Zope

Now with plone.app.theming we are in the lucky situation to deliver really any design with Plone. But there are also designers out in the wild creating designs not compatible with Plones edit-mode. So its sometimes easier to edit in the classic Plone ... [More] UI (Sunburst Theme) using a different web address for editing. And here is how to do it: Consider to configure two adresses http://edit.domain.tld and http://www.domain.tld Add a subscriber to zope.app.publication.interfaces.IBeforeTraverseEvent to configure.zcml Add a file subscriber.py with code to conditionally set the header X-Theme-Disabled: True  in case of edit domain (you may want to improve the condition). def surpress_theme(obj, event):     if event.request['ACTUAL_URL'].startswith('http://edit.'):         event.request.response.setHeader('X-Theme-Disabled', 'True') Restart your instance To test this on localhost just add something like edit.localhost to your /etc/hosts file for 127.0.0.1 and enter http://edit.localhost/Plone in your browser. Image by karlbirrane at flickr under a CC-BY-SA license   [Less]

These sessions are a great way to get up to speed on Plone, learn about aspects of the CMS you have always wanted been interested is, or just hone your skills with some of the best trainers in the Plone community. Details will be available soon on ... [More] the training page of the conference site, along with links for signing up for the classes.  Remember that the cost of training is not included in the conference fee. (The following courses and instructors are confirmed. Course descriptions and details subject to change.) Theming Plone 4 — Chrissy Wainwright — Two DaysThis training session includes front-end design of a Plone 4.0 site from start to finish using two methods: Traditional Plone theming, and using plone.app.theming. The training will be a hands-on, introductory walk-through of the process, using a pre-created sample design. Attendees will need their computers and will be expected to follow along on their own local instances.Prerequisites: Knowledge of XHTML and CSS; Basic familiarity with Plone Cris Ewing — Getting off the Ground with Plone — Two DaysSo you've heard about Plone, this smart, secure and powerful content management system and you'd like to get started. Where to begin? This training course is for you.You'll learn how to install Plone, how to create your first website and get started adding content, how to get quick, simple victories for your new project, and how to deploy your site when you're ready to go live. Martin Aspeli — Plone Development Environment and Deployment Masterclass — Two DaysLearn to develop and deploy like a Plone pro! On the first day, you will learn how to set up a powerful and productive development environment, employing the tools the professionals use to debug, document and release manage their code. The second day will focus on caching, performance optimisation, deployment configuration and application lifecycle management. Technologies covered will include: Buildout; mr.developer; the Python debugger; plone.reload; Sphinx; PyPI-style distribution management; plone.app.caching; HAProxy; Varnish; and nginx.Prerequisites: Some Plone customisation or development experience will be helpful to bring the content into context. Familiarity with the command line will be necessary for day two.  Creating Custom Content Types with Dexterity — Steve McMahon — Two DaysWith Plone 4, the Dexterity content-type-development framework has become a practical and desirable alternative to the Archetypes framework Plone has featured in previous versions. This course will show how it's possible to use Dexterity now to build reliable and maintainable new content types for Plone 4+.Prerequisites: Basic Python, HTML and XML. Command-line skills on your platform of choice. Introduction to Pyramid — Paul Everitt — One DayPyramid is a small, fast, down-to-earth Python web application development framework. It is developed as part of the Pylons Project and shares many technical roots with Zope and Plone.Prerequisites: Basic Python, HTML [Less]

