[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/p Start to distinguish between trusted and untrusted page templates.

Fred L. Drake, Jr. fred at zope.com
Tue Jul 20 17:48:47 EDT 2004 

Log message for revision 26642:
  Start to distinguish between trusted and untrusted page templates.
  
  This is done by using two separate TALES engines for the trusted and
  untrusted templates.  These are provded by two mix-in base classes,
  TrustedAppPT and AppPT.
  
  Page templates loaded from the filesystem (derived from PageTemplateFile)
  are trusted; templates stored in the database are not.
  


Changed:
  U   Zope3/trunk/src/zope/app/pagetemplate/engine.py
  U   Zope3/trunk/src/zope/app/pagetemplate/metaconfigure.py
  U   Zope3/trunk/src/zope/app/pagetemplate/viewpagetemplatefile.py
  U   Zope3/trunk/src/zope/app/publisher/pagetemplateresource.py


-=-
Modified: Zope3/trunk/src/zope/app/pagetemplate/engine.py
===================================================================
--- Zope3/trunk/src/zope/app/pagetemplate/engine.py	2004-07-20 21:08:29 UTC (rev 26641)
+++ Zope3/trunk/src/zope/app/pagetemplate/engine.py	2004-07-20 21:48:46 UTC (rev 26642)
@@ -20,6 +20,7 @@
 import sys
 
 from zope.tales.expressions import PathExpr, StringExpr, NotExpr, DeferExpr
+from zope.tales.expressions import SimpleModuleImporter
 from zope.tales.pythonexpr import PythonExpr
 from zope.tales.tales import ExpressionEngine, Context
 
@@ -57,12 +58,8 @@
         vars = self._bind_used_names(econtext, RestrictedBuiltins)
         return eval(self._code, vars)
 
-class ZopeContext(Context):
+class ZopeContextBase(Context):
 
-    def setContext(self, name, value):
-        # Hook to allow subclasses to do things like adding security proxies
-        Context.setContext(self, name, ProxyFactory(value))
-
     def evaluateText(self, expr):
         text = self.evaluate(expr)
         if text is self.getDefault() or text is None:
@@ -101,7 +98,7 @@
             error = _('No interpreter named "${lang_name}" was found.')
             error.mapping = {'lang_name': lang}
             raise InlineCodeError, error
-                  
+
         globals = self.vars.copy()
         result = interpreter.evaluateRawCode(code, globals)
         # Add possibly new global variables.
@@ -112,6 +109,17 @@
         return result
 
 
+class ZopeContext(ZopeContextBase):
+
+    def setContext(self, name, value):
+        # Hook to allow subclasses to do things like adding security proxies
+        Context.setContext(self, name, ProxyFactory(value))
+
+
+class TrustedZopeContext(ZopeContextBase):
+    pass
+
+
 class AdapterNamespaces(object):
     """Simulate tales function namespaces with adapter lookup.
 
@@ -142,7 +150,7 @@
 
 
     Cleanup:
-    
+
       >>> tearDown()
     """
 
@@ -157,12 +165,14 @@
                     return zapi.getAdapter(object, IPathAdapter, name)
                 except ComponentLookupError:
                     raise KeyError, name
-                
+
             self.namespaces[name] = namespace
         return namespace
 
 class ZopeEngine(ExpressionEngine):
 
+    _create_context = ZopeContext
+
     def __init__(self):
         ExpressionEngine.__init__(self)
         self.namespaces = AdapterNamespaces()
@@ -174,7 +184,7 @@
             else:
                 namespace = __namespace
 
-        context = ZopeContext(self, namespace)
+        context = self._create_context(self, namespace)
 
         # Put request into context so path traversal can find it
         if 'request' in namespace:
@@ -186,16 +196,17 @@
 
         return context
 
+
+class TrustedZopeEngine(ZopeEngine):
+
+    _create_context = TrustedZopeContext
+
+
 def _Engine(engine=None):
     if engine is None:
         engine = ZopeEngine()
-        
-    for pt in ZopePathExpr._default_type_names:
-        engine.registerType(pt, ZopePathExpr)
-    engine.registerType('string', StringExpr)
+    engine = _create_base_engine(engine)
     engine.registerType('python', ZopePythonExpr)
-    engine.registerType('not', NotExpr)
-    engine.registerType('defer', DeferExpr)
 
