[Zope-Checkins] CVS: Zope/lib/python/Shared/DC/Scripts -
Bindings.py:1.10
Tres Seaver
tseaver at zope.com
Thu Jan 15 17:57:52 EST 2004
Update of /cvs-repository/Zope/lib/python/Shared/DC/Scripts
In directory cvs.zope.org:/tmp/cvs-serv22329
Modified Files:
Bindings.py
Log Message:
- Bindings.py: verify access to 'context' and 'container' names before
returning (merged from 2.6 / 2.7 audit).
- dtml/scriptTry.dtml: CGI escapes (merged from 2.6 / 2.7 audit).
=== Zope/lib/python/Shared/DC/Scripts/Bindings.py 1.9 => 1.10 ===
--- Zope/lib/python/Shared/DC/Scripts/Bindings.py:1.9 Mon Aug 19 09:40:42 2002
+++ Zope/lib/python/Shared/DC/Scripts/Bindings.py Thu Jan 15 17:57:21 2004
@@ -14,6 +14,7 @@
__version__='$Revision$'[11:-2]
import Globals
+from AccessControl import getSecurityManager
from Persistence import Persistent
from string import join, strip
import re
@@ -217,6 +218,10 @@
while 1:
self = self.aq_parent
if not getattr(self, '_is_wrapperish', None):
+ parent = getattr(self, 'aq_parent', None)
+ inner = getattr(self, 'aq_inner', None)
+ container = getattr(inner, 'aq_parent', None)
+ getSecurityManager().validate(parent, container, '', self)
return self
def _getContainer(self):
@@ -224,6 +229,10 @@
while 1:
self = self.aq_inner.aq_parent
if not getattr(self, '_is_wrapperish', None):
+ parent = getattr(self, 'aq_parent', None)
+ inner = getattr(self, 'aq_inner', None)
+ container = getattr(inner, 'aq_parent', None)
+ getSecurityManager().validate(parent, container, '', self)
return self
def _getTraverseSubpath(self):
More information about the Zope-Checkins
mailing list