Am Samstag, den 03.12.2005, 21:56 +0200 schrieb Roman Suzi:
Hi!

DELETE /path/to/object/X/Y HTTP/1.1
Host: myhost.myorg.org
Content-Type: application/myprotocol+xml

course, I have a product Z which has this class:

class Z:

def Y(self, REQUEST):
if REQUEST.REQUEST_METHD == 'PST':
# no problem
elif REQUEST.REQUEST_METHD == 'DELETE':
# this is never reached Zope doesnt call Y

What do I tweak so object X will receive Y on a usual HTTP port 80?
THANKS!

It seems you want the action and not the original request.

When you use if why not just define
on your class?

This works for PUT and most other request types
as well.

HTH
Tino

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)

Tino Wildenhain wrote:

>Am Samstag, den 03.12.2005, 21:56 +0200 schrieb Roman Suzi:

>
>>Hi!
>>
>
>>
>

>
>>DELETE /path/to/object/X/Y HTTP/1.1
>>Host: myhost.myorg.org
>>Content-Type: application/myprotocol+xml
>>
>course, I have a product Z which has this class:
>>
>>class Z:
>
>>
>def Y(self, REQUEST):
>if REQUEST.REQUEST_METHD == 'PST':
># no problem
>elif REQUEST.REQUEST_METHD == 'DELETE':
># this is never reached Zope doesnt call Y
>>
>>
>>What do I tweak so object X will receive Y on a usual HTTP port 80?
>>THANKS!
>
>>
>
>It seems you want the action and not the original request.
>
>When you use if why not just define
on your class?

No, I want to control whatever is done. That is, I want to intercept
that request.

>This works for PUT and most other request types
>as well.
>
>HTH
>Tino

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)

Dieter Maurer wrote:

>Roman Suzi wrote at 2005-12-3 21:56 +0200:

>
>>I am looking for a way in Zope to receive HTTP-requests with, eg,
>>DELETE and PUT in the object method. Zope (2.7.x) seems to intercept these and
>>issue "Not authorised".
>
>>
>
>"DELETE" and "PUT" are WebDAV methods (and defined in
>"webdav.Resource.Resouce").
>
>You have the usual hook: override the definition in your class.
>Do not forget to assign a new permission to your new method definitions
>(otherwise, the 'Unauthorized' will remain).
>

Advice taken, thanks. However, when I tried to do it and Zope freezes
(that is, the whole Zope server freezes!). never saw anything like that
before
After restarting Zope the same thing happened again. Probably it's a bug.

Roman Suzi

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)

Dieter Maurer wrote:
Roman Suzi wrote at 2005-12-3 21:56 +0200:

>>I am looking for a way in Zope to receive HTTP-requests with, eg,
>>DELETE and PUT in the object method. Zope (2.7.x) seems to intercept these and
>>issue "Not authorised".

"DELETE" and "PUT" are WebDAV methods (and defined in
"webdav.Resource.Resouce").

You have the usual hook: override the definition in your class.
Do not forget to assign a new permission to your new method definitions
(otherwise, the 'Unauthorized' will remain).

This is what freezes Zope:

Traceback (most recent call last):
File "/", line 674, in emit
msg = self.format(record)
File "/", line 567, in format
return fmt.format(record)
File "/", line 369, in format
s = s + self.formatException(record.exc_info)
File "/", line 342, in
formatException
traceback.print_exception(ei[0], ei[1], ei[2], None, sio)
File "/", line 123, in print_exception
print_tb(tb, limit, file)
File "/", line 68, in print_tb
line = linecache.getline(filename, lineno)
File "/", line 14, in getline
lines = getlines(filename)
RuntimeError: maximum recursion depth exceeded

Regards,
Roman Suzi

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)

Chris Withers wrote:

(please keep the list CC'ed in)

Roman Susi wrote:

What do you mean by freezes? how did you cause this to happen?
>>
>>
>Surely, this is not only a bug but a security issue leading to DS
>attack, IMH
>
>
Well, it's a pretty weird use case from what I can see

Still, it is unclear why it happens

>>

Traceback (most recent call last):
File "/", line 674, in
emit
msg = self.format(record)
File "/", line 567, in
format
return fmt.format(record)
File "/", line 369, in
format
s = s + self.formatException(record.exc_info)
File "/", line 342, in
formatException
traceback.print_exception(ei[0], ei[1], ei[2], None, sio)
File "/", line 123, in
print_exception
print_tb(tb, limit, file)
File "/", line 68, in print_tb
line = linecache.getline(filename, lineno)
File "/", line 14, in getline
lines = getlines(filename)
RuntimeError: maximum recursion depth exceeded

We need more of the traceback, there is no repeating part here so
it's impossible to see what's causing the infinite recursion

>I am not sure how to get the whole traceback
>
>
Well, where did you see the above?

In the log.

