You are not logged in Log in Join
You are here: Home » Download Zope Products » Zope » Zope » CHANGES.txt

Log in




File details
20 K
File type

File contents

Zope changes

  This file contains change information for the current Zope release. 
  Change information for previous versions of Zope can be found in the
  file HISTORY.txt.

    Zope 2.3.0

      Bugs Fixed

        - The authentication machinery now correctly returns a 400
          (Bad Request) if an invalid authentication token (bad 
          base64 encoding) is sent by a client.

        - ZClasses with very minimal base classes could end up without 
          a '_setId' method, which createInObjectManager expects.

        - Fixed a bug that caused the ExtensionClass __call_method__
          hook to fail when used with unbound C methods.

        - Fixed a bug in the management interface which caused
          the "Paste" button to not show up after a copy or cut
          operation on the first showing of manage_main.

	- Final lexicon optimizations that provide additional
	  performance over previous releases.  In addition, the number
	  of objects that have to be updated is frequently reduced.

	- Merge code for Catalog Text indexes has been integrated.
	  This will now merge the changes in, rather than replacing
	  them.  This should reduce the number of objects that has
	  to be updated.  In addition, when nothing has changed, the
	  object's indexes won't be touched, saving enormous amounts
	  of space for some applications.

	- Flow of the Catalog management screens cleaned up so that
	  pages are refreshed correctly.  Buttons on the Advanced
	  tab refresh to the Advanced tab now.

	- Further management interface cleanup of the Lexicon to
	  bring in line with the normal ZMI.

    Zope 2.3.0 beta 3

      Bugs Fixed

        - The import / export button did not show up if a folder was

        - A problem in acquisition wrapping of users obtained though
          the SecurityManager caused certain ownership operations to
          fail (this manifested itself as a report about broken DAV
          MOVE operations).

        - The Zope management screens no longer try to set a default
          charset with the content-type.

        - Certain security related operations were failing due to 
          argument mismatch errors (too many arguments).

        - Passing unicode data to html_quote could cause problems 
          since html_quote was trying to screen out two characters
          that many browsers are willing to accept as html special
          characters (to prevent "cross-site scripting" attacks). 
          This has been moved out of html_quote and into the RESPONSE
          object, where the chars will be quoted only if no charset 
          is defined for the content-type or the charset is an alias
          for Latin-1.

        - Rename via FTP was not supported.

        - Changed index_html, standard_html_header, standard_html_footer,
          and standard_error_message in to use "new" DTML syntax
          (as opposed to SSI-style syntax).

        - meta_type of all DTML Methods in object manager
          "_objects" lists is now "DTML Method".  It had been "Document",
          which caused inaccurate superValues results if 'spec'
          was used.

        - Make ZClasses navigable to FTP/WebDAV; implement 'PUT_factory'
          hook to create PythonScripts (for MIMEtype 'text/x-python')
          and DTMLMethods (for other 'text' MIMEtypes) (Collector #998).

        - Calling manage_addProperty with a list value and a type of 'lines' 
          caused a string representation of the list to be stored.

        - Submitting the proxy roles form without selecting any roles to
          be used as proxy roles caused objects with proxy role support to 
          silently become unexecutable (have effectively empty proxy roles)
          rather than raising an error. The proxy role api now requires that
          at least one role be passed in or an error will be raised.

        - Mechanisms in the underbelly of the Catalog and Globbing
          Lexicon (which is the default for all new Catalogs) has been
          overhauled given substantial performance increases.  On
          simple queries, performance should double (or more) in many
          situations, whereas with globbed queries it may increase by
          substantially more.

        - A method in SQLMethod objects had been removed but the reference
          to it in __ac_permissions__ had not, which caused failure on 
          attempting to set permissions on SQLMethods.

        - A bit of exception handing in the dtml-in tag implementation was 
          too general and could hide subsequent rendering exceptions (thanks 
          to Richard Jones for the patch).

        - Cacheability was not fully enabled for DTML Documents.

    Zope 2.3.0 beta 2

      Bugs Fixed

        - Changed management style sheet to explicitly set the http 
          content-type to avoid a rendering problem on resize in 
          NS browsers.

        - index_html now shows zope_quick_start instead
          of old, inaccurate content.

        - Changed index_html, standard_html_header, standard_html_footer,
          and standard_error_message in to use "new" DTML syntax
          (as opposed to SSI-style syntax).

        - The way that the default management tree view imposed sorting 
          in its tree tag dtml made it hard for custom objects to provide
          a sorting that would be more appropriate for the custom object. 
          The management tree view now preserves whatever ordering is 
          returned from tpValues. The default tpValues implementation in
          the ObjectManager class sorts by id by default.

        - Disallowed object IDs that start with "aq_".

        - Changed the default support for "domain authentication mode" 
          in UserFolder to be disabled by default. Domain auth mode 
          was implemented for a very specific case long ago and causes 
          a lot of overhead for anonymous accesses that are needless 
          for the 99% case. People who actually want domain auth mode 
          turned on may call a new 'setDomainAuthenticationMode' method
          to enable it if they wish.

        - Changed the implementation of emergency_user to be backward 
          compatible with the expectations of third-party user folders. 
          Third party user folders should now work with Zope 2.3 without

        - A bug in the search interface generation for ZCatalogs was 

        - An integrity check for the global product registry has been 
          added at startup to mitigate registry consistency problems 
          caused by things like missing base classes that cannot be 
          detected by Zope (like removing a Product that another 
          Product depends upon).  If a problem is detected, the global
          registry is automatically rebuilt and the action is logged.

        - A bug in the rendering of 'record' type form variables when
          rendering a request object was fixed.

        - A bug that cause setting of proxy roles for Python Scripts 
          to fail was fixed.

    Zope 2.3.0 beta 1

      Features Added

        - Added a hook that allows user folders to provide a logout

        - Added a browser preferences screen to allow people to 
          tweak the management UI to their liking. For the folks who 
          complained that they didn't like the new top frame, they 
          can (among other things) turn it off from the browser 
          preferences screen.

        - Added Michel's new QuickStart material. I haven't quite 
          decided whether the old QuickStart should go away or 
          stay around as a source of examples.

        - The logout function has been implemented in a fairly minimal 
          way. We may try to make this nicer by final if we get time.

        - The ZCatalog interface is now cleaned up and matches the new 
          interface look and feel better. In addition some logical
          reorganization was made to move things onto an Advanced tab.

        - Result sets from the Catalog are now much Lazier, and will
          do concatenation with eachother in a lazy fashion.  This was
          suggested by Casey Duncan in Collector #1712.

      Bugs Fixed

        - Added a deprecated alias to UnrestrictedUser, Super, for use
          by user folder products that depend on the old class name.

        - Fixed path for management interface files used for
          CatalogPathAwareness and Aqueduct.

        - Fixed a NameError in HTTPRequest.

        - Made manage_page_style.css correctly available to all.

        - ZCatalog objects now show up in the Add List in the same
          naming convention that was used for all other Z* objects.
          This does *not* affect the meta_type that is actually used
          for the object itself.

        - (Collector #1835, 1820, 1826) Eliminated errors in both
          Field and Keyword indexes where old keys might show up in
          'uniqueValuesFor()' because of the way the data structures
          were kept around.

        - (Collector #1823)Eliminated situation where if the Catalog
          did not have a metadata record for 'meta_type' the Cataloged
          Objects view would be incorrect and list everything as a
          'ZCatalog'. Now it simply lists it as 'Unknown'.

        - (Collector #1844) On the brains returned from ZCatalog
          queries, 'getObject()' now tries to resolve URLs as well as
          paths.  This should catch more cases.

        - Tags generated for ImageFile objects attempted to use 
          title_or_id(), which is not defined for those objects.

        - Mounting now fails gracefully in when getId() is not
          available in the mounted object.

