[Zope-Checkins] CVS: Zope/lib/python/Products/PageTemplates - Expressions.py:1.39
Shane Hathaway
shane@cvs.zope.org
Wed, 18 Sep 2002 11:49:00 -0400
Update of /cvs-repository/Zope/lib/python/Products/PageTemplates
In directory cvs.zope.org:/tmp/cvs-serv28223/lib/python/Products/PageTemplates
Modified Files:
Expressions.py
Log Message:
Finished fix for collector #558. restrictedTraverse() was not providing
adequate context for the security manager, resulting in excessive Unauthorized
errors. The previous fix corrected traversal using __bobo_traverse__();
this fix corrects traversal using getattr(). The problem was solved by
simply making use of AccessControl.ZopeGuards.guarded_getattr().
=== Zope/lib/python/Products/PageTemplates/Expressions.py 1.38 => 1.39 ===
--- Zope/lib/python/Products/PageTemplates/Expressions.py:1.38 Wed Sep 18 11:12:46 2002
+++ Zope/lib/python/Products/PageTemplates/Expressions.py Wed Sep 18 11:49:00 2002
@@ -47,6 +47,7 @@
if sys.modules.has_key('Zope'):
import AccessControl
from AccessControl import getSecurityManager
+ from AccessControl.ZopeGuards import guarded_getattr
try:
from AccessControl import Unauthorized
except ImportError:
@@ -59,6 +60,7 @@
call_with_ns
else:
from PythonExpr import getSecurityManager, PythonExpr
+ guarded_getattr = getattr
try:
from zExceptions import Unauthorized
except ImportError:
@@ -331,16 +333,8 @@
raise Unauthorized, name
else:
# Try an attribute.
- o = get(object, name, M)
- if o is not M:
- # Check access to the attribute.
- if has(object, 'aq_acquire'):
- object.aq_acquire(
- name, validate2, validate)
- else:
- if not validate(object, object, name, o):
- raise Unauthorized, name
- else:
+ o = guarded_getattr(object, name, M)
+ if o is M:
# Try an item.
try:
# XXX maybe in Python 2.2 we can just check whether