home contents changes options help subscribe

last edited 4 years ago by simon

A zope PythonScript ("Script (Python)" in the ZMI add menu) is a small chunk of server-side python code editable through the web, which runs as RestrictedCode, meaning there are limits on what you can import or use (cf HowToAddModulesToRestrictedCode).

When you find yourself writing complex logic in DTML or Page Templates, you're usually advised to have your template call a Python Scripts instead.

" Python Scripts can contain a "safe" subset of the python language. Python Scripts must be safe because they can be potentially edited by many different users through an insecure medium like the web. The following safety issues drive the need for secure Python Scripts:

  • Because many users can use Zope, a Python Script must make sure it does not allow a user to do something they are not allowed to do, like deleting an object they do not have permission to delete. Because of this requirement, Python Scripts do many security checks in the course of their execution.

  • Because Python Scripts can be edited through the insecure medium of the web, they are not allowed access to the Zope server's file-system. Normal Python builtins like open() are, therefore, not allowed.

  • Because many standard Python modules break the above two security restrictions, only a small subset of Python modules may be imported into a Python Scripts with the "import" statement unless they have been validated by Zope's security policy. Currently, the following standard python modules have been validated:

    o string

    o math

    o whrandom and random

    o Products.PythonScripts.standard

  • Because it allows you to execute arbitrary python code, the python "exec" statement is not allowed in Python methods.

  • Because they may represent or cause security violations, some Python builtin functions are not allowed. The following Python builtins are not allowed:

    o open

    o input

    o raw_input

    o eval

    o execfile

    o compile

    o type

    o coerce

    o intern

    o dir

    o globals

    o locals

    o vars

    o buffer

    o reduce

  • Other builtins are restricted in nature. The following builtins are restricted:

    'range' --

    Due to possible memory denial of service attacks, the range builtin is restricted to creating ranges less than 10,000 elements long.

    'filter, map, tuple, list' --

    For the same reason, builtins that construct lists from sequences do not operate on strings.

    'getattr, setattr, delattr' --

    Because these may enable Python code to circumvent Zope's security system, they are replaced with custom, security constrained versions.

  • Several utility functions and classes are also available to DTML and Python Scriptss:

    o test

    o namespace

    o render

    o same_type

    o DateTime

    This list is not complete, see the [ZB Advanced Zope Scripting]? chapter.

  • Because the "print" statement cannot operate normally in this context, its effect has been changed. Rather than sending text to stdout, "print" appends to an internal variable. The special builtin name "printed" evaluates to the concatenation of all text printed so far during the current execution of the script. "

Tips

  • print in a function affects 'printed' in the function context, so you must 'return printed' from the function. Then, print that at the top level, and return printed from there as usual. Example:

    def foo()
  print "foo"
  return printed
print foo() # note: will add a second newline
return printed

See also

subtopics: