[ZPT] CVS: Packages/Products/PageTemplates (Products/DC/PageTemplates) - CHANGES.txt:1.13 ZRPythonExpr.py:1.5
evan@serenade.digicool.com
evan@serenade.digicool.com
Fri, 29 Jun 2001 17:02:20 -0400
Update of /cvs-repository/Packages/Products/PageTemplates
In directory serenade:/home/evan/Zope/2.4/lib/python/Products/PageTemplates
Modified Files:
CHANGES.txt ZRPythonExpr.py
Log Message:
Incorporated changes to security machinery for Zope 2.4
--- Updated File CHANGES.txt in package Packages/Products/PageTemplates --
--- CHANGES.txt 2001/06/21 14:20:49 1.12
+++ CHANGES.txt 2001/06/29 21:02:20 1.13
@@ -15,3 +15,4 @@
Bugs Fixed
- The various *Python modules failed to import CompilerError.
+ - Security machinery changes in Zope 2.4 broke ZRPythonExpr
--- Updated File ZRPythonExpr.py in package Packages/Products/PageTemplates --
--- ZRPythonExpr.py 2001/06/21 14:04:42 1.4
+++ ZRPythonExpr.py 2001/06/29 21:02:20 1.5
@@ -92,6 +92,7 @@
from AccessControl import full_read_guard, full_write_guard, \
safe_builtins, getSecurityManager
+from AccessControl.ZopeGuards import guarded_getattr, guarded_getitem
from RestrictedPython import compile_restricted_eval
from TALES import CompilerError
from string import strip, split, join, replace, lstrip
@@ -101,8 +102,8 @@
class PythonExpr(PythonExpr):
_globals = {'__debug__': __debug__,
'__builtins__': safe_builtins,
- '_read_': full_read_guard,
- '_write_': full_write_guard,}
+ '_getattr_': guarded_getattr,
+ '_getitem_': guarded_getitem,}
def __init__(self, name, expr, engine):
self.expr = expr = replace(strip(expr), '\n', ' ')
code, err, warn, use = compile_restricted_eval(expr, str(self))
@@ -133,7 +134,7 @@
td = TemplateDict()
td.this = None
td._push(ns['request'])
- td._push(InstanceDict(ns['here'], td, full_read_guard))
+ td._push(InstanceDict(ns['here'], td, guarded_getattr))
td._push(ns)
try:
if arg==2: