- 18 May, 2022 3 commits
-
-
Levin Zimmermann authored
Rationale: Converting * to data frame / numpy array efficiently is required in all wendelin projects, without this functionality wendelin is useless. Currently all projects allow this functionality in an insecure way. This commit aims to improve the situation by supporting a secure way of this functionality. (See nexedi/wendelin!99 (comment 158474)) Because pandas (in restricted Python) can also be useful in 'pure' ERP5 (without Wendelin) the functionality is added to ERP5 source code. --- Security: Security is guaranteed by patching selected read_* functions and allowing the patched versions. The patch prohibits anything but string input which directly contains the data (e.g. no urls, file paths). New unit tests ensure the restrictions of the patches are actually effective. --- Notes on implementation decisions: Instead of offering new ERP5 extension methods (e.g. Base_readJson) this commit adds patched pandas read functions in restricted Python. In this way the change of the known API is as minimal as possible. Instead of globally monkey-patching pandas read_* functions, only the functions inside restricted python are patched. In this way the fully-functional, original functions are still available in Zope products or ERP5 extension code. Minor changes in the way how pandas is allowed in restricted python have been applied. Please consult the following discussions in the Merge request for details: nexedi/erp5!1615 (comment 159203) nexedi/erp5!1615 (comment 159341)
-
Levin Zimmermann authored
See merge request nexedi/erp5!1630
-
Levin Zimmermann authored
...for getPortalDataConfigurationTypeList. See !1630 (comment 159889).
-
- 17 May, 2022 5 commits
-
-
Klaus Wölfel authored
-
Valentin Benozillo authored
-
Jérome Perrin authored
Translated property accessor accessor accidentally changed to return on python2 unicode for translated messages and str for non translated messages in a17bb910 To make it worse, CMFCategory's Renderer was swallowing exceptions. This restores translated accessors behavior and changes Renderer to let exceptions propagate See merge request nexedi/erp5!1629
-
Jérome Perrin authored
partially revert a17bb910 (py2/py3: Make Products code compatible with both python2 and python3., 2022-04-13) so that TranslatedPropertyGetter keeps returning utf-8 encoded str (bytes) on python2 and returns text only on python3. This regression caused displaying categories to raise unicode error or to silently not display the labels for.
-
Jérome Perrin authored
This just hides issues.
-
- 16 May, 2022 4 commits
-
-
Julien Muchembled authored
In commit a17bb910 ("py2/py3: Make Products code compatible with both python2 and python3"), 2to3 changed `_.has_key(...)` to `... in _` whereas _ is not a dict. Traceback (innermost last): ... Module OFS.PropertyManager, line 309, in manage_editProperties manage_tabs_message=message) Module Shared.DC.Scripts.Bindings, line 322, in __call__ return self._bindAndExec(args, kw, None) Module Shared.DC.Scripts.Bindings, line 359, in _bindAndExec return self._exec(bound_data, args, kw) Module App.special_dtml, line 185, in _exec try: result = render_blocks(self._v_blocks, ns) Module DocumentTemplate.DT_In, line 707, in renderwob try: append(render(section, md)) Module DocumentTemplate.DT_Let, line 76, in render else: d[name]=expr(md) Module DocumentTemplate.DT_Util, line 210, in eval - __traceback_info__: _ return eval(code, d) Module <string>, line 1, in <module> TypeError: argument of type 'TemplateDict' is not iterable
-
Xiaowu Zhang authored
See merge request nexedi/erp5!1628
-
Xiaowu Zhang authored
-
Romain Courteaud authored
Delete the content of the cache storage (used by erp5js), unregister the service worker and force the browser to reload.