>
>Chris, could you put this into Zope issue tracker (with security tick
>as I do not want to make this info public right now)?
>(I've tried but I do not have an account there)
>
>
No, there's nothing stopping you registering at zope.org and doing
this yourself. Furhtermore, I'd guess this is likely a bug in your
code and nothing to do with Zope ;-)
(of course, I could be wrong on that, but I haven't seen any evidence
yet)

Even if it is in my code, it is still too bad to get down the whole Zope
server. Also, it was confirmed as a bug.

cheers,

Chris

Regards,
Roman

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)

Chris Withers wrote:

Roman Susi wrote:
>
>Even if it is in my code, it is still too bad to get down the whole
>Zope server. Also, it was confirmed as a bug.
>
>
Where and who by?

At Zope.org issue tracker by ajung. However, it is not seen as it is
security related.

Chris

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)

9. Dezember 2005 08:04:04 +0200 Roman Susi <rnd (AT) onego (DOT) ruwrote:

Chris Withers wrote:
>
>Roman Susi wrote:
>>
Even if it is in my code, it is still too bad to get down the whole
Zope server. Also, it was confirmed as a bug.
>>
>>
>Where and who by?
>
>
At Zope.org issue tracker by ajung. However, it is not seen as it is
security related.

I did not confirm it as bug. I said that it is possibly a bug but nothing
that worries me so much.
-aj

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)

PGP SIGNATURE
Version: GnuPG v1.4.2 (Darwin)

h8F3jfnyk5+loAviHxrwUus=
=PYAa
PGP SIGNATURE

Andreas Jung wrote:

--
9. Dezember 2005 08:04:04 +0200 Roman Susi <rnd (AT) onego (DOT) ruwrote:
>
>Chris Withers wrote:
>>
Roman Susi wrote:

Even if it is in my code, it is still too bad to get down the whole
Zope server. Also, it was confirmed as a bug.

Where and who by?
>>
>>
>>
>At Zope.org issue tracker by ajung. However, it is not seen as it is
>security related.
>
>
I did not confirm it as bug. I said that it is possibly a bug but nothing
that worries me so much.

-aj

Hi!

I've found the reason for original bug I hit. The recursion was in my
code (and gone away after I corrected it). However, the bug I reported
to Zope.org is still there.
I think its a bug to freeze the whole server by
maximum-recursion-reached error in a product

Regards,
Roman

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)

9. Dezember 2005 15:33:38 +0200 Roman Susi <rnd (AT) onego (DOT) ruwrote:

Hi!

I've found the reason for original bug I hit. The recursion was in my
code (and gone away after I corrected it). However, the bug I reported to
Zope.org is still there.
I think its a bug to freeze the whole server by maximum-recursion-reached
error in a product

There is always a chance to bring Zope down by writing bad code. But I
still do not understand if this is really a Zope problem or just an example
of stupid code.
-aj

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)

PGP SIGNATURE
Version: GnuPG v1.4.2 (Darwin)

J/PhbfCtKAd9WA/0JlU9fkc=
=M3Vc
PGP SIGNATURE

Andreas Jung wrote:

9. Dezember 2005 15:33:38 +0200 Roman Susi <rnd (AT) onego (DOT) ruwrote:

>>
>Hi!
>>
>I've found the reason for original bug I hit. The recursion was in my
>code (and gone away after I corrected it). However, the bug I reported to
>Zope.org is still there.
>I think its a bug to freeze the whole server by maximum-recursion-reached
>error in a product

There is always a chance to bring Zope down by writing bad code. But I
still do not understand if this is really a Zope problem or just an
example of stupid code.

Not sure if filesystem based products qualify, but its like saying that
is it operating system problem or stupid application code which brings
S down'. misbehaving code should not bring down the whole
framework, IMH

-aj

Regards,
Roman

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)

10. Dezember 2005 10:36:16 +0200 Roman Susi <rnd (AT) onego (DOT) ruwrote:

>>
Not sure if filesystem based products qualify, but its like saying that
is it operating system problem or stupid application code which brings
S down'. misbehaving code should not bring down the whole
framework, IMH

Tell me any application or framewokr that you can't bring down with stupid
code :-) In this point Zope is neither better nor worse than any other
system.
-aj

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)

PGP SIGNATURE
Version: GnuPG v1.4.2 (Darwin)

RDJ+5CT+0Pq2/KCqhQVdJ9I=
=TZLS
PGP SIGNATURE

Chris Withers wrote:

Roman Susi wrote:
>
>Not sure if filesystem based products qualify, but its like saying that
>is it operating system problem or stupid application code which brings
>S down'. misbehaving code should not bring down the whole
>framework, IMH
>
>
What is the issue number for this in the zope collector?

1964

Chris

Zope maillist - Zope (AT) zope (DOT) org

** No cross posts or HTML encoding! **
(Related lists -

)