I noticed that the most recent hotfix completely
denies access to the getClassAttr, setClassAttr and
delClassAttr from DTML. Is this going to be the
behavior for future Zope versions?

I know this will break code, so it might be prudent to
alert people when the fix is rolled into the next Zope
release.

I would like to argue for deprecating these functions
in favor of making the ZClass act like a dictionary so
that:

ZClass.set('name',value)
ZClass.get('name'[,inherit])
ZClass['name']

could be called securely from scripts. I would be
willing to write the code for this if you think it
would be a good idea.

=====
| Casey Duncan
| Kaivo, Inc.
| [EMAIL PROTECTED]
`----------------->

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to