[Zope-Checkins] CVS: Packages/RestrictedPython -
RestrictionMutator.py:1.10.68.4
Tres Seaver
tseaver at zope.com
Tue Apr 5 17:17:45 EDT 2005
Update of /cvs-repository/Packages/RestrictedPython
In directory cvs.zope.org:/tmp/cvs-serv19057/lib/python/RestrictedPython
Modified Files:
Tag: Zope-2_7-branch
RestrictionMutator.py
Log Message:
Hotfix_20050405: prevent untrusted code from shadowing roles on protected methods of base classes.
=== Packages/RestrictedPython/RestrictionMutator.py 1.10.68.3 => 1.10.68.4 ===
--- Packages/RestrictedPython/RestrictionMutator.py:1.10.68.3 Thu Jan 8 18:33:56 2004
+++ Packages/RestrictedPython/RestrictionMutator.py Tue Apr 5 17:17:45 2005
@@ -94,6 +94,9 @@
# Note: "_" *is* allowed.
self.error(node, '"%s" is an invalid variable name because'
' it starts with "_"' % name)
+ if name.endswith('__roles__'):
+ self.error(node, '"%s" is an invalid variable name because '
+ 'it ends with "__roles__".' % name)
if name == "printed":
self.error(node, '"printed" is a reserved name.')
@@ -109,6 +112,9 @@
# Note: "_" *is* allowed.
self.error(node, '"%s" is an invalid attribute name '
'because it starts with "_".' % name)
+ if name.endswith('__roles__'):
+ self.error(node, '"%s" is an invalid attribute name '
+ 'because it ends with "__roles__".' % name)
def prepBody(self, body):
"""Insert code for print at the beginning of the code suite."""
More information about the Zope-Checkins
mailing list