     # Using a proxy around sys.modules allows page templates to use
     # modules for which security declarations have been made, but
@@ -205,9 +216,34 @@
 
     return engine
 
+def _TrustedEngine(engine=None):
+    if engine is None:
+        engine = TrustedZopeEngine()
+    engine = _create_base_engine(engine)
+    engine.registerType('python', PythonExpr)
+    engine.registerBaseName('modules', SimpleModuleImporter())
+    return engine
+
+def _create_base_engine(engine):
+    for pt in ZopePathExpr._default_type_names:
+        engine.registerType(pt, ZopePathExpr)
+    engine.registerType('string', StringExpr)
+    engine.registerType('not', NotExpr)
+    engine.registerType('defer', DeferExpr)
+    return engine
+
+
 Engine = _Engine()
+TrustedEngine = _TrustedEngine()
 
+
 class AppPT(object):
 
     def pt_getEngine(self):
         return Engine
+
+
+class TrustedAppPT(object):
+
+    def pt_getEngine(self):
+        return TrustedEngine

Modified: Zope3/trunk/src/zope/app/pagetemplate/metaconfigure.py
===================================================================
--- Zope3/trunk/src/zope/app/pagetemplate/metaconfigure.py	2004-07-20 21:08:29 UTC (rev 26641)
+++ Zope3/trunk/src/zope/app/pagetemplate/metaconfigure.py	2004-07-20 21:48:46 UTC (rev 26642)
@@ -17,6 +17,7 @@
 $Id$
 """
 from zope.app.pagetemplate.engine import Engine, _Engine
+from zope.app.pagetemplate.engine import TrustedEngine, _TrustedEngine
 from zope.testing.cleanup import addCleanUp
 from zope.interface import Interface
 from zope.configuration.fields import GlobalObject
@@ -42,13 +43,19 @@
 def expressiontype(_context, name, handler):
     _context.action(
         discriminator = ("tales:expressiontype", name),
-        callable = Engine.registerType,
+        callable = registerType,
         args = (name, handler)
         )
 
+def registerType(name, handler):
+    Engine.registerType(name, handler)
+    TrustedEngine.registerType(name, handler)
 
+
 def clear():
     Engine.__init__()
     _Engine(Engine)
+    TrustedEngine.__init__()
+    _TrustedEngine(TrustedEngine)
 
 addCleanUp(clear)

Modified: Zope3/trunk/src/zope/app/pagetemplate/viewpagetemplatefile.py
===================================================================
--- Zope3/trunk/src/zope/app/pagetemplate/viewpagetemplatefile.py	2004-07-20 21:08:29 UTC (rev 26641)
+++ Zope3/trunk/src/zope/app/pagetemplate/viewpagetemplatefile.py	2004-07-20 21:48:46 UTC (rev 26642)
@@ -17,9 +17,9 @@
 """
 from zope.pagetemplate.pagetemplatefile import PageTemplateFile
 from zope.component import getView
-from zope.app.pagetemplate.engine import AppPT
+from zope.app.pagetemplate.engine import TrustedAppPT
 
-class ViewPageTemplateFile(AppPT, PageTemplateFile):
+class ViewPageTemplateFile(TrustedAppPT, PageTemplateFile):
     """Page Templates used as methods of views defined as Python classes.
     """
 

Modified: Zope3/trunk/src/zope/app/publisher/pagetemplateresource.py
===================================================================
--- Zope3/trunk/src/zope/app/publisher/pagetemplateresource.py	2004-07-20 21:08:29 UTC (rev 26641)
+++ Zope3/trunk/src/zope/app/publisher/pagetemplateresource.py	2004-07-20 21:48:46 UTC (rev 26642)
@@ -17,9 +17,9 @@
 """
 
 from zope.pagetemplate.pagetemplatefile import PageTemplateFile
-from zope.app.pagetemplate.engine import AppPT
+from zope.app.pagetemplate.engine import TrustedAppPT
 
-class PageTemplate(AppPT, PageTemplateFile):
+class PageTemplate(TrustedAppPT, PageTemplateFile):
     """
     Resource that is a page template
     """

More information about the Zope3-Checkins mailing list