Log message for revision 69002: Correct view traversal security checks Changed: U Zope/branches/2.10/lib/python/OFS/Traversable.py
-=- Modified: Zope/branches/2.10/lib/python/OFS/Traversable.py =================================================================== --- Zope/branches/2.10/lib/python/OFS/Traversable.py 2006-07-06 04:15:00 UTC (rev 69001) +++ Zope/branches/2.10/lib/python/OFS/Traversable.py 2006-07-06 13:44:01 UTC (rev 69002) @@ -260,6 +260,10 @@ if next is not None: next = next.__of__(obj) + if restricted: + if not securityManager.validate( + obj, obj, name, next): + raise Unauthorized, name elif bobo_traverse is not None: # Attribute lookup should not be done after # __bobo_traverse__: _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins