[Zope-Checkins]
SVN: Zope/branches/2.10/lib/python/OFS/Traversable.py
Correct view traversal security checks
Florent Guillaume
fg at nuxeo.com
Thu Jul 6 09:44:03 EDT 2006
Log message for revision 69002:
Correct view traversal security checks
Changed:
U Zope/branches/2.10/lib/python/OFS/Traversable.py
-=-
Modified: Zope/branches/2.10/lib/python/OFS/Traversable.py
===================================================================
--- Zope/branches/2.10/lib/python/OFS/Traversable.py 2006-07-06 04:15:00 UTC (rev 69001)
+++ Zope/branches/2.10/lib/python/OFS/Traversable.py 2006-07-06 13:44:01 UTC (rev 69002)
@@ -260,6 +260,10 @@
if next is not None:
next = next.__of__(obj)
+ if restricted:
+ if not securityManager.validate(
+ obj, obj, name, next):
+ raise Unauthorized, name
elif bobo_traverse is not None:
# Attribute lookup should not be done after
# __bobo_traverse__:
More information about the Zope-Checkins
mailing list