.6?
Dennis Allison escreveu: Zope 2.7.6 Python 2.4.1 (and yes, I know I am jumping the gun a bit) The problem appears to be in the parse component -- Consider a test script: for y in range(1995,2005): for d in (1, 3, 13, 25,): for m in (1,4,5,6,): dd = '%d-%02d-%02d' % (y,m,d,) ee = '%d/%d/%d' % (m, d, y) D = DateTime(dd) E = DateTime(ee) print dd, D.strftime('%Y-%m-%d') print ee, E.strftime('%Y-%m-%d') return printed In all cases, each of the dates shoudl be the same. As can be seen, for dates sourced from a string of the form 1995-04-25 the resulatant date is off by one day 1995-04-24 The problem is not seen with Zope 2.6.4 running with Python 2.3.5. A quick diff shows tht there are many changes between 2.6 and 2.7. Anyone else seen this problem? Partial Results: 1995-04-25 1995-04-24 4/25/1995 1995-04-25 1995-05-25 1995-05-24 5/25/1995 1995-05-25 1995-06-25 1995-06-24 6/25/1995 1995-06-25 Yes it happes to me also every time I use strftime, so I stopped using it. Someone posted a patch to fix this in this list not a long ago. I think this is a problem of interpretation on how the default behavior should be as these dates do not have any Timezone information. But I would prefer zope to work the same as python itself, that works as expected. Luiz Fernando B. Ribeiro ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: DiskBased products and security
On Mon, 13 Jun 2005 21:07:56 +0300, Haim Ashkenazi wrote: > On Mon, 13 Jun 2005 19:13:14 +0200, Dieter Maurer wrote: > >> Haim Ashkenazi wrote at 2005-6-13 15:43 +0300: >>> ... >>>1. __roles__ = () - I didn't understand exactly why but with this >>>statement I can't access the product either from the ZMI or directly from >>>the web. >> >> This is a (deprecated) alternative for "security.declareObjectPrivate()". >> >>>2. security.setDefaultAccess("deny") - I think I understand why we changed >>>that, but it's causing a lot of problems. If I add 'delareProtected' for >>>all my methods, I can access certain pages , but with some pages (maybe >>>ones that's calling methods form base classes or acquisition like >>>'title_or_id') I still get errors ("Unauthorized: You are not allowed to >>>access 'title_or_id' in this context"). trying to solve this I started >>>adding 'declareProtected' for every method I got error for. I gave up >>>after 3 methods, but it seem to help. >> >> Yes, many methods of "OFS.SimpleItem.SimpleItem" and its base >> classes rely on its "setDefaultAccess('allow')". >> >> If you change this to "deny", you have to provide the >> explicit security declarations. >> >>>so, I was wondering if something was changed in the security model since >>>2.5 (the version that the book is about) until 2.7, and is there a place >>>where it's documented (the zope developer guide is versioned 2.4)? >> >> "setDefaultAccess('deny')" had a bug in some earlier Zope versions. >> With the exception of this fix, nothing changed here for a long >> time. You can still use the Zope Developper Guide... >> >>>also, If I'll make sure that every method I have in my module is also >>>declared as protected, or public, is there a problem with living the >>>default access as any? >> >> As what? > sorry, I was unclear there :) > > what I meant is if I won't leave any method undeclaired (security wise) in > my class, will it be a security risc to leave the default access > (setDefaultAccess('any'))? can I protect uncallable objects (like > variables) the same way? that was just me being stupid :) If I want to protect a variable, I can just give it a name starting with "_somename"... Bye > > >> The "default access" also controls access to attributes of simple type >> (strings, tuples, dicts, ...) which cannot have their own security >> declarations. >> >> If you do not access such attributes directly and you provide security >> declarations for all methods you use, then you can keep "defaultAccess >> == 'deny'". > thanx a lot for a very informative answer. > > Bye -- Haim ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ACTUAL_URL vs. VIRTUAL_URL
On Mon, Jun 13, 2005 at 07:15:45PM +0200, Dieter Maurer wrote: > Paul Winkler wrote at 2005-6-13 10:27 -0400: > > ... > >Having said that, I'm not clear on the difference between > >ACTUAL_URL and URL :-) > > "URL" is in fact computed. > > Thus, it can be both shorter (e.g. in case of a PythonScript > with active "traverse_subpath"), longer (e.g. in case > of ":{method|action}" request variables) or almost > unrelated (e.g. in case of active '__before_traverse__' hooks > (such as VHM)). Ahh, right, thanks, I had forgotten traversal hooks that were mentioned in the original discussion about this. So, all told, ACTUAL_URL is quite valuable: AFAICT it is the only value that is guaranteed to represent the "actual" URL seen by the user, and it is always available. -- Paul Winkler http://www.slinkp.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: DiskBased products and security
