[Zope-Coders] bug in restrictedTraverse

Tue, 24 Sep 2002 17:58:40 -0400

Neal Norwitz reported a bug in PageTemplates.Expressions that he found
with pychecker.

The restrictedTraverse function can fail with a NameError early on,
because it raises "Unauthorized, name" before name is defined.  I
don't know what the value should be, so I can't fix it.

Jeremy

def restrictedTraverse(object, path, securityManager,
                       get=getattr, has=hasattr, N=None, M=[],
                       TupleType=type(()) ):

    if not path[0]:
        # If the path starts with an empty string, go to the root first.
        object = object.getPhysicalRoot()
        if not securityManager.validateValue(object):
            raise Unauthorized, name
        path.pop(0)