[Zope-Checkins] CVS: Zope2 - DT_Util.py:1.72.18.8
shane@digicool.com
shane@digicool.com
Fri, 27 Apr 2001 11:17:08 -0400 (EDT)
Update of /cvs-repository/Zope2/lib/python/DocumentTemplate
In directory korak:/tmp/cvs-serv19775
Modified Files:
Tag: RestrictedPythonBranch
DT_Util.py
Log Message:
- Added optional limited builtins.
- Made '_vars' available because some DTML (like the proxy roles UI)
actually uses it. (!)
--- Updated File DT_Util.py in package Zope2 --
--- DT_Util.py 2001/04/27 00:45:53 1.72.18.7
+++ DT_Util.py 2001/04/27 15:17:04 1.72.18.8
@@ -90,6 +90,8 @@
from RestrictedPython.Utilities import utility_builtins
from RestrictedPython.Eval import RestrictionCapableEval
+LIMITED_BUILTINS = 1
+
str=__builtins__['str'] # Waaaaa, waaaaaaaa needed for pickling waaaaa
ParseError='Document Template Parse Error'
@@ -117,13 +119,22 @@
def __init__(self, f):
self.__call__ = f
-d=TemplateDict.__dict__
+d = TemplateDict.__dict__
for name, f in safe_builtins.items() + utility_builtins.items():
if type(f) is functype:
d[name] = NotBindable(f)
else:
d[name] = f
+if LIMITED_BUILTINS:
+ # Replace certain builtins with limited versions.
+ from RestrictedPython.Limits import limited_builtins
+ for name, f in limited_builtins.items():
+ if type(f) is functype:
+ d[name] = NotBindable(f)
+ else:
+ d[name] = f
+
# The functions below are meant to bind to the TemplateDict.
_marker = [] # Create a new marker object.
@@ -181,11 +192,12 @@
if guard is not None:
self.prepRestrictedCode()
code = self.rcode
- d = {'_': md, '_read_': guard, '__builtins__': None}
+ d = {'_': md, '_vars': md,
+ '_read_': guard, '__builtins__': None}
else:
self.prepUnrestrictedCode()
code = self.ucode
- d = {'_': md}
+ d = {'_': md, '_vars': md}
d.update(self.globals)
has_key = d.has_key
for name in self.used: