[Zope] not to acquire from parent
Jim Fulton
jim@digicool.com
Fri, 23 Apr 1999 10:24:53 -0400
I've just checked in some changes related to this. These changes should
be available in the public CVS and will be in the 1.11 release.
So, with these changes:
- There is a new attribute, aq_explict that converts an implicit
(or any other) wrapper to an explicit wrapper. This means that
you can get a version of an object that does not implicitly acquire.
For example to see if an object has an unacquired attribute, foo,
you'll be able to:
<!--#if "_.hasattr(anObject.aq_explicit, 'foo')"-->
...
- I took this opportunity to close a security hole.
Attributes like 'aq_self' and 'aq_base' are no longer
accessable from DTML because they can cause important
security settings to be stripped off. In particular,
attributes with names beginning with 'aq_' and that are
not 'aq_parent' or 'aq_explicit' are not accessable.
Unfortunately, this change is not backward compatible,
but I think the change is important and I doubt that many
people are using aq_... variables in DTML at this point.
Jim
--
Jim Fulton mailto:jim@digicool.com Python Powered!
Technical Director (888) 344-4332 http://www.python.org
Digital Creations http://www.digicool.com http://www.zope.org
Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission. Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.