[Zope] NameError on REQUEST

Kapil Thangavelu k_vertigo@yahoo.com
Sat, 22 Apr 2000 00:42:18 -0400


I believe this is the reason that 2.1.5 was released, namely to restrict the
namepace in SQL methods because of security considerations.
from the release info:

  o It also came to our attention that the DTML code in
    ZSQLMethod objects was not subject to the same security
    constraints as the DTML code in DTMLMethods and DTML
    Documents.

Currently, in SQL methods you need to explicitly name your arguments to the
sql method, they will be aquired from the namepsace first  and then mapped
over from  REQUEST. The quick fix is to add the REQUEST to the arguements for
your SQL method

Kapil

www.sin.wm.edu


Jim Cain wrote:

> After upgrading to 2.1.6, I get the following traceback:
>
> Traceback (innermost last):
>   File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line
> 214, in publish_module
>   File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line
> 179, in publish
>   File /usr/local/src/Zope-2.1.6/lib/python/Zope/__init__.py, line 202, in
> zpublisher_exception_hook
>     (Object: ElementWithAttributes)
>   File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line
> 165, in publish
>   File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/mapply.py, line 160,
> in mapply
>     (Object: url_referer)
>   File /usr/local/src/Zope-2.1.6/lib/python/ZPublisher/Publish.py, line
> 102, in call_object
>     (Object: url_referer)
>   File /usr/local/src/Zope-2.1.6/lib/python/OFS/DTMLMethod.py, line 150, in
> __call__
>     (Object: url_referer)
>   File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_String.py,
> line 502, in __call__
>     (Object: url_referer)
>   File /usr/local/src/Zope-2.1.6/lib/python/Shared/DC/ZRDB/DA.py, line 424,
> in __call__
>     (Object: Update_url_count)
>   File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_String.py,
> line 502, in __call__
>     (Object: <string>)
>   File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_In.py, line
> 691, in renderwob
>     (Object: Query_options)
>   File /usr/local/src/Zope-2.1.6/lib/python/DocumentTemplate/DT_Util.py,
> line 335, in eval
>     (Object: REQUEST.cookies.has_key(cookie_name))
>     (Info: REQUEST)
>   File <string>, line 0, in ?
> NameError: (see above)
>
> This is on a SQL method, Update_url_count, that has worked fine until now:
>
> <dtml-in Query_options>
> update url set
> <dtml-if "REQUEST.cookies.has_key(cookie_name)">
>    <dtml-if "REQUEST.cookies[cookie_name]==cookie_value">
> count = count + 1,
> last_dstamp = now()
>    <dtml-else>
> other_count = other_count + 1,
> other_dstamp = now()
>    </dtml-if>
> <dtml-else>
> other_count = other_count + 1,
> other_dstamp = now()
> </dtml-if>
> where <dtml-sqltest url_id column=id type=int>
> </dtml-in>
>
> This was quick-and-dirty coding at the time, but it worked. What's changed?