[Zope-Checkins]
CVS: Zope/lib/python/Products/PluginIndexes/TopicIndex
- FilteredSet.py:1.7
Tres Seaver
tseaver at zope.com
Thu Jan 15 18:17:22 EST 2004
Update of /cvs-repository/Zope/lib/python/Products/PluginIndexes/TopicIndex
In directory cvs.zope.org:/tmp/cvs-serv26041/lib/python/Products/PluginIndexes/TopicIndex
Modified Files:
FilteredSet.py
Log Message:
- Don't use bare 'eval' to check filtered set membershp (merge from
2.6 / 2.7 audit).
=== Zope/lib/python/Products/PluginIndexes/TopicIndex/FilteredSet.py 1.6 => 1.7 ===
--- Zope/lib/python/Products/PluginIndexes/TopicIndex/FilteredSet.py:1.6 Wed Dec 31 16:18:03 2003
+++ Zope/lib/python/Products/PluginIndexes/TopicIndex/FilteredSet.py Thu Jan 15 18:17:17 2004
@@ -18,6 +18,7 @@
from Persistence import Persistent
from Globals import DTMLFile
from zLOG import WARNING,LOG
+from RestrictedPython.Eval import RestrictionCapableEval
import sys
@@ -69,7 +70,7 @@
def index_object(self, documentId, o):
try:
- if eval(self.expr): # XXX trusted code!
+ if RestrictionCapableEval(self.expr).eval({'o': o}):
self.ids.insert(documentId)
else:
try:
More information about the Zope-Checkins
mailing list