[prev in list] [next in list] [prev in thread] [next in thread]
List: zope-dev
Subject: Re: [Zope-dev] Re: 2.7.0-b2 - Critical ZPT TAL bug when
From: Richard Waid <richard () iopen ! net>
Date: 2003-09-22 22:33:12
[Download RAW message or body]
Evan Simpson wrote:
> Until cAccessControl.c is fixed, you can work around the problem with a
> simple patch to Products/PageTemplates/Expressions.py, in
> restrictedTraverse():
>
> if isinstance(name, TupleType):
> object = object(*name)
> continue
> +
> + name = str(name)
> if not name or name[0] == '_':
> # Skip directly to item access
Thanks Evan (definitely a better idea that turning off guarded_getattr
anyway :)). Any hunches why it doesn't happen in 2.6.x? (maybe the xml
didn't get converted to unicode?)
I'd imagine that it's probably quite a pervasive bug -- comparing two
strings is obviously quite a common situation ... just turned up by this
particular situation. Just a quick grep turns up 50 instances of
PyString_Check in the 2.7.0-b2 source, and 4 instances of PyUnicode_Check.
cDocumentTemplate.c and UnicodeSplitter.c (no suprises there) seem to
do the right thing. Pretty much every other c file needs to be checked.
In particular cPersistence.c, cPickleCache.c, Acquisition.c,
ComputedAttribute.c, ExtensionClass.c and cAccessControl.c all use
PyString_Check, and they'd obviously be bad places for things to go wrong :)
Best regards,
Richard Waid
Network/Software Engineer
http://iopen.net
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic