[ZPT] CVS: Releases/Zope/lib/python/Products/PageTemplates - Expressions.py:1.36.6.8

Evan Simpson evan@zope.com
Wed, 25 Sep 2002 19:20:10 -0400 

Update of /cvs-repository/Releases/Zope/lib/python/Products/PageTemplates
In directory cvs.zope.org:/tmp/cvs-serv20638/lib/python/Products/PageTemplates

Modified Files:
      Tag: Zope-2_6-branch
	Expressions.py 
Log Message:
Merge TALES Expression fixes from trunk.


=== Releases/Zope/lib/python/Products/PageTemplates/Expressions.py 1.36.6.7 => 1.36.6.8 ===
--- Releases/Zope/lib/python/Products/PageTemplates/Expressions.py:1.36.6.7	Wed Sep 25 11:57:54 2002
+++ Releases/Zope/lib/python/Products/PageTemplates/Expressions.py	Wed Sep 25 19:20:09 2002
@@ -291,13 +291,6 @@
                        get=getattr, has=hasattr, N=None, M=[],
                        TupleType=type(()) ):
 
-    if not path[0]:
-        # If the path starts with an empty string, go to the root first.
-        object = object.getPhysicalRoot()
-        if not securityManager.validateValue(object):
-            raise Unauthorized
-        path.pop(0)
-
     REQUEST = {'path': path}
     REQUEST['TraversalRequestNameStack'] = path = path[:] # Copy!
     path.reverse()
@@ -309,12 +302,16 @@
         if isinstance(name, TupleType):
             object = object(*name)
             continue
-            
-        name = str(name)
 
-        if name[0] == '_':
-            # Never allowed in a URL.
-            raise AttributeError, name
+        name = str(name)
+        if not name or name[0] == '_':
+            # Skip directly to item access
+            o = object[name]
+            # Check access to the item.
+            if not validate(object, object, name, o):
+                raise Unauthorized, name
+            object = o
+            continue
 
         if name=='..':
             o = get(object, 'aq_parent', M)
@@ -335,8 +332,7 @@
                 container = aq_parent(aq_inner(o))
             elif has(o, 'im_self'):
                 container = o.im_self
-            elif (has(get(object, 'aq_base', object), name)
-                and get(object, name) == o):
+            elif (has(aq_base(object), name) and get(object, name) == o):
                 container = object
             if not validate(object, container, name, o):
                 raise Unauthorized, name
@@ -356,14 +352,14 @@
                         # Try to re-raise the original attribute error.
                         # XXX I think this only happens with
                         # ExtensionClass instances.
-                        get(object, name)
+                        guarded_getattr(object, name)
                     raise
                 except TypeError, exc:
                     if str(exc).find('unsubscriptable') >= 0:
                         # The object does not support the item interface.
                         # Try to re-raise the original attribute error.
                         # XXX This is sooooo ugly.
-                        get(object, name)
+                        guarded_getattr(object, name)
                     raise
                 else:
                     # Check access to the item.