[Zope-Checkins] SVN: Zope/branches/2.10/lib/python/OFS/Traversable.py Correct view traversal security checks

Florent Guillaume fg at nuxeo.com
Thu Jul 6 09:44:03 EDT 2006


Log message for revision 69002:
  Correct view traversal security checks

Changed:
  U   Zope/branches/2.10/lib/python/OFS/Traversable.py

-=-
Modified: Zope/branches/2.10/lib/python/OFS/Traversable.py
===================================================================
--- Zope/branches/2.10/lib/python/OFS/Traversable.py	2006-07-06 04:15:00 UTC (rev 69001)
+++ Zope/branches/2.10/lib/python/OFS/Traversable.py	2006-07-06 13:44:01 UTC (rev 69002)
@@ -260,6 +260,10 @@
 
                     if next is not None:
                         next = next.__of__(obj)
+                        if restricted:
+                            if not securityManager.validate(
+                                obj, obj, name, next):
+                                raise Unauthorized, name
                     elif bobo_traverse is not None:
                         # Attribute lookup should not be done after 
                         # __bobo_traverse__:



More information about the Zope-Checkins mailing list