Chris McDonough wrote:


On Oct 31, 2005, at 10:26 AM, Jim Fulton wrote:

Sidnei da Silva wrote:

On Mon, Oct 31, 2005 at 10:05:45AM -0500, Jim Fulton wrote:
| Sidnei da Silva wrote:
| >Found some lovely piece of code deep into the FTP parts of Zope 2 last
| >saturday, one of them is truely ugly. It's listing the contents of
| >the current and parent folders for no apparent reason (or at least, it
| >didn't make sense either to me or Chris McDonough).
| | There's a comment stating the intent.
Yes, but the original code does the check in a truely obscure way, at
least to me. I've thought of spelling:
        # check to see if we are acquiring our objectValues or not
        if not (len(REQUEST.PARENTS) > 1 and
self.objectValues() == REQUEST.PARENTS [1].objectValues()):
As:
        if self.objectValues.im_self is not self:


That might be better.


Is that what an equivalent test?  It's difficult to know the intent  here.

Suppose we have folders:

  f1/
     f11/
     f12/
  f2/

We don't want to allow someone to access paths like:

  f1/f11/f1
  f1/f11/f2
  f2/f1

and so on.

Jim

--
Jim Fulton           mailto:[EMAIL PROTECTED]       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org
_______________________________________________
Zope-Coders mailing list
Zope-Coders@zope.org
http://mail.zope.org/mailman/listinfo/zope-coders

Reply via email to