These sessions are a great way to get up to speed on Plone, learn about aspects of the CMS you have always wanted been interested is, or just hone your skills with some of the best trainers in the Plone community. Details will be available soon on ... [More] the training page of the conference site, along with links for signing up for the classes.  Remember that the cost of training is not included in the conference fee. (The following courses and instructors are confirmed. Course descriptions and details subject to change.) Theming Plone 4 — Chrissy Wainwright — Two DaysThis training session includes front-end design of a Plone 4.0 site from start to finish using two methods: Traditional Plone theming, and using plone.app.theming. The training will be a hands-on, introductory walk-through of the process, using a pre-created sample design. Attendees will need their computers and will be expected to follow along on their own local instances.Prerequisites: Knowledge of XHTML and CSS; Basic familiarity with Plone Cris Ewing — Getting off the Ground with Plone — Two DaysSo you've heard about Plone, this smart, secure and powerful content management system and you'd like to get started. Where to begin? This training course is for you.You'll learn how to install Plone, how to create your first website and get started adding content, how to get quick, simple victories for your new project, and how to deploy your site when you're ready to go live. Martin Aspeli — Plone Development Environment and Tooling Masterclass — Two One-Day ClassesTwo one-day classes with first emphasizing development and the second production deployment.Prerequisites: Plone development experience for day one; command-line skills for day two. Creating Custom Content Types with Dexterity — Steve McMahon — Two DaysWith Plone 4, the Dexterity content-type-development framework has become a practical and desirable alternative to the Archetypes framework Plone has featured in previous versions. This course will show how it's possible to use Dexterity now to build reliable and maintainable new content types for Plone 4+.Prerequisites: Basic Python, HTML and XML. Command-line skills on your platform of choice. Introduction to Pyramid — Paul Everitt — One DayPyramid is a small, fast, down-to-earth Python web application development framework. It is developed as part of the Pylons Project and shares many technical roots with Zope and Plone.Prerequisites: Basic Python, HTML [Less]

I'm trying to make a form where I'm storing values outside of the context. Storing is done and working well but now I would like the update method to fill the form on rendering process. So I'm overriding update method of the Form class that way: def ... [More] update(self): super(ConfigurationForm,self).update() form = self.request.form if not form: #We are on a rendering process provider = self.getProvider() settings = provider.get() #TODO: update widget values !? settings is a dict where keys are equals to Interface fields's names. So I have tried many ways to update widgets values: Using dataconverter (too much complex and don't know if this is the only way Updating the self.request.form dict and call again the update method playing with field objects What is the good way to achieve this ? (supporting all kind of field ?) [Less]

It has been a tiring but exciting week in Florence. After four years of national PyCon Italy, the team has been excellent and set up an event that clearly shows the level of maturity of the community. Over the years since the first EuroPython ... [More] conference, the big change is that we don't have to justify our language choice anymore. Actually, I would not even be a programmer it where was no Python. I was a system administrator, more like a plumber than an internal decorator.Python has taken me by hand, teaching and letting me write things I would not have attempted in other languages available at the time. For me, Python was an easy choice, but... difficult to master. As programmers, we make trade-offs and take compromises several times per day, while we design and write applications.Very often we take a different road than we did the day before, because we've seen what lays ahead and want to avoid it, or the customer has changed his mind, or we have a better understanding of the whole. As a matter of fact the right answer to a programming question is often "it depends", because the architectures, markets and business models are getting more and more complex, and we as software craftsmen have none of the certainties than mathematicians or computer science people take for granted. Fortunately for us and our customers, software can be easily changed, and nothing prevents experimenting with different approaches if time allows.But once in a while - typically at the start of a development cycle - we have bigger choices, the decisions that make room for the following ones: the basic architecture. What language(s) are we going to use? (that's easy, Python. but it depends)Light framework or a heavy, full featured one? Relational or non-relational database? And if non-relational, which of the many? Is our application process or data driven, or both? (this is vague. it's usually both) Browser or server side processing? How will it scale to many concurrent users? and so on, and on. At this point, if we pick the wrong road, the application could still be delivered, hopefully in time and the customer will be happy (at first), but the program itself might be a lot more complicated than it needs to be, and hard to change. The price will be paid over time, as new needs come and maintenance is required. Unfortunately for us, some of these are hard questions, also subject of fashions and marker pressure, and it is very hard to have a comprehensive picture just by following technical blogs. That's why I long for conferences like EuroPython, where the scope of the talks is as wide as can be, while still remaining highly technical.Where the authors are ready to discuss about it over the lunch, and everybody is smart for having chosen Python :-) Best talks.. ever :-) A few of the talks tackling old problems in light of new tools and experiences: Relate or !Relate (Mark Ramm-Christensen) Mark explains the difference between the forest of NoSQL databases, and shows that a good SQL DBMS can scale surprisingly well.This is a dear topic to me, because direct approaches in one side require complex contraptions on the other one, and vice-versa.As a side note, lately the MySQL - Postgres debate seems to be over. The latter one has sharply won, if not the market, the minds of the programmers. How to build complex web applications having fun? (Andrew Mleczko) If the user wants both, give them both. Instead of fitting every requirement in a single architecture, try deploying a full-featuredCMS along with a light, flexible framework and divide the tasks -- a little like loading a bike on your camper.You can go anywhere and they integrate well.This is easier today (in the post-WSGI world) thanks to Pyramid, a highly refined foundation for web applications that lets a lotof freedom: should the architecture be modeled after Zope, Plone, Pylons, Turbogears, Rails or Django? With Pyramid, "it depends" is the main concept :) Other worth mentioning Challenges in developing a large Django site (Simon Willison)An iPhone-Python love affair: Building APIs for mobile (Anna Callahan - Nate Aune) I also had fun with Raymond Hettinger, the only developer I've known that adds a +1 charisma bonus within a 10mt radius. In his training track, he tore apart core concepts of Python (classes, decorators, properties, descriptors, dictionaries) and as he spoke rebuilt them using lists only. MacGyver couldn't do better! But really, I could list half of the talks in the schedule, they are that good, and they kept a good balance of more and less advanced matters. and the plone-ish stuff? Sure, I would have liked a few more talks about Zope, Plone, BlueBream or Grok, especially highlighting how they have changed in the latest years, becoming more powerful, easier to extend and deploy, and there should be some effort communicating that to new developers. They are coming to the conference to look for directions, and might go after some fashionable, but less capable tools. [Less]

