On 9 July 2010 16:12, Hanno Schlichting <ha...@hannosch.eu> wrote: > On Thu, Jul 8, 2010 at 3:02 PM, Martin Aspeli <optilude+li...@gmail.com> > wrote: >>> Ideally I'd love to add support for the permission attribute, as >>> clearly people have been using it. But if there's nobody who can >>> figure out how to do that, I'd at least like to clarify the add view >>> case. >> >> Why can't we just copy the relevant code from the browser:page directive? >> >> The ViewSecurityGrokker in >> http://svn.zope.org/five.grok/trunk/src/five/grok/meta.py?rev=112163&view=auto >> may be useful reading too. It should be doing the same thing, no? > > It seems you have some idea about this code, so are you volunteering > to implement this?
Possibly. I have client work that has to take priority right now. > Since we are dealing with a disclosed real security vulnerability > here, I need to have some resolution by next Tuesday. Either that is > disabling the functionality or protecting it with some security. I'd appreciate it if someone who's getting more than four hours of sleep a night at the moment takes a stab. I'm happy to review/assist. Martin _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )