Traversable.py Correct view traversal security checks

Florent Guillaume Thu, 06 Jul 2006 06:44:06 -0700

Log message for revision 69002:
  Correct view traversal security checks

Changed:
  U   Zope/branches/2.10/lib/python/OFS/Traversable.py


-=-
Modified: Zope/branches/2.10/lib/python/OFS/Traversable.py
===================================================================
--- Zope/branches/2.10/lib/python/OFS/Traversable.py    2006-07-06 04:15:00 UTC 
(rev 69001)
+++ Zope/branches/2.10/lib/python/OFS/Traversable.py    2006-07-06 13:44:01 UTC 
(rev 69002)
@@ -260,6 +260,10 @@
 
                     if next is not None:
                         next = next.__of__(obj)
+                        if restricted:
+                            if not securityManager.validate(
+                                obj, obj, name, next):
+                                raise Unauthorized, name
                     elif bobo_traverse is not None:
                         # Attribute lookup should not be done after 
                         # __bobo_traverse__:

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

[Zope-Checkins] SVN: Zope/branches/2.10/lib/python/OFS/Traversable.py Correct view traversal security checks

Reply via email to