[Zope-Checkins] CVS: Zope/lib/python/OFS - FindSupport.py:1.31.6.1
Tres Seaver
tseaver at zope.com
Thu Jan 8 15:58:20 EST 2004
Update of /cvs-repository/Zope/lib/python/OFS
In directory cvs.zope.org:/tmp/cvs-serv5508/lib/python/OFS
Modified Files:
Tag: Zope-2_6-branch
FindSupport.py
Log Message:
- Inadequate security assertions on administrative "find" methods
could potentially be abused.
=== Zope/lib/python/OFS/FindSupport.py 1.31 => 1.31.6.1 ===
--- Zope/lib/python/OFS/FindSupport.py:1.31 Wed Aug 14 17:42:56 2002
+++ Zope/lib/python/OFS/FindSupport.py Thu Jan 8 15:58:19 2004
@@ -22,6 +22,7 @@
from DateTime import DateTime
from string import translate
from AccessControl.DTML import RestrictedDTML
+from AccessControl import ClassSecurityInfo
class FindSupport(ExtensionClass.Base):
"""Find support for Zope Folders"""
@@ -48,6 +49,9 @@
'help':('OFSP','Find.stx')},
)
+ security = ClassSecurityInfo()
+
+ security.declareProtected('View management screens', 'ZopeFind')
def ZopeFind(self, obj, obj_ids=None, obj_metatypes=None,
obj_searchterm=None, obj_expr=None,
obj_mtime=None, obj_mspec=None,
@@ -148,9 +152,10 @@
-
+ security.declareProtected('View management screens', 'PrincipiaFind')
PrincipiaFind=ZopeFind
+ security.declareProtected('View management screens', 'ZopeFindAndApply')
def ZopeFindAndApply(self, obj, obj_ids=None, obj_metatypes=None,
obj_searchterm=None, obj_expr=None,
obj_mtime=None, obj_mspec=None,
@@ -296,7 +301,7 @@
return 1
-Globals.default__class_init__(FindSupport)
+Globals.InitializeClass(FindSupport)
# Helper functions
More information about the Zope-Checkins
mailing list