Log message for revision 74143: Fix http://dev.plone.org/plone/ticket/5904 by using the property api to determine member selected skin, rather than direct attribute access
Changed: U CMF/branches/1.6/CHANGES.txt U CMF/branches/1.6/CMFCore/SkinsTool.py -=- Modified: CMF/branches/1.6/CHANGES.txt =================================================================== --- CMF/branches/1.6/CHANGES.txt 2007-04-15 05:05:15 UTC (rev 74142) +++ CMF/branches/1.6/CHANGES.txt 2007-04-15 05:06:19 UTC (rev 74143) @@ -2,9 +2,12 @@ Bug Fixes + - Use the property API to get the member specific skin, because + direct attribute access won't work with PAS based membership. + (http://dev.plone.org/plone/ticket/5904) + - Add POST-only protections to security critical methods (see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0240). - [mj, bloodbare, alecm] CMF 1.6.3 (2007/02/02) Modified: CMF/branches/1.6/CMFCore/SkinsTool.py =================================================================== --- CMF/branches/1.6/CMFCore/SkinsTool.py 2007-04-15 05:05:15 UTC (rev 74142) +++ CMF/branches/1.6/CMFCore/SkinsTool.py 2007-04-15 05:06:19 UTC (rev 74143) @@ -306,8 +306,8 @@ mtool = getToolByName(self, 'portal_membership') utool = getToolByName(self, 'portal_url') member = mtool.getAuthenticatedMember() - if hasattr(aq_base(member), 'portal_skin'): - mskin = member.portal_skin + if hasattr(aq_base(member), 'getProperty'): + mskin = member.getProperty('portal_skin', None) if mskin: req = self.REQUEST cookie = req.cookies.get(self.request_varname, None) _______________________________________________ CMF-checkins mailing list [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/cmf-checkins