On Mon, 13 Jun 2005 19:13:14 +0200, Dieter Maurer wrote: > Haim Ashkenazi wrote at 2005-6-13 15:43 +0300: >> ... >>1. __roles__ = () - I didn't understand exactly why but with this >>statement I can't access the product either from the ZMI or directly from >>the web. > > This is a (deprecated) alternative for "security.declareObjectPrivate()". > >>2. security.setDefaultAccess("deny") - I think I understand why we changed >>that, but it's causing a lot of problems. If I add 'delareProtected' for >>all my methods, I can access certain pages , but with some pages (maybe >>ones that's calling methods form base classes or acquisition like >>'title_or_id') I still get errors ("Unauthorized: You are not allowed to >>access 'title_or_id' in this context"). trying to solve this I started >>adding 'declareProtected' for every method I got error for. I gave up >>after 3 methods, but it seem to help. > > Yes, many methods of "OFS.SimpleItem.SimpleItem" and its base > classes rely on its "setDefaultAccess('allow')". > > If you change this to "deny", you have to provide the > explicit security declarations. > >>so, I was wondering if something was changed in the security model since >>2.5 (the version that the book is about) until 2.7, and is there a place >>where it's documented (the zope developer guide is versioned 2.4)? > > "setDefaultAccess('deny')" had a bug in some earlier Zope versions. > With the exception of this fix, nothing changed here for a long > time. You can still use the Zope Developper Guide... > >>also, If I'll make sure that every method I have in my module is also >>declared as protected, or public, is there a problem with living the >>default access as any? > > As what? sorry, I was unclear there :) what I meant is if I won't leave any method undeclaired (security wise) in my class, will it be a security risc to leave the default access (setDefaultAccess('any'))? can I protect uncallable objects (like variables) the same way? > > The "default access" also controls access to attributes of simple type > (strings, tuples, dicts, ...) which cannot have their own security > declarations. > > If you do not access such attributes directly and you provide security > declarations for all methods you use, then you can keep "defaultAccess > == 'deny'". thanx a lot for a very informative answer. Bye -- Haim ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Zope quotes cookie values...
Hello, I wonder why ZPublisher/HTTPResponse.py adds double quotes to cookie values when creating the Set-Cookie HTTP header (see function _cookie_list) ? Browsers (Firefox at least) seem to consider these quotes as part of the value which can be problematic. Recently I had to patch HTTPResponse.py to remove the quotes because I wanted to set a session cookie for PHP from Zope (if someone's interested I'll explain why ;-) and PHP would not understand the cookie with the double quotes... Should I submit a patch to the maintainers ? Oscar Figueiredo ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] DiskBased products and security
Haim Ashkenazi wrote at 2005-6-13 15:43 +0300: > ... >1. __roles__ = () - I didn't understand exactly why but with this >statement I can't access the product either from the ZMI or directly from >the web. This is a (deprecated) alternative for "security.declareObjectPrivate()". >2. security.setDefaultAccess("deny") - I think I understand why we changed >that, but it's causing a lot of problems. If I add 'delareProtected' for >all my methods, I can access certain pages , but with some pages (maybe >ones that's calling methods form base classes or acquisition like >'title_or_id') I still get errors ("Unauthorized: You are not allowed to >access 'title_or_id' in this context"). trying to solve this I started >adding 'declareProtected' for every method I got error for. I gave up >after 3 methods, but it seem to help. Yes, many methods of "OFS.SimpleItem.SimpleItem" and its base classes rely on its "setDefaultAccess('allow')". If you change this to "deny", you have to provide the explicit security declarations. >so, I was wondering if something was changed in the security model since >2.5 (the version that the book is about) until 2.7, and is there a place >where it's documented (the zope developer guide is versioned 2.4)? "setDefaultAccess('deny')" had a bug in some earlier Zope versions. With the exception of this fix, nothing changed here for a long time. You can still use the Zope Developper Guide... >also, If I'll make sure that every method I have in my module is also >declared as protected, or public, is there a problem with living the >default access as any? As what? The "default access" also controls access to attributes of simple type (strings, tuples, dicts, ...) which cannot have their own security declarations. If you do not access such attributes directly and you provide security declarations for all methods you use, then you can keep "defaultAccess == 'deny'". -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Problem with manage_FTP...
