[CMF-checkins] SVN: CMF/branches/1.6/C Fix
http://dev.plone.org/plone/ticket/5904 by using the property
api to determine member selected skin,
rather than direct attribute access
Alec Mitchell
apm13 at columbia.edu
Sun Apr 15 01:06:21 EDT 2007
Log message for revision 74143:
Fix http://dev.plone.org/plone/ticket/5904 by using the property api to determine member selected skin, rather than direct attribute access
Changed:
U CMF/branches/1.6/CHANGES.txt
U CMF/branches/1.6/CMFCore/SkinsTool.py
-=-
Modified: CMF/branches/1.6/CHANGES.txt
===================================================================
--- CMF/branches/1.6/CHANGES.txt 2007-04-15 05:05:15 UTC (rev 74142)
+++ CMF/branches/1.6/CHANGES.txt 2007-04-15 05:06:19 UTC (rev 74143)
@@ -2,9 +2,12 @@
Bug Fixes
+ - Use the property API to get the member specific skin, because
+ direct attribute access won't work with PAS based membership.
+ (http://dev.plone.org/plone/ticket/5904)
+
- Add POST-only protections to security critical methods (see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0240).
- [mj, bloodbare, alecm]
CMF 1.6.3 (2007/02/02)
Modified: CMF/branches/1.6/CMFCore/SkinsTool.py
===================================================================
--- CMF/branches/1.6/CMFCore/SkinsTool.py 2007-04-15 05:05:15 UTC (rev 74142)
+++ CMF/branches/1.6/CMFCore/SkinsTool.py 2007-04-15 05:06:19 UTC (rev 74143)
@@ -306,8 +306,8 @@
mtool = getToolByName(self, 'portal_membership')
utool = getToolByName(self, 'portal_url')
member = mtool.getAuthenticatedMember()
- if hasattr(aq_base(member), 'portal_skin'):
- mskin = member.portal_skin
+ if hasattr(aq_base(member), 'getProperty'):
+ mskin = member.getProperty('portal_skin', None)
if mskin:
req = self.REQUEST
cookie = req.cookies.get(self.request_varname, None)
More information about the CMF-checkins
mailing list