Last week, the Zope and Plone security teams announced the discovery of a serious security issue affecting all recent versions of Zope and Plone, as well as the planned release of a Hotfix to address this issue to be made today, June 28th at 1500 ... [More] UTC. The Plone and Zope security teams are announcing that this security hotfix is now available for download. For full instructions on how to get and install the Hotfix, go here: http://plone.org/products/plone-hotfix/releases/20110622 To find out more about the details of the issue, answers to common questions and which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 Assistance in installing this hotfix is available free of charge via IRC in #plone-tuneup. If you don't have in-house server administrators or a service agreement supporting your website, you can find consultancy companies under the providers section of Plone.org - http://plone.org/support/network On behalf of the Zope and Plone sec [Less]

This is an update on today's security hotfix release. The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011 (11:00am US EDT.) Updated versions of Zope 2 containing the security fix will be released at the same time. For details on ... [More] which versions of Zope and Plone are affected, please see: http://plone.org/products/plone/security/advisories/20110622 For installation instructions, please see: http://plone.org/products/plone-hotfix/releases/20110622 On behalf of the Zope and Plone security teams, Laurence _______________________________________________ Zope-Announce maillist - Zope-Announce< at >zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev ) [Less]

The fix  was released at 15:00 UTC on Tuesday 28th June, 2011. Full installation instructions. Who should apply the patch Plone 4.x users must apply this patch or update to Zope2 2.12.19 (Plone 4.0) or 2.13.8 (Plone 4.1). Zope 2.12/2.13 users must ... [More] apply this patch or update to Zope2 2.12.19 or 2.13.8. Plone 3.x users: the vulnerability was inadvertently backported by the previous hotfix http://plone.org/products/plone-hotfix/releases/CVE-2011-0720 (PloneHotfix20110720). Plone 3.x users should install both PloneHotfix20110720 and this hotfix to make sure that they are protected against both sets of vulnerabilities. Zope 2.10/2.11 users who are not using Plone: Zope 2.10 and 2.11 users who have not installed PloneHotfix20110720 are not affected by this vulnerability, and should not apply the patch. You should, however, make sure that you are running either Zope 2.10.13 or Zope 2.11.8  and PluggableAuthService 1.5.5, 1.6.5 or 1.7.5 which include fixes for the vulnerabilities in CVE-2011-0720. Please make sure that you have not installed PloneHotfix20110720; remove it if you have. Other versions are not affected. Plone 2.5 and Zope 2.8/2.9 are unaffected; you should not install this hotifx on those sites. Extra help Should you not have in-house server administrators or a service agreement looking after your website you can find consultancy companies under the providers section. There is also free support available online. Questions and Answers Q: When will the patch be made available? A: The Plone and Zope Security Teams released the patch at 15:00 UTC (11:00am US EDT) on Tuesday 28th June, 2011. Q: How was this vulnerability found? A: This issue was found as part of a routine audit performed by the Zope and Plone Security teams. Q: My site is highly visible and mission-critical. I hear the patch has already been developed. Can I get the fix before the release date? A: The Security Team has made the decision to not allow any early release of this patch so as to reduce the risks of exploitation. This decision applies to everyone, even Plone Foundation Members and Board members. Q: If the patch has been developed already, why isn't it already made available to the public? A: The Security Team is still testing the patch and running various scenarios thoroughly. The team is also making sure everybody has appropriate time to plan to patch their Plone installation(s). Some consultancy organizations have hundreds of sites to patch and need the extra time to coordinate their efforts with their clients. Q: How does one exploit the vulnerability? A: For obvious security reasons, the information will not be made available until after the patch is made available. Q: Are there any third-party products I can use to protect my site until the patch is available? A: No. Q: Will making my database read-only protect my site? A: This will not protect against unauthorized data access. Q: What is the hotfix package be named? A: Products.Zope_Hotfix_20110622 Q: I already applied version 1.0 of the hotfix to my site. Do I need to install version 1.0-release2 now? A: No. The code has not changed. The 1.0 release included a __MACOSX resource fork which was confusing for non Mac OS X users. Q: I see "ImportError: No module named traversing" on startup after installing the hotfix. You have installed the hotfix onto a Plone 2.5 or Zope 2.8/2.9 site. The Hotfix is not required; you should remove it. [Less]

