#2 strip-o-gram import security tweak

closed
None
5
2002-12-17
2002-06-18
Anonymous
No

Jules wrote:
>
> Wotcher Chris.

Mornin'

> Have you ever seen
>
> Zope
> Zope Error
>
> Zope has encountered an error while publishing
this resource.
>
> Error Type: ImportError
> Error Value: import of "stripogram" is unauthorized

Yes

> >From something that looks like this:
>
> request = container.REQUEST
> file = request.file
>
> from stripogram import html2safehtml
>
> return html2safehtml(file, valid_tags=(b, a, i,
br, p))
>
> I looked on Google and kicked around the Zope list
without finding
> somebody else with the prob. And I tried an external
method without a
> lot of luck either. It shouldn't have to be an
external method, right?

Well, currently it should. Script (Python)'s by default
don't allow import of things. If
you look at standard.py in the PageTemplates product,
you'll see how to make stuff
playabel with from Script (Python)'s.

If you could put this in as a feature request on the
Squishdot tracker @ SourceForge, I'll
see if I can make both functions importable by default
when I do a next release...

cheers,

Chris

PS: Hope you don't mind me CC'ing in the Zope list,
others may find this useful...

Discussion

  • Chris Withers

    Chris Withers - 2002-11-19
    • status: open --> closed
     
  • Chris Withers

    Chris Withers - 2002-11-19

    Logged In: YES
    user_id=24723

    This is now fixed in CVS and will figure in the 1.2 release.

     
  • Chris Withers

    Chris Withers - 2002-11-21
    • assigned_to: nobody --> fresh
    • status: closed --> open
     
  • Chris Withers

    Chris Withers - 2002-11-21

    Logged In: YES
    user_id=24723

    This isn't done yet, since 1.2 still won't work from Zope
    for real:

    http://collector.zope.org/Zope/685

     
  • Chris Withers

    Chris Withers - 2002-12-17

    Logged In: YES
    user_id=24723

    The bug in Zope is now fixed, and so is this.

     
  • Chris Withers

    Chris Withers - 2002-12-17
    • status: open --> closed
     

Log in to post a comment.