[Zope3-checkins] SVN: Zope3/trunk/src/zope/app/security/_protections.py The code in this module worked for tests but was broken for actual Zope instances. This caused Messages to be security proxied, which can cause surprising and undesirable effects. Fixed with the most obvious hack around the problem, but this is not ideal. There was a discussion earlier on how to fix this the 'right' way; using an artifact of our testing framework to bootstrap a zope instance, as I am doing here, is not acceptable for a release. A revert to the previous (broken for tests, but with a workaround) behavior would be preferable than using _clear.

Gary Poster gary at zope.com
Wed Oct 26 17:31:05 EDT 2005


Log message for revision 39658:
  The code in this module worked for tests but was broken for actual Zope instances.  This caused Messages to be security proxied, which can cause surprising and undesirable effects.  Fixed with the most obvious hack around the problem, but this is not ideal.  There was a discussion earlier on how to fix this the 'right' way; using an artifact of our testing framework to bootstrap a zope instance, as I am doing here, is not acceptable for a release.  A revert to the previous (broken for tests, but with a workaround) behavior would be preferable than using _clear.
  
  

Changed:
  U   Zope3/trunk/src/zope/app/security/_protections.py

-=-
Modified: Zope3/trunk/src/zope/app/security/_protections.py
===================================================================
--- Zope3/trunk/src/zope/app/security/_protections.py	2005-10-26 21:26:52 UTC (rev 39657)
+++ Zope3/trunk/src/zope/app/security/_protections.py	2005-10-26 21:31:04 UTC (rev 39658)
@@ -37,6 +37,9 @@
     zope.security.checker.BasicTypes[MessageID] = NoProxy
     # this, however, is not a security hole, because Messages are immutable.
     zope.security.checker.BasicTypes[Message] = NoProxy
+    zope.security.checker._clear() # XXX The BasicTypes approach requires
+    # _clear be called.  This is not a good idea.  This should be addressed
+    # before release.
 
     # add __parent__ and __name__ to always available names
     import zope.security.checker



More information about the Zope3-Checkins mailing list