[BlueBream] Strange effect with @@view calling

volker jaenisch volker.jaenisch at inqbus.de
Fri Apr 2 04:52:20 EDT 2010

Dear Christophe!

Thanks you!

Christophe Combelles schrieb:
> volker jaenisch a écrit :
>> Ok. In this case the issue is not only weird it is sort of security hole.
>> How can I proceed further to identify the problem?
>> Please guide me what to checks I can perform to shed more light into this.
> Just replace z3c.layer 0.3.1 with z3c.layer.pagelet 1.0.2, and check whether 
> it's the same. The misconfiguration leading to security bug is also in the 
> package you're using.
Yes. This cured the problem completely. Now I got

ind Case A) AND Case B) consistently
(Pdb) type(self.context)
<type 'zope.security._proxy._Proxy'>

and the forbiddenAttribute Error as expected.

Again: Thank you for the fast and competent help!

Best Regards,


More information about the bluebream mailing list