Thierry FLORAC wrote at 2005-6-13 13:24 +0200: > ... >The only thing that I don't manage to do is, in FTP or WebDAV, to >restrict a user view (a directory listing) to the only files that he can >effectively download (for these files, they can be effectively >downloaded, but they are actually seen in the list !). > >I've tried to play with "manage_FTPlist" and "manage_FTPstat" methods, >both on my folderish product and on my custom folder items (by returning >exceptions or returning None values), but didn't manage until now to get >a good result (the list is often completely empty when access is >forbidden even for a single file !). The right approach would be to customize the "manage_FTPlist" method of the container. For this, you would locate the standard source (using e.g. "DocFinder") and try to understand it. You would then start to modify the source (probably in a copy) to filter out objects without access rights. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ACTUAL_URL vs. VIRTUAL_URL
Paul Winkler wrote at 2005-6-13 10:27 -0400: > ... >Having said that, I'm not clear on the difference between >ACTUAL_URL and URL :-) "URL" is in fact computed. Thus, it can be both shorter (e.g. in case of a PythonScript with active "traverse_subpath"), longer (e.g. in case of ":{method|action}" request variables) or almost unrelated (e.g. in case of active '__before_traverse__' hooks (such as VHM)). -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Product architecture question (long)
Dieter Maurer wrote: Nikko Wolf wrote at 2005-6-7 14:25 -0600: ... - The primary purpose for the site's existence is to manage some content files (text/ml) and allow a workflow process on those. The workflow will likely change and hopefully will have minimal programming changes when it does. Look for "DCWorkflow" (distributed together with Plone) For the record/archive .. using "DCWorkflow" in Plone does not allow use of the "state:" menu that is standard in Plone. Instead use a "plone_workflow (Default Workflow [Plone])" which I presume is *derived from* DCWorkflow. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ACTUAL_URL vs. VIRTUAL_URL
On Mon, Jun 13, 2005 at 02:37:44PM +0200, Bert Vanderbauwhede wrote: > Hi, > > What's the difference between ACTUAL_URL and VIRTUAL_URL in the REQUEST > object? VIRTUAL_URL only appears in the REQUEST when VirtualHostMonster does its thing. So if you are not using virtual-hosting, VIRTUAL_URL does not appear in the request. This is inconvenient; we wanted something that would always be available and would always mean "the URL originally sent by the client". This is what ACTUAL_URL is. Having said that, I'm not clear on the difference between ACTUAL_URL and URL :-) -- Paul Winkler http://www.slinkp.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zope backward compatibility policy?
On Mon, Jun 13, 2005 at 10:58:25AM +0200, gabor wrote: > i see.. > thanks a lot... > > it's just that this is documented in the 'bugfix' part. > > i didn't expect bugfixes to change the api But you should expect bugfixes to change implementation details, which is what this is :-) If you read the documentation, e.g. at http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/UsingZope.stx which was current as of Zope 2.6, it says: lines A lines property is a sequence of strings. Nowhere does it say "list". > hmm.. it seems that i will have to read the whole changelog (what > happened between 2.6.4 and 2.7.2 ;)) Probably a good idea anyway :-) When I am considering a major zope upgrade, I do this. -- Paul Winkler http://www.slinkp.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] DiskBased products and security
Hi I'm following the example of "The Zope Bible" on how to create disk based products. after adding the imports, 'InitializeClass(class)' statement and the 'security = ClassSecurityInfo()' statement he recommends two other statements: 1. __roles__ = () - I didn't understand exactly why but with this statement I can't access the product either from the ZMI or directly from the web. 2. security.setDefaultAccess("deny") - I think I understand why we changed that, but it's causing a lot of problems. If I add 'delareProtected' for all my methods, I can access certain pages , but with some pages (maybe ones that's calling methods form base classes or acquisition like 'title_or_id') I still get errors ("Unauthorized: You are not allowed to access 'title_or_id' in this context"). trying to solve this I started adding 'declareProtected' for every method I got error for. I gave up after 3 methods, but it seem to help. so, I was wondering if something was changed in the security model since 2.5 (the version that the book is about) until 2.7, and is there a place where it's documented (the zope developer guide is versioned 2.4)? also, If I'll make sure that every method I have in my module is also declared as protected, or public, is there a problem with living the default access as any? thanx -- Haim ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] ACTUAL_URL vs. VIRTUAL_URL
Hi, What's the difference between ACTUAL_URL and VIRTUAL_URL in the REQUEST object? Bert... ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Problem with manage_FTP...
