Hi Niels, what you did as well is giving a script all zope permissions available. This script is available for anybody in the web. With this script you access...
3774
Niels Dettenbach
ndettenbach
Apr 3, 2012 12:19 pm
... ...shure it does - so it is very (!) important to know what the script does and allows by theory and in practice... ... Can you give some more details or...
3775
Sascha Gottfried
sascha.gottf...
Apr 3, 2012 2:15 pm
Hi Thorsten, Zope Products (in your case: ZMS) offer an API that is available to restricted code if the required permission can be acquired in the request...
3776
Niels Dettenbach (Syn...
ndettenbach
Apr 3, 2012 5:05 pm
... Hash: SHA256 ... Ok, this - shurely - did not makes sense from a security perspective view and disabling that was the right way to react here. My...
3777
Thorsten Weber
frost_helm
Apr 4, 2012 7:52 am
Hello Sascha, thanks a lot for your detailed and very insightful explanation! and you are probably right concerning the exception - which might be raised...
3778
Sascha Gottfried
sascha.gottf...
Apr 4, 2012 7:59 am
Hi Niels, your comparison of zope proxy roles with unix suid made me really curious. I need to think about what I read online. A difference is definitely that...
3779
Thorsten Weber
frost_helm
Apr 12, 2012 2:29 pm
Hello again, I just proceeded as suggested by Sascha and activated verbose-security ( zope.conf, line 622 ) security-policy-implementation python ...
3780
Sascha Gottfried
sascha.gottf...
Apr 16, 2012 3:08 pm
Hi Thorsten, your traceback has no details about the line of YOUR code that is raising this traceback. A full traceback is usually in event.log in the...
3781
Sascha Gottfried
sascha.gottf...
Apr 18, 2012 1:55 pm
An additional note to my fist reply. I did setup a clean Zope 2.13.13/ZMS 2.13.4 using zc.buildout. I enabled verbose-security and the python security...
3782
Thorsten Weber
frost_helm
Apr 19, 2012 1:55 pm
Hi Sascha, first of all - thank you so much for your efforts and explanations! this really opens a door for me... my first post was more a guess than knowledge...
3783
Sascha Gottfried
sascha.gottf...
Apr 19, 2012 4:07 pm
Hi Thorsten, 1) please add the source code for http://myObj_url/FS_home.xml Is it a more python script or DTML method? 2) Explain your need for using...
3784
Thorsten Weber
frost_helm
Apr 20, 2012 7:50 am
Hi Sascha, 1) FS_home.xml is a dtml-methode which generates a xml-file to tell a flash app to load external resources in the backend there are various...
3785
Niels Dettenbach (Syn...
ndettenbach
Apr 20, 2012 8:42 am
... Hash: SHA256 ... ...just a small btw: I usually put such things which must hardly/directly interact with the local OS and/or fetching external ressources...
3786
Sascha Gottfried
sascha.gottf...
Apr 23, 2012 7:06 pm
Hi Thorsten, XSS or Code Injection are common to scripts that process user supplied data. You know if this is true for your scripts. If true - you can tell us...
3787
Wolfgang Huber
Wolfgang.Huber@...
Apr 26, 2012 6:22 am
Hi, I noticed a small bug with regard to the timezone in the function getLangFmtDate : quote: 1564 if tz < 0: 1565 tch = '-' unquote but...
3788
Thorsten Weber
frost_helm
Apr 30, 2012 7:46 am
Hello Group, as an experienced zms and web developer (since 2001) i am looking for a new job (full time). education: University of Cologne, Magister languages:...
3789
Tobias Greitzke
tgreitzke
May 5, 2012 6:00 pm
Hello ZMS-Developers, when putting more than 1000 objects in a folder ZMS starts to randomly sort the items when one is moved up or down or a new item is added...
3790
dr_frank_hoffmann
dr_frank_hof...
May 7, 2012 7:54 am
Hello, a thousand objects within a folder may prohibit fast ZMI nvigation. It is recommended to place them into a folder hierarchy or in a external database...
3791
Thorsten Weber
frost_helm
May 11, 2012 11:18 am
Hello group, we create new content custom object by calling manage_addZMSCustom within a method ... (for e.g. user generated content objects) the new content...
3792
Thorsten Weber
frost_helm
May 11, 2012 12:41 pm
I investigated some more and found that is sufficient to access the node in ZMI ... without saving!...
3793
Thorsten Weber
frost_helm
May 11, 2012 2:03 pm
OK - got it. Thanx for listening ;)...
3794
dr_frank_hoffmann
dr_frank_hof...
May 14, 2012 11:41 am
Thank you very much for the fix: http://zmslabs.org/trac/changeset/1878 It is in the latest build now: http://zmslabs.org/download/ZMS-latest.tar.gz Best...
3795
Thorsten Weber
frost_helm
May 16, 2012 9:50 am
Hello group, in ZMS2 2.13.4.1875 (Build #134c) custom objects which are nested in more than 2 levels produce runtime error RuntimeError: maximum recursion...
3796
Thorsten Weber
frost_helm
May 16, 2012 10:58 am
Solved by referring to the namespace of objects (_['sequence-item']) ... Solved by referring to the namespace of objects (_['sequence-item']) Am 16.05.2012 um...
3798
Peter Zechmeister
peter.zechmeister@...
Jul 23, 2012 9:11 am
Dear ZMS-Developers, time has come to upgrade our multi-site zms from ZMS 2.11.1-65 to ZMS2 2.13.4.1888 while migrating from Zope 2.11.2 to Zope 2.13.15. The...
3799
Peter Zechmeister
peter.zechmeister@...
Jul 23, 2012 9:26 am
Dear ZMS-Developers, after upgrading from 2.11.1-65 to 2.13.4.1555 while migrating from Zope 2.11.2 to Zope 2.13.15 I had a lot of errors of this kind: ...
3800
dr_frank_hoffmann
dr_frank_hof...
Jul 23, 2012 9:33 am
Hello, the error of ZMSMetaobjManager.syncType() might be a hint for very old ZMSRubrik-type? Regards fh, moderator...
3801
Peter Zechmeister
peter.zechmeister@...
Jul 23, 2012 9:35 am
Hi, after upgrading from 2.11.1-65 to 2.13.4.1555 while migrating from Zope 2.11.2 to Zope 2.13.15 I had to note, that object attributes of the type 'dialog'...
3802
dr_frank_hoffmann
dr_frank_hof...
Jul 23, 2012 9:50 am
Hello, this problem is due to Zope akquisition and not ZMS primarily. Simply reproduce it by using two DTML methods: 1. /test/jku/str = '''<dtml-return...
3803
dr_frank_hoffmann
dr_frank_hof...
Jul 23, 2012 10:22 am
Hello, since ZMS uses jquery the dialog GUI can be implemented much nicer via 'autocomplete' or 'ui-dialog' (modal-form): ...
