[Zope-Checkins] SVN: Zope/branches/Zope-2_8-branch/ Collector
#1914: Harden 'call_with_ns' against namespaces from other callers.
Tres Seaver
tseaver at palladion.com
Tue Oct 11 11:19:18 EDT 2005
Log message for revision 39044:
Collector #1914: Harden 'call_with_ns' against namespaces from other callers.
o Forward-port from 2.7 branch.
Changed:
U Zope/branches/Zope-2_8-branch/doc/CHANGES.txt
U Zope/branches/Zope-2_8-branch/lib/python/Products/PageTemplates/ZRPythonExpr.py
A Zope/branches/Zope-2_8-branch/lib/python/Products/PageTemplates/tests/testZRPythonExpr.py
-=-
Modified: Zope/branches/Zope-2_8-branch/doc/CHANGES.txt
===================================================================
--- Zope/branches/Zope-2_8-branch/doc/CHANGES.txt 2005-10-11 14:55:14 UTC (rev 39043)
+++ Zope/branches/Zope-2_8-branch/doc/CHANGES.txt 2005-10-11 15:19:18 UTC (rev 39044)
@@ -33,6 +33,10 @@
Bugs Fixed
+ - Collector #1914: Hardened 'call_with_ns' (in
+ 'Products.PageTemplates.ZRPythonExpr') against namespaces from other
+ callers than page templates.
+
- Collector #1490: Added a new zope.conf option to control the
character set used to encode unicode data that reaches
ZPublisher without any specified encoding.
Modified: Zope/branches/Zope-2_8-branch/lib/python/Products/PageTemplates/ZRPythonExpr.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/Products/PageTemplates/ZRPythonExpr.py 2005-10-11 14:55:14 UTC (rev 39043)
+++ Zope/branches/Zope-2_8-branch/lib/python/Products/PageTemplates/ZRPythonExpr.py 2005-10-11 15:19:18 UTC (rev 39044)
@@ -62,8 +62,11 @@
def call_with_ns(f, ns, arg=1):
td = Rtd()
- td.this = ns['here']
- td._push(ns['request'])
+ # prefer 'context' to 'here'; fall back to 'None'
+ this = ns.get('context', ns.get('here'))
+ td.this = this
+ request = ns.get('request', {})
+ td._push(request)
td._push(InstanceDict(td.this, td))
td._push(ns)
try:
Added: Zope/branches/Zope-2_8-branch/lib/python/Products/PageTemplates/tests/testZRPythonExpr.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/Products/PageTemplates/tests/testZRPythonExpr.py 2005-10-11 14:55:14 UTC (rev 39043)
+++ Zope/branches/Zope-2_8-branch/lib/python/Products/PageTemplates/tests/testZRPythonExpr.py 2005-10-11 15:19:18 UTC (rev 39044)
@@ -0,0 +1,48 @@
+""" Unit tests for Products.PageTemplates.ZRPythonExpr
+
+$Id
+"""
+import unittest
+
+class MiscTests(unittest.TestCase):
+
+ def test_call_with_ns_prefer_context_to_here(self):
+ from Products.PageTemplates.ZRPythonExpr import call_with_ns
+ context = ['context']
+ here = ['here']
+ request = {'request': 1}
+ names = {'context' : context, 'here': here, 'request' : request}
+ result = call_with_ns(lambda td: td.this, names)
+ self.failUnless(result is context, result)
+
+ def test_call_with_ns_no_context_or_here(self):
+ from Products.PageTemplates.ZRPythonExpr import call_with_ns
+ request = {'request': 1}
+ names = {'request' : request}
+ result = call_with_ns(lambda td: td.this, names)
+ self.failUnless(result is None, result)
+
+ def test_call_with_ns_no_request(self):
+ from Products.PageTemplates.ZRPythonExpr import call_with_ns
+ context = ['context']
+ here = ['here']
+ names = {'context' : context, 'here': here}
+
+ def _find_request(td):
+ ns = td._pop() # peel off 'ns'
+ instance_dict = td._pop() # peel off InstanceDict
+ request = td._pop()
+ td._push(request)
+ td._push(instance_dict)
+ td._push(ns)
+ return request
+
+ result = call_with_ns(_find_request, names)
+ self.assertEqual(result, {})
+
+def test_suite():
+ return unittest.makeSuite(MiscTests)
+
+if __name__ == '__main__':
+ unittest.main(defaultTest='test_suite')
+
More information about the Zope-Checkins
mailing list