Log message for revision 123739: Provide security declarations for `BTreeFolder2Base` class, instead of only for `BTreeFolder2` via the `OFS.Folder` mix-in. LP #902068: Fixed missing security declaration for `ObjectManager` class.
Changed: U Zope/branches/2.12/doc/CHANGES.rst U Zope/branches/2.12/src/OFS/ObjectManager.py U Zope/branches/2.12/src/Products/BTreeFolder2/BTreeFolder2.py -=- Modified: Zope/branches/2.12/doc/CHANGES.rst =================================================================== --- Zope/branches/2.12/doc/CHANGES.rst 2011-12-12 12:17:15 UTC (rev 123738) +++ Zope/branches/2.12/doc/CHANGES.rst 2011-12-12 12:44:47 UTC (rev 123739) @@ -8,6 +8,11 @@ 2.12.21 (unreleased) -------------------- +- Provide security declarations for `BTreeFolder2Base` class, instead of only + for `BTreeFolder2` via the `OFS.Folder` mix-in. + +- LP #902068: Fixed missing security declaration for `ObjectManager` class. + - Fixed serious authentication vulnerability in stock configuration. 2.12.20 (2011-10-04) Modified: Zope/branches/2.12/src/OFS/ObjectManager.py =================================================================== --- Zope/branches/2.12/src/OFS/ObjectManager.py 2011-12-12 12:17:15 UTC (rev 123738) +++ Zope/branches/2.12/src/OFS/ObjectManager.py 2011-12-12 12:44:47 UTC (rev 123739) @@ -805,7 +805,7 @@ def keys(self): return self.objectIds() - security.declareProtected(access_contents_information, 'get') + security.declareProtected(access_contents_information, 'items') def items(self): return self.objectItems() Modified: Zope/branches/2.12/src/Products/BTreeFolder2/BTreeFolder2.py =================================================================== --- Zope/branches/2.12/src/Products/BTreeFolder2/BTreeFolder2.py 2011-12-12 12:17:15 UTC (rev 123738) +++ Zope/branches/2.12/src/Products/BTreeFolder2/BTreeFolder2.py 2011-12-12 12:44:47 UTC (rev 123739) @@ -472,11 +472,15 @@ # Aliases for mapping-like access. __len__ = objectCount + security.declareProtected(access_contents_information, 'keys') keys = objectIds + security.declareProtected(access_contents_information, 'values') values = objectValues + security.declareProtected(access_contents_information, 'items') items = objectItems # backward compatibility + security.declareProtected(access_contents_information, 'hasObject') hasObject = has_key security.declareProtected(access_contents_information, 'get') _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins