Update of /cvs-repository/Packages/RestrictedPython
In directory cvs.zope.org:/tmp/cvs-serv19057/lib/python/RestrictedPython

Modified Files:
      Tag: Zope-2_7-branch
        RestrictionMutator.py 
Log Message:
Hotfix_20050405:  prevent untrusted code from shadowing roles on protected 
methods of base classes.


=== Packages/RestrictedPython/RestrictionMutator.py 1.10.68.3 => 1.10.68.4 ===
--- Packages/RestrictedPython/RestrictionMutator.py:1.10.68.3   Thu Jan  8 
18:33:56 2004
+++ Packages/RestrictedPython/RestrictionMutator.py     Tue Apr  5 17:17:45 2005
@@ -94,6 +94,9 @@
             # Note: "_" *is* allowed.
             self.error(node, '"%s" is an invalid variable name because'
                        ' it starts with "_"' % name)
+        if name.endswith('__roles__'):
+            self.error(node, '"%s" is an invalid variable name because '
+                       'it ends with "__roles__".' % name)
         if name == "printed":
             self.error(node, '"printed" is a reserved name.')
 
@@ -109,6 +112,9 @@
             # Note: "_" *is* allowed.
             self.error(node, '"%s" is an invalid attribute name '
                        'because it starts with "_".' % name)
+        if name.endswith('__roles__'):
+            self.error(node, '"%s" is an invalid attribute name '
+                       'because it ends with "__roles__".' % name)
 
     def prepBody(self, body):
         """Insert code for print at the beginning of the code suite."""

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to