The fix  was released at 15:00 UTC on Tuesday 28th June, 2011. Full installation instructions. Who should apply the patch Plone 4.x users must apply this patch or update to Zope2 2.12.19 (Plone 4.0) or 2.13.8 (Plone 4.1). Zope 2.12/2.13 users must ... [More] apply this patch or update to Zope2 2.12.19 or 2.13.8. Plone 3.x users: the vulnerability was inadvertently backported by the previous hotfix http://plone.org/products/plone-hotfix/releases/CVE-2011-0720 (PloneHotfix20110720). Plone 3.x users should install both PloneHotfix20110720 and this hotfix to make sure that they are protected against both sets of vulnerabilities. Zope 2.10/2.11 users who are not using Plone: Zope 2.10 and 2.11 users who have not installed PloneHotfix20110720 are not affected by this vulnerability, and should not apply the patch. You should, however, make sure that you are running either Zope 2.10.13 or Zope 2.11.8  and PluggableAuthService 1.5.5, 1.6.5 or 1.7.5 which include fixes for the vulnerabilities in CVE-2011-0720. Please make sure that you have not installed PloneHotfix20110720; remove it if you have. Other versions are not affected. Plone 2.5 and Zope 2.8/2.9 are unaffected; you should not install this hotifx on those sites. Extra help Should you not have in-house server administrators or a service agreement looking after your website you can find consultancy companies under the providers section. There is also free support available online. Questions and Answers Q: When will the patch be made available? A: The Plone and Zope Security Teams released the patch at 15:00 UTC (11:00am US EDT) on Tuesday 28th June, 2011. Q: How was this vulnerability found? A: This issue was found as part of a routine audit performed by the Zope and Plone Security teams. Q: My site is highly visible and mission-critical. I hear the patch has already been developed. Can I get the fix before the release date? A: The Security Team has made the decision to not allow any early release of this patch so as to reduce the risks of exploitation. This decision applies to everyone, even Plone Foundation Members and Board members. Q: If the patch has been developed already, why isn't it already made available to the public? A: The Security Team is still testing the patch and running various scenarios thoroughly. The team is also making sure everybody has appropriate time to plan to patch their Plone installation(s). Some consultancy organizations have hundreds of sites to patch and need the extra time to coordinate their efforts with their clients. Q: How does one exploit the vulnerability? A: For obvious security reasons, the information will not be made available until after the patch is made available. Q: Are there any third-party products I can use to protect my site until the patch is available? A: No. Q: Will making my database read-only protect my site? A: This will not protect against unauthorized data access. Q: What is the hotfix package be named? A: Products.Zope_Hotfix_20110622 Q: I already applied version 1.0 of the hotfix to my site. Do I need to install version 1.0-release2 now? A: No. The code has not changed. The 1.0 release included a __MACOSX resource fork which was confusing for non Mac OS X users. [Less]

my goal is to inject some HTML-Code in front of every Plone article (between the page's header and the first paragraph)? I'm running Plone 4. Anyone has a hint how to realize that? The other question is: is it possible to place some HTML code randomly in every Plone article? Cheerio, Chris