[Zope-Checkins] SVN: Zope/trunk/ Don't publish acquired attributes if acquired object has no docstring.

Hanno Schlichting hannosch at hannosch.eu
Sun Feb 6 10:03:48 EST 2011 

Log message for revision 120143:
  Don't publish acquired attributes if acquired object has no docstring.
  

Changed:
  U   Zope/trunk/doc/CHANGES.rst
  U   Zope/trunk/src/ZPublisher/BaseRequest.py
  U   Zope/trunk/src/ZPublisher/tests/testBaseRequest.py

-=-
Modified: Zope/trunk/doc/CHANGES.rst
===================================================================
--- Zope/trunk/doc/CHANGES.rst	2011-02-06 15:01:52 UTC (rev 120142)
+++ Zope/trunk/doc/CHANGES.rst	2011-02-06 15:03:48 UTC (rev 120143)
@@ -10,6 +10,9 @@
 
 Bugs Fixed
 ++++++++++
+ 
+- LP #713253: Prevent publication of acquired attributes, where the acquired
+  object does not have a docstring.
 
 - Fix `LazyMap` to avoid unnecessary function calls.
 

Modified: Zope/trunk/src/ZPublisher/BaseRequest.py
===================================================================
--- Zope/trunk/src/ZPublisher/BaseRequest.py	2011-02-06 15:01:52 UTC (rev 120142)
+++ Zope/trunk/src/ZPublisher/BaseRequest.py	2011-02-06 15:03:48 UTC (rev 120143)
@@ -126,15 +126,15 @@
                     # Again, clear any error status created by __bobo_traverse__
                     # because we actually found something:
                     request.response.setStatus(200)
-                    return subobject
                 except AttributeError:
                     pass
 
                 # Lastly we try with key access:
-                try:
-                    subobject = object[name]
-                except TypeError: # unsubscriptable
-                    raise KeyError(name)
+                if subobject is None:
+                    try:
+                        subobject = object[name]
+                    except TypeError: # unsubscriptable
+                        raise KeyError(name)
 
         # Ensure that the object has a docstring, or that the parent
         # object has a pseudo-docstring for the object. Objects that

Modified: Zope/trunk/src/ZPublisher/tests/testBaseRequest.py
===================================================================
--- Zope/trunk/src/ZPublisher/tests/testBaseRequest.py	2011-02-06 15:01:52 UTC (rev 120142)
+++ Zope/trunk/src/ZPublisher/tests/testBaseRequest.py	2011-02-06 15:03:48 UTC (rev 120143)
@@ -335,6 +335,14 @@
         r = self._makeOne(root)
         self.assertRaises(NotFound, r.traverse, 'folder/objBasic/noview')
 
+    def test_traverse_acquired_attribute_without_docstring(self):
+        from ZPublisher import NotFound
+        root, folder = self._makeRootAndFolder()
+        root._setObject('objBasic',
+                        self._makeObjectWithEmptyDocstring())
+        r = self._makeOne(root)
+        self.assertRaises(NotFound, r.traverse, 'folder/objBasic')
+
     def test_traverse_class_without_docstring(self):
         from ZPublisher import NotFound
         root, folder = self._makeRootAndFolder()

More information about the Zope-Checkins mailing list