[Zope-Checkins] SVN: Zope/trunk/lib/python/OFS/Traversable.py Merged 69002 from 2.10 branch:

Thu Jul 6 09:45:15 EDT 2006

Log message for revision 69003:
  Merged 69002 from 2.10 branch:
    Correct view traversal security checks
  

Changed:
  U   Zope/trunk/lib/python/OFS/Traversable.py

-=-
Modified: Zope/trunk/lib/python/OFS/Traversable.py
===================================================================

--- Zope/trunk/lib/python/OFS/Traversable.py	2006-07-06 13:44:01 UTC (rev 69002)
+++ Zope/trunk/lib/python/OFS/Traversable.py	2006-07-06 13:45:15 UTC (rev 69003)
@@ -260,6 +260,10 @@
 
                     if next is not None:
                         next = next.__of__(obj)
+                        if restricted:
+                            if not securityManager.validate(
+                                obj, obj, name, next):
+                                raise Unauthorized, name
                     elif bobo_traverse is not None:
                         # Attribute lookup should not be done after 
                         # __bobo_traverse__:

