[Zope-Checkins] CVS: Zope3/lib/python/Zope/Publisher/HTTP - HTTPRequest.py:1.1.2.27 http.zcml:1.1.2.2

[Jim Fulton]

Update of /cvs-repository/Zope3/lib/python/Zope/Publisher/HTTP
In directory cvs.zope.org:/tmp/cvs-serv17050/lib/python/Zope/Publisher/HTTP

Modified Files:
      Tag: Zope-3x-branch
	HTTPRequest.py http.zcml 
Log Message:
HOTYB: Merged SecurityProxy-branch into main branch.  

All tests pass and folders can be listed and added through the web.
It is likely that most other things don't work and will need to be
fixed. The reason is that many accesses that should have been checked
before are now being checked and additional checks and thinking about
permissions and security settings are needed.

I'm in the process of drafting a paper for the wiki that describes the
changes in more detail.


=== Zope3/lib/python/Zope/Publisher/HTTP/HTTPRequest.py 1.1.2.26 => 1.1.2.27 ===
 
     def __setupPath(self):
+
         path = self.get('PATH_INFO', '/').strip()
 
         if path.endswith('/'):
@@ -274,14 +275,15 @@
             path = path[1:] # XXX Why? Not sure
 
         clean = []
-        for item in path.split('/'):
-            if item == '.':
-                continue
-            elif item == '..':
-                try: del clean[-1]
-                except IndexError:
-                    raise NotFound('..')
-            else: clean.append(item)
+        if path:
+            for item in path.split('/'):
+                if item == '.':
+                    continue
+                elif item == '..':
+                    try: del clean[-1]
+                    except IndexError:
+                        raise NotFound('..')
+                else: clean.append(item)
 
         clean.reverse()
         self.setTraversalStack(clean)


=== Zope3/lib/python/Zope/Publisher/HTTP/http.zcml 1.1.2.1 => 1.1.2.2 ===
   <security:protectClass name=".HTTPRequest.URLGetter"
     permission_id="Zope.View" 
-    methods="get, __getitem__" />
+    names="get, __getitem__" />
 
 </zopeConfigure>