-
- 13 May, 2022 5 commits
-
-
Romain Courteaud authored
It is now replaced by erp5_web_renderjs_ui
-
Jérome Perrin authored
-
Jérome Perrin authored
This is for *StandaloneDeploymentScriptTest* test suites, which download a large disk image during slapos node instance step. For example, on a Wendelin.StandaloneDeploymentScriptTest-Debian.Stretch test run [1], we can see that the slapos node instance started at 2022-05-13 07:50:30,788 and stopped trying at 2022-05-13 07:51:35,885. In the last run, slapos node instance failed, especially this promise: 2022-05-13 07:51:35,701 INFO slapgrid_cp: 2022-05-13 07:51:35 slapos[3548917] ERROR ERROR '/srv/slapgrid/slappart22/t/cjl/i/1/srv/monitor/private/virtual-hard-drive-url/virtual-hard-drive-url-processed-config.state' not empty, content available at https://[???]:8026/private/virtual-hard-drive-url/virtual-hard-drive-url-processed-config.state ... and if we access this URL, we can see the error: [Errno 2] No such file or directory: '/srv/slapgrid/slappart22/t/cjl/i/1/var/virtual-hard-drive-url/update-image-processed.md5sum' which means that the image is still not downloaded. testnode still ignore slapos node instance state return code and run tests anyway, so the test ran and failed later. This image is 1.8Go, when I tried to download it locally it took 56.41 seconds, so it must be generally almost OK. By retrying up to 60 times, we give more time for the slapos node instance step to download the image. [1]: https://softinst161166.host.vifib.net/cjl-oSgtg7v20D/suite.log
-
Jérome Perrin authored
-
Jérome Perrin authored
-
- 11 May, 2022 1 commit
-
-
Jérome Perrin authored
This reverts commit b404b724. Redirects does not make any sense with timerserver responses, let's keep this an error.
-
- 10 May, 2022 2 commits
-
-
Jérome Perrin authored
To workaround a bug with our old pylint / astroid versions
-
Jérome Perrin authored
Revert "py3: sortKey() must be a string as comparison between str and None/int/tuple now raises TypeError." This reverts commit 192c2000. This commit introduced a test failure with testCommitOrder testInvalidationBug.TestInvalidationBug [1] Traceback (most recent call last): File "Products/ERP5/tests/testInvalidationBug.py", line 93, in testCommitOrder self.assertEqual(result_list[1], [0,0]) # activity buffer first AssertionError: Lists differ: [1, 0] != [0, 0] First differing element 0: 1 0 - [1, 0] ? ^ + [0, 0] ? ^ That commit was apparently in the good direction, because transaction API specifies that sortKey must return string https://github.com/zopefoundation/transaction/blob/6cf10102948a8f4e36092a9b402e3859d6db4ccd/CHANGES.rst#141-2013-02-20 https://github.com/zopefoundation/transaction/blob/33448417ab526327757f05e23b1884786c805629/src/transaction/interfaces.py#L524-L534
-
- 09 May, 2022 4 commits
-
-
Jérome Perrin authored
using a css selector also matches: <div class="transition_message transition_message_success">Deleted.</div> unlike the xpath selector which matches only element where class attribute is exactly "transition_message"
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
- 06 May, 2022 8 commits
-
-
Valentin Benozillo authored
Define min and max to integer html field
-
Valentin Benozillo authored
when defining start and end property in ERP5 integer field
-
Valentin Benozillo authored
-
Jérome Perrin authored
"template_keep_path_list" definition was wrong, the tool is uninstalled when updating in wrong order
-
Jérome Perrin authored
This allows executing a script doing REQUEST.RESPONSE.redirect() without error. Before this patch it's an AttributeError similar to: ------ 2022-04-12 03:52:49,083 WARNING ActivityTool Could not call method ... Traceback (most recent call last): ... File "Script (Python)", line 34, in Base_redirect return request.RESPONSE.redirect(redirect_url, status=status_code) AttributeError: TimerResponse instance has no attribute 'redirect'
-
Jérome Perrin authored
Instead of temporarily changing the global timeout, which can impact other parts of the system and which is not free from race conditions ( another thread might have changed the timeout when socket.getdefaulttimeout() is called and then we restore a wrong default timeout).
-
Julien Muchembled authored
See commit 0c2dd107.
-
Rafael Monnerat authored
See merge request nexedi/erp5!1616
-
- 04 May, 2022 8 commits
-
-
Rafael Monnerat authored
For facebook and openid buttons.
-
Rafael Monnerat authored
Like in WebSite_login, came_from is an URI Template so we must expand the URI to handle the {&n.me} that can be present on the URL.
-
Arnaud Fontaine authored
-
Arnaud Fontaine authored
-
Arnaud Fontaine authored
With Python2, properties were all str(). with Python3, we need to distinguish binary-like properties from text-like properties. This should ideally be implemented by checking PropertySheet elementary_type (such as `data` for bytes() and `string` or `text` for str()) for each property. For now (bootstrap/addERP5Site) though, let's consider all properties in .xml to be UTF-8 str() and statically define which is which for non-.xml files.
-
Arnaud Fontaine authored
And _mysql/mysqldb API (_mysql.connection.query()) converts the query string to bytes() (additionally, cursor.execute(QUERY, ARGS) calls query() after converting everything to bytes() too).
-
Arnaud Fontaine authored
-
Arnaud Fontaine authored
-