[Zope-dev] patch zope-2.4.0 and guarded_getattr (and PageTemplates): is this a bug?
Steve Alexander
steve@cat-box.net
Wed, 18 Jul 2001 08:54:11 +0100
Joseph Wayne Norton wrote:
> Hello.
>
> I'm currently testing the following components together:
>
> - python 2.1.0
> - zope 2.4.0 (CVS version)
> - PageTemplates and TAL 1.3.2 (CVS version)
> - CMF 1.1 (CVS version)
>
> I'm having trouble using the ZPT skins included with CMFDecor and my
> own customs skins. The following patch (below) fixes the troubles I'm
> facing.
>
> Is this patch correct or not?
The alternative to your patch is to make the appropriate NamespaceStack
or TemplateDict kind of class (or whatever fulfils the same purpose in
ZPT) to derive from AccessControl.DTML.RestrictedDTML.
I had to patch ZPatterns in that way to get SkinScript working properly
with Zope 2.4.
From Products/ZPatterns/Expressions.py
Was:
class NamespaceStack(TemplateDict):
def validate(self, inst, parent, name, value, md):
return getSecurityManager().validate(inst, parent, name, value)
Now:
from AccessControl.DTML import RestrictedDTML
class NamespaceStack(TemplateDict, RestrictedDTML):
def validate(self, inst, parent, name, value, md):
return getSecurityManager().validate(inst, parent, name, value)
If you look at the source to RestrictedDTML, you see that it just
contains definitions for guarded_getattr and guarded_getitem.
As to whether your fix fixes a bug or a (mis-)feature, well, I just
don't know. I guess one of the folks who worked on the new Restricted
Python stuff could answer that.
--
Steve Alexander
Software Engineer
Cat-Box limited