Log message for revision 124393:
  Make ObjectManager's ``get`` and ``__getitem__`` return only "items".
  
  No longer return attributes / methods from the class or from acquisition.
  Thanks to Richard Mitchell at Netsight for the report.
  
  

Changed:
  U   Zope/branches/2.12/doc/CHANGES.rst
  U   Zope/branches/2.12/src/OFS/ObjectManager.py
  U   Zope/branches/2.12/src/OFS/tests/testApplication.py
  U   Zope/branches/2.12/src/OFS/tests/testObjectManager.py

-=-
Modified: Zope/branches/2.12/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.12/doc/CHANGES.rst  2012-02-13 22:35:35 UTC (rev 124392)
+++ Zope/branches/2.12/doc/CHANGES.rst  2012-02-14 19:03:27 UTC (rev 124393)
@@ -8,6 +8,10 @@
 2.12.23 (unreleased)
 --------------------
 
+- Ensure that ObjectManager's ``get`` and ``__getitem__`` methods return only
+  "items" (no attributes / methods from the class or from acquisition).
+  Thanks to Richard Mitchell at Netsight for the report.
+
 - Note end-of-life timeline: Zope 2.12.x is now in security-fix-only mode and
   will continue to see security updates until October 2013, the same as Python
   2.6.x does.

Modified: Zope/branches/2.12/src/OFS/ObjectManager.py
===================================================================
--- Zope/branches/2.12/src/OFS/ObjectManager.py 2012-02-13 22:35:35 UTC (rev 
124392)
+++ Zope/branches/2.12/src/OFS/ObjectManager.py 2012-02-14 19:03:27 UTC (rev 
124393)
@@ -24,6 +24,7 @@
 import os
 import re
 import sys
+from types import NoneType
 
 from AccessControl import ClassSecurityInfo
 from AccessControl.Permissions import view_management_screens
@@ -775,12 +776,13 @@
         return self.manage_delObjects(ids=[name])
 
     def __getitem__(self, key):
-        v=self._getOb(key, None)
-        if v is not None: return v
-        if hasattr(self, 'REQUEST'):
-            request=self.REQUEST
+        if key in self:
+            return self._getOb(key, None)
+        request = getattr(self, 'REQUEST', None)
+        if not isinstance(request, (str, NoneType)):
             method=request.get('REQUEST_METHOD', 'GET')
-            if request.maybe_webdav_client and not method in ('GET', 'POST'):
+            if (request.maybe_webdav_client and
+                method not in ('GET', 'POST')):
                 return NullResource(self, key, request).__of__(self)
         raise KeyError, key
 
@@ -801,7 +803,9 @@
 
     security.declareProtected(access_contents_information, 'get')
     def get(self, key, default=None):
-        return self._getOb(key, default)
+        if key in self:
+            return self._getOb(key, default)
+        return default
 
     security.declareProtected(access_contents_information, 'keys')
     def keys(self):

Modified: Zope/branches/2.12/src/OFS/tests/testApplication.py
===================================================================
--- Zope/branches/2.12/src/OFS/tests/testApplication.py 2012-02-13 22:35:35 UTC 
(rev 124392)
+++ Zope/branches/2.12/src/OFS/tests/testApplication.py 2012-02-14 19:03:27 UTC 
(rev 124393)
@@ -57,6 +57,7 @@
     def test___bobo_traverse__attribute_miss_key_hit(self):
         app = self._makeOne()
         app._getOb = lambda x, y: x
+        app._objects = [{'id': 'OTHER', 'meta_type': None}]
         request = {}
         self.assertEqual(app.__bobo_traverse__(request, 'OTHER'), 'OTHER')
 

Modified: Zope/branches/2.12/src/OFS/tests/testObjectManager.py
===================================================================
--- Zope/branches/2.12/src/OFS/tests/testObjectManager.py       2012-02-13 
22:35:35 UTC (rev 124392)
+++ Zope/branches/2.12/src/OFS/tests/testObjectManager.py       2012-02-14 
19:03:27 UTC (rev 124393)
@@ -387,6 +387,22 @@
         om = self._makeOne()
         self.failUnless(om)
 
+    def test___getitem___miss(self):
+        om = self._makeOne()
+        self.assertRaises(KeyError, om.__getitem__, 'nonesuch')
+
+    def test___getitem___miss_w_non_instance_attr(self):
+        om = self._makeOne()
+        self.assertRaises(KeyError, om.__getitem__, 'get')
+
+    def test___getitem___hit(self):
+        om = self._makeOne()
+        si1 = SimpleItem('1')
+        om['1'] = si1
+        got = om['1']
+        self.failUnless(got.aq_self is si1)
+        self.failUnless(got.aq_parent is om)
+
     def test_get_miss_wo_default(self):
         om = self._makeOne()
         self.assertEqual(om.get('nonesuch'), None)
@@ -396,6 +412,10 @@
         obj = object()
         self.failUnless(om.get('nonesuch', obj) is obj)
 
+    def test_get_miss_w_non_instance_attr(self):
+        om = self._makeOne()
+        self.assertEqual(om.get('get'), None)
+
     def test_get_hit(self):
         om = self._makeOne()
         si1 = SimpleItem('1')

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
https://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to