[Zope-CMF] Re: Inconstancy with CA traversal
Tres Seaver
tseaver at palladion.com
Sat Jun 28 11:22:50 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Laurence Rowe wrote:
> Laurence Rowe wrote:
>
>> To fix this we need to add a __bobo__traverse__ method to Skinnable that
>> looks up objects in the order:
>>
>> 1. getattr(aq_base(obj), name), but excluding skin objects
>>
>> 2. views
>>
>> 3. getattr(aq_base(obj), name), including skin objects
>>
>> 4. getattr(obj, name)
>
> Hmm. It looks as if the __bobo_traverse__ method will require access to
> the `restricted` argument to unrestrictedTraverse. I can't see any way
> to access this other than:
>
> sys._getframe(1).f_locals['restricted']
>
> Which is more than a little ugly.
I don't get it: why isn't OFS.Traversable's check sufficient?
__bobo_traverse__ has a bad enough (insane, actually) contract, without
adding security checking to it.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIZldK+gerLs4ltQ4RAqvWAJ4zkDSAUzHLIfUqPtnCqCM1wTkHowCgwVs4
6zMF1gUxD7qVZ4y/i8dSHy4=
=vy5T
-----END PGP SIGNATURE-----
More information about the Zope-CMF
mailing list