[Zope] container has no security assertions ?!?!
Dieter Maurer
dieter@handshake.de
Fri, 9 Mar 2001 21:24:27 +0100 (CET)
Loren Stafford writes:
>
> When I try to access the mime type of an uploaded file ....
>
>
> <dtml-boundary type_expr="CVfile.headers.headers[1]"
> name_expr="CVfile.filename()"
> disposition=attachment encode=base64>
>
> I get this exception...
>
> An exception occurred in a DTML method or document.
>
> Error type: Unauthorized
> Error value: Access denied for ['Content-Disposition: form-data;
> name="CVfile:file"; filename="D:\\Arrivals\\Glossary.doc"\015\012',
> 'Content-Type: application/msword\015\012'] because its container,
> <rfc822.Message instance at 20112e0>, has no security assertions.
>
>
> What does this mean? What am I doing wrong?
It means that you hit a place where the security restrictions
introduced in Zope 2.2 have not yet been taken care of.
You will find information on how to fix this problem
in Brian's Zope security paper (-> zope.org).
Put the problem in the Collector.
Dieter