[Zope] Dictionary Key Error from Parsed RSS
Tom Von Lahndorff
tom at modscape.com
Fri Jun 15 12:02:48 EDT 2007
shouldnt this prevent that?
def dictify(p):
"""
Since the FeedParser returns a dictionary-like class instance,
rather than
a real dictionary, We must iterate through all nested instances
and convert
them to dicts to avoid security problems within Zope. I have no
idea *why*
feedparser doesn't just use real nested dicts in the first place.
"""
newdict = {}
if type(p) in [types.DictionaryType, types.InstanceType]:
d = p # for clarity
for k,v in d.items():
newdict[k] = dictify(v)
elif type(p) == types.ListType:
l = p # for clarity
for ss,v in zip(xrange(len(l)), l):
l[ss] = dictify(v)
return l
else: return p
return newdict
On Jun 15, 2007, at 11:49 AM, Andreas Jung wrote:
>
>
> --On 15. Juni 2007 11:45:49 -0400 Tom Von Lahndorff
> <tom at modscape.com> wrote:
>
>> <dtml-let news="newsfeed(feedurl='http://www.modscape.com/blog/
>> rss.xml')">
>>
>> <dtml-var "news.feed.href">
>>
>> </dtml-let>
>>
>> gives:
>>
>> Site Error
>>
>> An error was encountered while publishing this resource.
>>
>> Error Type: Unauthorized
>> Error Value: You are not allowed to access 'feed' in this context
>>
>
> Likely because the module has no security assertions. All your
> stuff runs
> under the conditions of Restricted Python. The standard Zope
> security applies.
>
> -aj
More information about the Zope
mailing list