    Zope 2.3.0 alpha 2

      Features Added

        - The install machinery for source release has been modified 
          to allow Zope to build out of the box for Python 2.0. Note 
          however, that Python 2.0 is still not officially supported. 
          You may see quite a few warnings from the extension builder 
          when compiling for Python 2.

        - A new module, AccessControl.Permissions has been added to 
          make it easier to use the new security assertion spelling. 
          The new module provides consistent symbolic constants for 
          the standard Zope permissions.

        - Cache manager support added.  This allows site administrators
          to ease the burden on their site in a very configurable
          way.  It also provides an API for developers to follow when
          experimenting with caching strategies.

        - The ZPublisher 'method' form variable type has been 
          deprecated in favor of 'action'. The behavior is the 
          same, only the official (and documented in the Zope
          book) name has changed. The 'method' name is still 
          supported for backward compatibility.

        - The 'objectIds' and 'objectValues' methods of ObjectManager
          derived objects are no longer directly Web-accessible. This 
          is a topic that has come up over and over on the lists. Some 
          (xml-rpc, mostly) users may depend on this behavior - applications
          that need access to this information remotely should be modified 
          so that a Python Script or DTML Method can explicitly pass 
          the data. 
        - The Image.tag() and ZopeAttributionButton methods now return an
          image tag that is XHTML compatible; a space and a slash have been

        - SQLMethods can now be edited via FTP and WebDAV tools. Thanks to 
          Anthony Baxter for his FTP support patches.

        - The Catalog has been slightly overhauled to manage object
          paths instead of URLs in its tables.  This should not cause
          any backward compatability concern, but everyone upgrading
          should read the web pages on the site at:

          this will provide information about how to upgrade and new
          features on the result sets, like getObject and
          getPath. These are very important.
        - SiteAccess 2.0 has been added, to enable virtual hosting.

        - The StandardCacheManagers product has been added as a primary
          product, making it easier to get started with caching.

        - The class DTMLFile has been added alongside of HTMLFile.
          It supports name bindings, ignores positional parameters,
          and puts the container on top of the namespace by default.
          Most HTMLFiles should work the same (or more securely) if
          converted to a DTMLFile.  Most management interface methods
          should be converted by the final release of 2.3.

        - Added a variable called PUBLISHED to REQUEST.  From now on,
          this variable should be used instead of PARENTS for user

        - The inituser file is now read even when one user has been
          created.  This provides a way to reset the password after
          a new user installs Zope but ignores the generated password.

        - ZCatalogs have a reduced number of management interface tabs.

        - ZCatalog keyword and field indexes have been modified to use
          a merge strategy when existing indexes are updated.  When an
          existing object is indexed, the contents of field and
          keyword indexes are merged with the changes detected between
          the existing contents of the index and the new content.

        - CatalogPathAware class added.  This will eventually replace

        - The ManagementInterfaceQuickFix project was merged in. The 
          Zope management interface has been tweaked in various ways 
          to improve productivity and consistency and is now at least 
          slightly less ugly :)

      Bugs Fixed

        - A misspelled function name which prevented the addition of
          properties was corrected.

        - Caused PropertySheets to restrict IDs the same way
          ObjectManager does.

        - (Collector #1586) Fixed situation where the Catalog would
          attempt to loop over a bucket as if it were a list, which
          won't work.  This was reported by Steve Alexander with a

        - Corrected local role computation (Hotfix 2000-12-15)

        - The basic user folder implementation in was changed
          to use the Zope security policy machinery.  see

          ChangeUserFoldersToUseSecurityPolicyAPI for details.

        - Trying to cut or copy with no items selected now returns a 
          nicer error message.

        - A roles keyword argument was added to ZopeSecurityPolicy.validate
          to enable callers to pass in roles as opposed to allowing the
          machinery to figure it out for itself.

        - Some product context initialization related to setting roles
          was updated.

