[Zope-Coders] Towards 2.6

Jeffrey P Shell jeffrey@cuemedia.com
Wed, 16 Oct 2002 12:24:27 -0600 

On Wednesday, October 16, 2002, at 10:08  AM, Florent Guillaume wrote:

> FYI here are the things I want to fix before 2.6 (b3 or final):
>
> - Check in something fixing i18n and Unicode handling for the cases I
>   outlined recently. There is too much legacy pages that won't be able
>   to use Unicode at all otherwise. See the thread at
>   
> http://lists.zope.org/pipermail/zope-coders/2002-September/002110.html
>   for details.
>
> - Fix all the unqualified <dtml-var foo> in the code that are potential
>   XSS security bugs. I have a patch that does most of it, actually that
>   removes 95% of the <dtml-var foo> to replace them by &dtml-foo;, 
> which
>   is the right thing in most cases. Note that it helps auditability a
>   lot to be able to grep for '<dtml-var'.
>
> - Maybe improve Catalog speed for CMF, see
>   http://lists.zope.org/pipermail/zope-coders/2002-October/002210.html
>   I understand it's better to code something in a branch to get 
> feedback
>   too, I'll do that.

I have a small patch to the WebDAV Lock Manager DTML code that changes 
the behavior to what I originally intended to do but never got around 
to doing.  This one line patch makes it so it doesn't execute a search 
when the DAV Lock Manager control panel is visited directly, so the 
user can enter a starting path and reduce query times by searching in a 
direct part of a tree.  It's a very basic solution, but I wanted to 
clear it before checking anything in.  I keep forgetting that I just 
have this applied to my default development Zope and that it doesn't 
exist in other places.


Index: davLockManager.dtml
===================================================================
RCS file: /cvs-repository/Zope/lib/python/App/dtml/davLockManager.dtml,v
retrieving revision 1.2
diff -u -r1.2 davLockManager.dtml
--- davLockManager.dtml	31 Jan 2001 21:26:51 -0000	1.2
+++ davLockManager.dtml	16 Oct 2002 18:16:40 -0000
@@ -25,7 +25,7 @@
  //-->
  </script>

-<dtml-let 
lockedobjs="findLockedObjects(frompath=REQUEST.get('frompath',''))">
+<dtml-let lockedobjs="REQUEST.form.has_key('frompath') and 
findLockedObjects(frompath=REQUEST.get('frompath','')) or []">

  <dtml-if lockedobjs>
   <p class="std-text">All locked objects