Zope Weekly News is a digest of some of the useful and
interesting events which have occurred on the various Zope mailing
lists and the Zope.org site. It is published each Wednesday
Any opinions contained in the Zope Weekly News are those of the
* A security hole has been found and patched. The problem, found
thanks to Kevin Littlejohn’s efforts, affects those sites which
make their Zope management interface available to untrusted users.
All Zope users are encouraged to read the announcement and update
their Zope installation. Patches are available for both 2.x and
This patch forced two new Zope releases, 2.1.2 and 1.10.4.
* Jephte CLAIN has released a new NT Domain authenticator:
jcNTUserFolder. Jephte’s Product differs from “htrd”‘s in that
roles are given through the web and impersonation is not used.
* “Drew” updated the Photo Product. Photo resizes images to the
user’s preferred size. The present version is 0.1.0.
* “vladap” updated the mysqlUserFolder Product. This update
fixes a folder creation bug. mysqlUserFolder allows you to
authenticate users with data stored in a mysql database. It also
allows you to store arbitrary per-user data, and it supports HTTP
and cookie-based authentication schemes. The present version is
* Jephte CLAIN has also released two patches, one to the MIME
tag, and one to the import/export system.
The MIME patch adds *_expr versions of the type, disposition,
encode and name attributes of the MIME tag. These allow you to
evaluate an expression for the value of the attribute rather than
specifying a literal value. The patch also adds the attributes
filename and filename_expr to the tag. These attributes supply
hints that the client will use to determine the file’s name.
The import/export patch allows you to import objects through the
web instead of having to place files on the filesystem.
* “phd” released an update to the mod_pcgi2 package. This update
adds a PCGI_ROOT command for virtual hosting. mod_pcgi2 is an
Apache module which moves the PCGI client into Apache’s address
space, preventing the need to start a new process to avoid the
“fork tax”. The present version is 0.2.0.
* “Gregor” had some quibbles with a couple aspects of Zope’s
user interface. He wrote and submitted a How-To describing how to
prevent the “Powered by Zope” link from opening in a frame, and how
to make the Zope document editing TEXTAREA soft-wrap.
* Olivier Deckmyn has just started what stands to be an
interesting thread for those wishing to take the first step
developing Zope applications. Olivier has a set of classes which
implement the logic of the application he wishes to produce. He is
looking for advice on how to move from a set of standalone objects
to a Zope application.
* To ring in the new year, Wei Tao started a Zope wishlist
thread. Got a wish, rant or suggestion? Chime in.
* A thread significant to Product developers: Martijn Faassen
desires to develop a set of Product standards. He points out that
there are some rather arcane things that one has to do to produce a
well-behaved Zope Product, but that many people do not know what
they are and even those who do know do not always know _why_
(“voodoo programming”). Martijn makes a number of suggestions to
rectify this problem. Chris McDonough graciously offers to
contribute some effort to the cause.