[Zope] Two problems regarding security, and eval in zope 2.2.4
Hello everyone, I\'m having a little bit of trouble: http://boeing:8080/manage_access - traceback of the manage_Access view in the ROOT folder Traceback (innermost last): File /usr/lib/python1.5/site-packages/ZPublisher/Publish.py, line 222, in publish_module File /usr/lib/python1.5/site-packages/ZPublisher/Publish.py, line 187, in publish File /usr/share/zope/lib/python/Zope/__init__.py, line 221, in zpublisher_exception_hook (Object: ApplicationDefaultPermissions) File /usr/lib/python1.5/site-packages/ZPublisher/Publish.py, line 171, in publish File /usr/lib/python1.5/site-packages/ZPublisher/mapply.py, line 160, in mapply (Object: manage_access) File /usr/lib/python1.5/site-packages/ZPublisher/Publish.py, line 112, in call_object (Object: manage_access) File /usr/share/zope/lib/python/AccessControl/Role.py, line 255, in manage_access (Object: ApplicationDefaultPermissions) File /usr/share/zope/lib/python/App/special_dtml.py, line 120, in __call__ (Object: access) File /usr/lib/python1.5/site-packages/DocumentTemplate/DT_String.py, line 528, in __call__ (Object: access) File /usr/lib/python1.5/site-packages/DocumentTemplate/DT_With.py, line 146, in render (Object: _.namespace(valid_roles=valid_roles())) File /usr/lib/python1.5/site-packages/DocumentTemplate/DT_In.py, line 630, in renderwob (Object: permission_settings) File /usr/share/zope/lib/python/AccessControl/Role.py, line 182, in permission_settings (Object: ApplicationDefaultPermissions) File /usr/share/zope/lib/python/AccessControl/Role.py, line 177, in lt;lambdagt; TypeError: (see above) that was problem number one. problem number two. I\'d like to take the contents of a variable, and they being the name of an image object, render it on the web page as an IMG SRC, just like a dtml-var image_id. I know this could be done with external python scripts and eval. But so far all i get is integeroverflows. any ideas? please cc: me because I\'m a little bit busy. Thanks =) -- Universidad Federico Santa Maria - Campus Guayaquil Enviado por: www.usm.edu.ec/computacion ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] sql query results - DTML method problem
Quoting Lee Reilly CS1997 [EMAIL PROTECTED]: Hi, I have a TINY problem, which I think there is a simple solution too... but for the life of me, I can\'t find it! I\'d be grateful if someone could point me in the right direction. I have a database setup containing details of classes, students lecturers. The user is prompted to enter a class code (a unique key) which is used to query the database and return the class title. Simple. A DTML method prompts me for the class code -- I enter 52.139 and it posts to a method \'enterClassCodeAction\', below. #1dtml-var standard_html_header #2h2Confirm/h2 #3pYou entered idtml-var class_code/i/p #4 #5p #6Our records show that dtml-var class_code is called #7 #8dtml-in expr=\"findClassTitle(code=52.139)\" RING: dont do that, dtml wont work in python namespace instead, remember that in python namespace all vars present in dtml namespace are inherited. do this: dtml-in expr=\"findClassTitle(code=_.(\'class_code\'))\" the __.() construct is required since underscore arent allowed in python variable names. if the var was called classcode, you could do dtml-in expr=\"findClassTitle(code=classcode)\" dats it. #9dtml-var title #10 /dtml-in #11 #12 #13 /p #14 dtml-var standard_html_footer ^ The method works fine when the class code is manually inserted (line #8) but when I try to pass the variable from the previou post, held in dtml-var class_code I have probs. dtml-in expr=\"findClassTitle(code=dtml-var class_code)\" *** syntax error findClassTitle is a ZSQL method for returning the class title given a class code: select title from classes where dtml-sqltest code op=eq type=float Hmm... anyone see the problem? Thanks a lot :) - Best regards, Lee ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) -- Universidad Federico Santa Maria - Campus Guayaquil Enviado por: www.usm.edu.ec/computacion ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )