+-------[ Richard Harley ]---------------------- | On 18/08/10 17:38, Andrew Milton wrote: | > +-------[ Garry Saddington ]---------------------- | > | Andrew Milton wrote: | > |> +-------[ Garry Saddington ]---------------------- | > |> | Garry Saddington wrote: | > |> |> Justin Dunsworth wrote: | > |> |>> I am currently working on a project where I am storing HTML within a | > |> |>> MySQL database to display dynamic pages and content in sequences. I | > |> |>> would like to be able to store DTML within the tables as well and be | > |> |>> able to call them within the page to display that content. I tried | > |> |>> mixing the DTML in with the HTML and it shows the HTML correctly but no | > |> |>> DTML. | > |> |>> | > |> |>> Is it possible to even do this? Are there other suggestions on how to go | > |> |>> about this? | > |> |> | > |> |> The closest I have found is on Zopelabs | > |> |> (http://www.zopelabs.com/cookbook/1078612026) | > |> | | > |> | Sorry wrong recipe try this: | > |> | | > |> | http://www.zopelabs.com/cookbook/993850737/1011691351 | > |> | > |> Do I really have to explain why that particular recipe is a bad idea? d8) | > |> | > | Just trying to be helpful. I did say that it was the only thing I can | > | find and I did not recommend it. | > | If you would care to share the problems of the recipe on the list then I | > | am sure all those reading who are new to Zope would benefit;) | > | > Since python scripts are web callable and something has to be passed | > in... The phrase "execute arbitrary code" is nearly always quickly | > followed by the phrase "remote exploit" and lots of sad faces (and | > then some finger pointing d8) | > | > | If that is the case, aren't all python scripts within Zope potentially | exploitable?
Not all python scripts execute arbitrary code *passed to them* -- Andrew Milton a...@theinternet.com.au _______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