Hi, I'm actually building with Zope (2.7.6) , through the development of a custom product, a small file server, available through FTP, HTTP or WebDAV with access controlled by an LDAP server (with LDAPUserFolder). Everything works fine with every protocol concerning access rights. The only thing that I don't manage to do is, in FTP or WebDAV, to restrict a user view (a directory listing) to the only files that he can effectively download (for these files, they can be effectively downloaded, but they are actually seen in the list !). I've tried to play with "manage_FTPlist" and "manage_FTPstat" methods, both on my folderish product and on my custom folder items (by returning exceptions or returning None values), but didn't manage until now to get a good result (the list is often completely empty when access is forbidden even for a single file !). Any help would be welcome !! Thanks, Thierry ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Zope 2.8.0 monkey patch issue
Thanks, that works ! Pascal -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Bernd Dorn Envoyé : lundi 13 juin 2005 12:26 À : 'zope@zope.org' Objet : Re: [Zope] Zope 2.8.0 monkey patch issue Pascal Peregrina wrote: > Hi, > > I am trying to migrate from Zope 2.7.6 to 2.8.0 > > In some product I did, I need to monkey patch some OFS and CMF classes (I do > this in product init). > > I get this error whenever I try to do > .__dict__[]= : > TypeError: object does not support item assignment 'got the same problem use: setattr(,,) must be something about the new implementation of extensionclass > > This was working fine in Zope 2.7.x > > Any idea what could have changed that would imply this ? > > Thanks for your answers. > > Pascal > > > ** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote also confirms that this email message has been swept by > MIMEsweeper for the presence of computer viruses. > > www.mimesweeper.com > ** > > ___ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.8.0 monkey patch issue
Am Montag, den 13.06.2005, 12:26 +0200 schrieb Bernd Dorn: > Pascal Peregrina wrote: > > Hi, > > > > I am trying to migrate from Zope 2.7.6 to 2.8.0 > > > > In some product I did, I need to monkey patch some OFS and CMF classes (I do > > this in product init). > > > > I get this error whenever I try to do > > .__dict__[]= : > > TypeError: object does not support item assignment > > 'got the same problem > > use: > setattr(,,) > > must be something about the new implementation of extensionclass Yes, something... I wonder whats the difference - since I do it similar (setattr) in my history monkey patch. However in 2.8: Traceback (innermost last): Module ZPublisher.Publish, line 113, in publish 111 | missing_name, 112 | dont_publish_class, 113>| request, bind=1) 114 | 115 |if result is not response: Module ZPublisher.mapply, line 88, in mapply 086 | 087 |args=tuple(args) 088>|if debug is not None: return debug(object,args,context) 089 |else: return object(*args) Module ZPublisher.Publish, line 40, in call_object 038 | 039 |def call_object(object, args, request): 040>|result=apply(object,args) # Type s to step into published object. 041 |return result 042 | Module Shared.DC.Scripts.Bindings, line 311, in __call__ 309 |def __call__(self, *args, **kw): 310 |'''Calls the script.''' 311>|return self._bindAndExec(args, kw, None) 312 | 313 |def __render_with_namespace__(self, namespace): Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec 346 |exec bindcode 347 |bound_data = bound_data[0] 348>|return self._exec(bound_data, args, kw) 349 |finally: 350 |security.removeContext(self) Module App.special_dtml, line 175, in _exec 173 |value = self.ZDocumentTemplate_beforeRender(ns, _marker) 174 |if value is _marker: 175>|try: result = render_blocks(self._v_blocks, ns) 176 |except DTReturn, v: result = v.v 177 |except AttributeError: TypeError: unbound method manage_change_history() must be called with Historical instance as first argument (got nothing instead) The patch is available here: http://www.zope.org/Members/tino/PatchHistory/view if someone likes to try. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.8.0 monkey patch issue
Pascal Peregrina wrote: Hi, I am trying to migrate from Zope 2.7.6 to 2.8.0 In some product I did, I need to monkey patch some OFS and CMF classes (I do this in product init). I get this error whenever I try to do .__dict__[]= : TypeError: object does not support item assignment 'got the same problem use: setattr(,,) must be something about the new implementation of extensionclass This was working fine in Zope 2.7.x Any idea what could have changed that would imply this ? Thanks for your answers. Pascal ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ** ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zope backward compatibility policy?
