Chris McDonough wrote:
On Oct 31, 2005, at 10:26 AM, Jim Fulton wrote:
Sidnei da Silva wrote:
On Mon, Oct 31, 2005 at 10:05:45AM -0500, Jim Fulton wrote:
| Sidnei da Silva wrote:
| >Found some lovely piece of code deep into the FTP parts of Zope 2
last
| >saturday, one of them is truely ugly. It's listing the contents of
| >the current and parent folders for no apparent reason (or at
least, it
| >didn't make sense either to me or Chris McDonough).
| | There's a comment stating the intent.
Yes, but the original code does the check in a truely obscure way, at
least to me. I've thought of spelling:
# check to see if we are acquiring our objectValues or not
if not (len(REQUEST.PARENTS) > 1 and
self.objectValues() == REQUEST.PARENTS
[1].objectValues()):
As:
if self.objectValues.im_self is not self:
That might be better.
Is that what an equivalent test? It's difficult to know the intent here.
Suppose we have folders:
f1/
f11/
f12/
f2/
We don't want to allow someone to access paths like:
f1/f11/f1
f1/f11/f2
f2/f1
and so on.
Jim
--
Jim Fulton mailto:[EMAIL PROTECTED] Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
_______________________________________________
Zope-Coders mailing list
Zope-Coders@zope.org
http://mail.zope.org/mailman/listinfo/zope-coders
