[ZPT] CVS: Releases/Zope/lib/python/Products/PageTemplates - Expressions.py:1.42
Evan Simpson
evan@zope.com
Wed, 25 Sep 2002 18:57:56 -0400
Update of /cvs-repository/Releases/Zope/lib/python/Products/PageTemplates
In directory cvs.zope.org:/tmp/cvs-serv18255/lib/python/Products/PageTemplates
Modified Files:
Expressions.py
Log Message:
Fix Collector #581, with unit test.
Tidy up inconsistency use of getattr/guarded_getattr.
=== Releases/Zope/lib/python/Products/PageTemplates/Expressions.py 1.41 => 1.42 ===
--- Releases/Zope/lib/python/Products/PageTemplates/Expressions.py:1.41 Wed Sep 25 11:50:52 2002
+++ Releases/Zope/lib/python/Products/PageTemplates/Expressions.py Wed Sep 25 18:57:55 2002
@@ -291,13 +291,6 @@
get=getattr, has=hasattr, N=None, M=[],
TupleType=type(()) ):
- if not path[0]:
- # If the path starts with an empty string, go to the root first.
- object = object.getPhysicalRoot()
- if not securityManager.validateValue(object):
- raise Unauthorized
- path.pop(0)
-
REQUEST = {'path': path}
REQUEST['TraversalRequestNameStack'] = path = path[:] # Copy!
path.reverse()
@@ -310,9 +303,14 @@
object = object(*name)
continue
- if name[0] == '_':
- # Never allowed in a URL.
- raise AttributeError, name
+ if not name or name[0] == '_':
+ # Skip directly to item access
+ o = object[name]
+ # Check access to the item.
+ if not validate(object, object, name, o):
+ raise Unauthorized, name
+ object = o
+ continue
if name=='..':
o = get(object, 'aq_parent', M)
@@ -333,8 +331,7 @@
container = aq_parent(aq_inner(o))
elif has(o, 'im_self'):
container = o.im_self
- elif (has(get(object, 'aq_base', object), name)
- and get(object, name) == o):
+ elif (has(aq_base(object), name) and get(object, name) == o):
container = object
if not validate(object, container, name, o):
raise Unauthorized, name
@@ -354,14 +351,14 @@
# Try to re-raise the original attribute error.
# XXX I think this only happens with
# ExtensionClass instances.
- get(object, name)
+ guarded_getattr(object, name)
raise
except TypeError, exc:
if str(exc).find('unsubscriptable') >= 0:
# The object does not support the item interface.
# Try to re-raise the original attribute error.
# XXX This is sooooo ugly.
- get(object, name)
+ guarded_getattr(object, name)
raise
else:
# Check access to the item.