Jim Fulton wrote:
Stuart Bishop wrote:
...
It was never intended that the ability to control unprotected sub-objects by name would apply to items. It was sloppy coding on my part that item indexes (yes, indexes, like, say, 1) and keys were passed as names. I can certainly understand why people looking at the code and trying things out would come to the wrong conclusion.
But it would depend on which code they looked at. For example, in 2.6.2, the key is not passed to validate when traversing using getitem in unrestrictedTraverse. For this reason, it's brittle to rely on this, even without the recent security changes.
Fundamentally, it's wrong to use the same mechanism for attributes and item keys or indexes. In the recent security work, we tried to address this by not passing the name for for item access. Unfortunately, this broke some code. I *think* that there cannot be too many cases of this.
I I'm pretty sure that I can redo the way we protect dictionaries and lists so that we can provide backward compatability. If I can do this, I will, because backward compatability *is* important, especially for bug-fix releases.
This is done and checked into the Zope 2.7 branch (Zope-2_7-branch). Stuart, can you try this out and make sure that your application works as it did before? Jim -- Jim Fulton mailto:jim@zope.com Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org