Roché Compaan wrote:

I'm unsure about the security check in the patch below - I copied the
way restrictedTraverse does it. I read through validate in the default
security policy but it is one of those methods where all the security
implications doesn't fit in your head all at once.

---   2004-03-23 22:27:23.000000000 +0200
+++    2005-03-03 09:43:48.000000000 +0200
@@ -47,7 +47,11 @@
         (i.e., it was deleted or moved without recataloging), or if the
user is
         not authorized to access an object along the path.
-        return self.aq_parent.restrictedTraverse(self.getPath(), None)
+        obj = self.aq_parent.unrestrictedTraverse(self.getPath(), None)
+        if obj and securityManager.validate(obj, obj, None, None):
+            return obj
+        else:
+            return None

There is a method deep down in Zope somewhere called:


I cannot find the definition on my local Windows install, so I assume it's defined in some c code somewhere.

Unfortunately there is no docs on the web either. Though there must have been at some time, as I would otherwise never have found it.

Hmm... that is odd.


hilsen/regards Max M, Denmark
IT's Mad Science

Zope-Dev maillist -
** No cross posts or HTML encoding! **
(Related lists - )

Reply via email to