Log message for revision 69003: Merged 69002 from 2.10 branch: Correct view traversal security checks
Changed: U Zope/trunk/lib/python/OFS/Traversable.py -=- Modified: Zope/trunk/lib/python/OFS/Traversable.py =================================================================== --- Zope/trunk/lib/python/OFS/Traversable.py 2006-07-06 13:44:01 UTC (rev 69002) +++ Zope/trunk/lib/python/OFS/Traversable.py 2006-07-06 13:45:15 UTC (rev 69003) @@ -260,6 +260,10 @@ if next is not None: next = next.__of__(obj) + if restricted: + if not securityManager.validate( + obj, obj, name, next): + raise Unauthorized, name elif bobo_traverse is not None: # Attribute lookup should not be done after # __bobo_traverse__: _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins