[Zope-dev] Re: guarded_getattr

Fri, 11 Feb 2005 15:20:04 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stefan H. Holek wrote:

| I'd very much appreciate your opinion on
| http://mail.zope.org/pipermail/zope-dev/2005-January/024237.html
| http://mail.zope.org/pipermail/zope-dev/2005-January/024242.html
|
| Plone is breaking left and right and I gotta do something about it...

Please try applying the attached patch to Zope, and then switch to run
Zope with the Python security policy.  E.g.:

~ $ cd /path/to/software_home
~ $ patch -p0 /tmp/cmf-318-impl-python.patch
~ $ cd /path/to/instance_home
~ $ echo 'security-policy-implementation python' >> zope.conf
~ $ bin/zopectl restart

This patch makes the CMF 1.4 tests pass for me.

Tres.
- --
===============================================================
Tres Seaver                                [EMAIL PROTECTED]
Zope Corporation      "Zope Dealers"       http://www.zope.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCDT5GGqWXf00rNCgRAgLoAJ4tKOIsHJSQvOTmZnWtJIH0W41xBQCeNvB9
6DNd/6hczgu3xrYQtFjHMUY=
=rqsj
-----END PGP SIGNATURE-----

? testinst
Index: lib/python/AccessControl/ImplPython.py
===================================================================
RCS file: /cvs-repository/Packages/AccessControl/Attic/ImplPython.py,v
retrieving revision 1.1.2.4
diff -c -r1.1.2.4 ImplPython.py
*** lib/python/AccessControl/ImplPython.py	7 Aug 2004 17:15:48 -0000	1.1.2.4
--- lib/python/AccessControl/ImplPython.py	11 Feb 2005 23:20:03 -0000
***************
*** 17,22 ****
--- 17,24 ----
  import string
  
  from Acquisition import aq_base
+ from Acquisition import aq_parent
+ from Acquisition import aq_inner
  from ExtensionClass import Base
  from zLOG import LOG, PROBLEM
  
***************
*** 551,556 ****
              return v
  
          validate = SecurityManagement.getSecurityManager().validate
!         if validate(inst, inst, name, v):
              return v
      raise Unauthorized, name
--- 553,564 ----
              return v
  
          validate = SecurityManagement.getSecurityManager().validate
! 
!         # XXX:  Trying to work around CMF #318.
!         container = aq_parent(aq_inner(v))
!         if container is None:
!             container = inst
! 
!         if validate(inst, container, name, v):
              return v
      raise Unauthorized, name

_______________________________________________
Zope-Dev maillist  -  [email protected]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to