    Zope 2.3.0 alpha 1
      Features Added

        - Python Scripts are now part of the Zope core. Big whopping 
          kudos to Evan Simpson for all of the work he has put into 
          this! Having Python Scripts in the core will allow people 
          to much more easily separate logic and presentation (and 
          get that logic out of DTML!) More information and prototype 
          documentation for Python Scripts can be found in the 

        - Added the __replaceable__ property support to ObjectManager.
            This is currently documented only in the Wiki.

        - Added unit tests for the DateTime module.

        - Added new BASEPATHn and URLPATHn variables in the REQUEST
          object, and changed Zope core DTML files to use BASEPATH1
          instead of SCRIPT_NAME.

        - Added new getId() method to SimpleItem.Item. This should 
          now be used instead of referencing '' directly, 
          as it is guaranteed to always be a method and to always 
          return the right thing regardless of how the id of the 
          object is stored internally.

        - Improved Ownership controls. Now you simply choose whether
          or not to take ownership of sub-objects when taking
          ownership. There is no need to control implicit/explicit

        - Changed the Zope installation procedure so it is only
          necessary to create one user account and that user is
          stored in the ZODB. The user created at startup now is 
          simply a normal intial "Manager", not the "superuser". 
          It is no longer necessary to login, create an initial 
          manager, logout and log back in! Woohoo!

        - Implemented the "emergency user" concept, which is the new
          name for what was called the superuser. The emergency user 
          doesnt even exist now until you explicitly create it.
        - Added new "WebDAV source view" HTTP handler, enabled by new
          '-W' (note uppercase) switch to  This handler is *not*
          enabled by default.

        - Implemented "hookable PUT creation" (allows containers to
          override webdav.NullResource's guess at the type of object
          to create when PUT is done to an unknown ID).

        - Added to the utilities directory. The testrunner 
          is a basic utility for running PyUnit based unit tests. It can 
          be used to run all tests found in the Zope tree, all test suites
          in a given directory or in specific files. The testrunner will 
          be used to ensure that all checked in tests pass before releases 
          are made. For more information, see the docstring of the actual

        - The Interface scarecrow package has been checked in - more work
          will likely be done on it before it goes into wide use. See 
          Michel's "Zope Interfaces" project on for details:

        - PyUnit has been checked into the core. Along with the testrunner,
          this provides enough infrastructure for us to incrementally begin 
          accumulating (and running!) test suites for various parts of the 
          Zope core.

        - The new security assertion support has been checked in. For 
          more information and an updated version of the "Zope security 
          for developers" guide see the project on

      Bugs Fixed

        - Removed some cruft in OFS/ (an old data
          structure was being constructed but was going unused in
          favor of a newer structure used in conjunction with the
          mimetypes module).

        - (Collector #1650)Where the underlying object does not define
          its own '__cmp__()', comparisons of acquisition-wrapped
          objects fall back to comparing the identities *of the
          wrappers* .  Fixed to unwrap the object (both, if needed)
          before comparing identities.

        - (Collector #1687 Products which register base classes
          for ZClasses typically defer creating them until product
          registration;  the derived ZClass needs them to be available
          immediately after import.  Deprecated
          'ProductContext.registerZClass' and
          'ProductContext.registerBaseClass' in favor of a new function,
          'ZClasses.createZClassForBase' (because none of the machinery
          needed a ProductContext instance anyway).

        - (Collector #1355) Fixed overlapping HTTP POST requests in
          ZServer which could have been corrupted. Thanks to Jeff

        - Undid a bug fix that caused the DateTime unit tests to fail.

        - Removed the requirement that an "access" file exist.
          "access" is now only needed to create an emergency user

        - Disabled the monitor port by default because, initially,
          there is no emergency user, and thus no password that
          can be used to protect the port.

        - Secured the hole that was patched by Hotfix_2000-12-08.

        - Disallowed object IDs that end with two underscores.

        - Caused PropertyManager to restrict id's the same way
          ObjectManager does.