Log message for revision 129552:
  Protect views of ZPT source with 'View Management Screens' permision.
  
  Fixes LP #978980.
  

Changed:
  _U  Zope/branches/2.12/
  U   Zope/branches/2.12/doc/CHANGES.rst
  U   Zope/branches/2.12/src/Products/PageTemplates/ZopePageTemplate.py

-=-
Modified: Zope/branches/2.12/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.12/doc/CHANGES.rst  2013-02-20 23:37:07 UTC (rev 129551)
+++ Zope/branches/2.12/doc/CHANGES.rst  2013-02-20 23:37:08 UTC (rev 129552)
@@ -8,7 +8,10 @@
 2.12.27 (unreleased)
 --------------------
 
+- LP #978980: Protect views of ZPT source with 'View Management Screens'
+  permision.
 
+
 2.12.26 (2012-10-31)
 --------------------
 

Modified: Zope/branches/2.12/src/Products/PageTemplates/ZopePageTemplate.py
===================================================================
--- Zope/branches/2.12/src/Products/PageTemplates/ZopePageTemplate.py   
2013-02-20 23:37:07 UTC (rev 129551)
+++ Zope/branches/2.12/src/Products/PageTemplates/ZopePageTemplate.py   
2013-02-20 23:37:08 UTC (rev 129552)
@@ -57,6 +57,8 @@
 
 class Src(Explicit):
     """ I am scary code """
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(view_management_screens)
 
     PUT = document_src = Acquired
     index_html = None
@@ -69,6 +71,8 @@
         " "
         return self.document_src(REQUEST)
 
+InitializeClass(Src)
+
 class ZopePageTemplate(Script, PageTemplate, Historical, Cacheable,
                        Traversable, PropertyManager):
     "Zope wrapper for Page Template using TAL, TALES, and METAL"

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
https://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to