-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Overview
========

In response to the cross-site scripting vulnerability in Zope2 reported as
'CVE 2010-1104'[1], the Zope security response team announces the
availablility of a hotfix product (for Zope < 2.12), and new releases for
the Zope 2.12 and 2.13 lines:

Hotfix:  http://pypi.python.org/pypi/Products.Zope_Hotfix_CVE_2010_1104

Zope 2.12.22:  http://pypi.python.org/pypi/Zope2/2.12.22

Zope 2.13.12:  http://pypi.python.org/pypi/Zope2/2.13.12


WARNING: Zope < 2.12 is no longer officially supported, and may have
         other unpatched vulnerabilities. You are encouraged to
         upgrade to a supported Zope 2.


Installing the Hotfix
=====================

The hotfix has been tested with Zope instances using Zope 2.8.x - 2.11.x.
Users of Zope 2.12.x and 2.13.x should instead update to the latest
corresponding minor revision, which already includes this fix.

Download the tarball from the PyPI page:

 http://pypi.python.org/pypi/Products.Zope_Hotfix_CVE

Last year I wrote a blog about adding interfaces to anonymous functions in Python. Since then I have being programming in .Net (C# and VB.Net) and was curious to see how easy it would be to achieve something similar in C#. I'm not using any IoC frameworks in C# so I wrote a very stupid one just for testing.

C# differs in a few key areas. You can't modify an object’s properties at runtime in C# without doing some Assembly hacking and even if you could, you can't add interfaces to anonymous or lamdba functions. So adding an interface and then adapting a runtime object based on its interfaces isn’t possible, so I ended up having to pass both interfaces around at all points (not ideal). The other major difference is that C# requires strict typing of the anonymous function so you can see 2 explicit casts in the code.

This isn’t the correct way of achieving this in C# but I found the contrast of coding something Pythonic in a different language interesting.

public interface IConcreteInterface { }
public interface ILambdaExpression { }

public class AdapterManager
{
    protected readonly List<Adapter> services = new List<Adapter>();

    public void registerAdapter<T, U>(object val)
    {
        var adapter = new Adapter() {
            adapts = typeof(U),
            implements = typeof(T),
            val = val
        };
        services.Add(adapter);
    }

    public object resolve<T, U>()
    {
        return (from x in services where x.adapts == typeof(U) && x.implements == typeof(T) select x.val).Single();
    }
}

var gsm = new AdapterManager();
gsm.registerAdapter<IConcreteInterface, ILambdaExpression1>((Func<string>)(() => "Hello World"));

var adapted = gsm.resolve<IConcreteInterface, ILambdaExpression1>();
var lambdaExp = (Func<string>)result
var result = lambdaExp();

In praise of complaining, even when the complaints are absurd.