2009/10/22 Chris McDonough chr...@plope.com:
Do we just need to change the path matching syntax instead to get your
*.html case to work? Is there another case for predicates?
I think that in general, predicates make sense without the view on
routes. Is there anything in the way of letting them
Chris McDonough chr...@plope.com added the comment:
Thanks for the report.
So to be honest, I can't find an issue with the current strategy. The
mod_auth_tkt README
actually contradicts itself here, saying in one section that it checks
user_data for internal
data, then in another section
Chris McDonough chr...@plope.com added the comment:
I believe this.
On the other hand, I'm not sure that a 'charset' setting dedicated to
repoze.who or to
repoze.what is really sufficient. Who will set the charset? What will it be
set to? What does it
mean to individual plugins? What
Yuen Ho Wong wyue...@gmail.com added the comment:
Well I think the WSGI 1.x spec has made a mistake of mandating all strings in
environ to be
byte strings while not defining a global environment variable to give
middlewares a hint of how
to decode the byte strings. This is a recognized
Yuen Ho Wong wyue...@gmail.com added the comment:
Ok I agree it's not important to try to emulate mod_auth_tkt, which I think is
a totally dead
project anyway. But I have to take issue with the way unicode decoding is dealt
with in this
plugin.
First of all, you are not even suppose to
Chris McDonough chr...@plope.com added the comment:
I need to take back the assumption of monstrous, disastrous security hole
wrt. using the
pickle module (or eval, as you suggest) because in this particular case, the
cookie content is
hashed and compared against a digest that includes a
Yuen Ho Wong wyue...@gmail.com added the comment:
Yes the charset is irrelevant here. Decoding shouldn't be done here anyway. I
think I have to
reiterate the problem as accepting unicode strings because it breaks
conformance with the
WSGI spec. There never should have been unicode strings in
Yuen Ho Wong wyue...@gmail.com added the comment:
P.S. I think this solution solves the uncertainty of possibly clashing with the
mod_auth_tkt use of
the userdata field, however small this (non) issue maybe?
__
Repoze Bugs b...@bugs.repoze.org
My .pt file :
html
head/head
body
${addform}
/body
/html
in view:
def add_form(request):
import formish
import schemaish
schema=schemaish.Structure()
schema.add('name',schemaish.String())
schema.add('gender',schemaish.String())
form=Form(schema)
return
This is very cool, I changed .pt to:
html
head/head
body
span tal:replace=structure addform form /span
/body
/html
and it works! It seems the genshi style ${...} is causing the problem. So
should it always be discouraged?
On Fri, Oct 23, 2009 at 4:53 PM, Tim Hoffman zutes...@gmail.com
Chris McDonough chr...@plope.com added the comment:
Apologies, I see no reason that the way the current authtkt plugin encodes
userids needs to
change. Given that this is a plugin, if you need alternate behavior, you can
of course copy and
change the implementation and distribute the
11 matches
Mail list logo
