[Zope-Coders] Towards 2.6
Jeffrey P Shell
jeffrey@cuemedia.com
Wed, 16 Oct 2002 12:24:27 -0600
On Wednesday, October 16, 2002, at 10:08 AM, Florent Guillaume wrote:
> FYI here are the things I want to fix before 2.6 (b3 or final):
>
> - Check in something fixing i18n and Unicode handling for the cases I
> outlined recently. There is too much legacy pages that won't be able
> to use Unicode at all otherwise. See the thread at
>
> http://lists.zope.org/pipermail/zope-coders/2002-September/002110.html
> for details.
>
> - Fix all the unqualified <dtml-var foo> in the code that are potential
> XSS security bugs. I have a patch that does most of it, actually that
> removes 95% of the <dtml-var foo> to replace them by &dtml-foo;,
> which
> is the right thing in most cases. Note that it helps auditability a
> lot to be able to grep for '<dtml-var'.
>
> - Maybe improve Catalog speed for CMF, see
> http://lists.zope.org/pipermail/zope-coders/2002-October/002210.html
> I understand it's better to code something in a branch to get
> feedback
> too, I'll do that.
I have a small patch to the WebDAV Lock Manager DTML code that changes
the behavior to what I originally intended to do but never got around
to doing. This one line patch makes it so it doesn't execute a search
when the DAV Lock Manager control panel is visited directly, so the
user can enter a starting path and reduce query times by searching in a
direct part of a tree. It's a very basic solution, but I wanted to
clear it before checking anything in. I keep forgetting that I just
have this applied to my default development Zope and that it doesn't
exist in other places.
Index: davLockManager.dtml
===================================================================
RCS file: /cvs-repository/Zope/lib/python/App/dtml/davLockManager.dtml,v
retrieving revision 1.2
diff -u -r1.2 davLockManager.dtml
--- davLockManager.dtml 31 Jan 2001 21:26:51 -0000 1.2
+++ davLockManager.dtml 16 Oct 2002 18:16:40 -0000
@@ -25,7 +25,7 @@
//-->
</script>
-<dtml-let
lockedobjs="findLockedObjects(frompath=REQUEST.get('frompath',''))">
+<dtml-let lockedobjs="REQUEST.form.has_key('frompath') and
findLockedObjects(frompath=REQUEST.get('frompath','')) or []">
<dtml-if lockedobjs>
<p class="std-text">All locked objects