Andreas Jung wrote: --On 13. Juni 2005 09:47:33 +0200 gabor <[EMAIL PROTECTED]> wrote: hi, what's the backward compatibility policy of zope? i'm asking because while upgrading from 2.6.4 to 2.7.2 we had some problems. simple ones (like the 'lines' property type seems to have changed from list to tuple), but still problems. From the cvs log of PropertyManager.py So this change was driven by security issues. And btw. it *is* documented in the release notes: """ - Some property types were stored in a mutable data type (list) which could potentially allow untrusted code to effect changes on those properties without going through appropriate security checks in particular scenarios. """ i see.. thanks a lot... it's just that this is documented in the 'bugfix' part. i didn't expect bugfixes to change the api hmm.. it seems that i will have to read the whole changelog (what happened between 2.6.4 and 2.7.2 ;)) gabor ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Zope 2.8.0 monkey patch issue
Hi, I am trying to migrate from Zope 2.7.6 to 2.8.0 In some product I did, I need to monkey patch some OFS and CMF classes (I do this in product init). I get this error whenever I try to do .__dict__[]= : TypeError: object does not support item assignment This was working fine in Zope 2.7.x Any idea what could have changed that would imply this ? Thanks for your answers. Pascal ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ** ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zope backward compatibility policy?
--On 13. Juni 2005 09:47:33 +0200 gabor <[EMAIL PROTECTED]> wrote: hi, what's the backward compatibility policy of zope? i'm asking because while upgrading from 2.6.4 to 2.7.2 we had some problems. simple ones (like the 'lines' property type seems to have changed from list to tuple), but still problems. From the cvs log of PropertyManager.py """ revision 1.56 date: 2004/01/15 22:50:17; author: tseaver; state: Exp; lines: +4 -2 - CGI escape merge (from 2.6 / 2.7 audit). - Store 'lines' and 'tokens' properties as tuples, not lists (merge from 2.6 / 2.7 audit). """ So this change was driven by security issues. And btw. it *is* documented in the release notes: """ - Some property types were stored in a mutable data type (list) which could potentially allow untrusted code to effect changes on those properties without going through appropriate security checks in particular scenarios. """ -aj pgpjn16CGO7WY.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zope backward compatibility policy?
--On 13. Juni 2005 09:47:33 +0200 gabor <[EMAIL PROTECTED]> wrote: hi, what's the backward compatibility policy of zope? i'm asking because while upgrading from 2.6.4 to 2.7.2 we had some problems. simple ones (like the 'lines' property type seems to have changed from list to tuple), but still problems. In general changes should be backward compatible (to some degree). In some cases it might be reasonable to be not compatible with earlier versions especially between major releases. The problem you are talking about might be because a property are supposed to be read-only. Since lists are mutable this could have caused some security probleme..maybe not...one would have to dig into the CVS log to find details...cvs.zope.org is your friend if you want to figure it out on your own. -aj pgpABaPc2egPu.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] zope backward compatibility policy?
hi, what's the backward compatibility policy of zope? i'm asking because while upgrading from 2.6.4 to 2.7.2 we had some problems. simple ones (like the 'lines' property type seems to have changed from list to tuple), but still problems. i checked the changelogs, and this change does not seem to be mentioned. i thought that if someone is not in the changelog, then is supposed to be unchanged. or not? p.s: i am still a beginner in the zope world, so maybe i am completely wrong :) gabor ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )