[Zope-Coders] bug in restrictedTraverse

[Shane Hathaway]

Jeremy Hylton wrote:
> Neal Norwitz reported a bug in PageTemplates.Expressions that he found
> with pychecker.
> 
> The restrictedTraverse function can fail with a NameError early on,
> because it raises "Unauthorized, name" before name is defined.  I
> don't know what the value should be, so I can't fix it.
> 
> Jeremy
> 
> def restrictedTraverse(object, path, securityManager,
>                        get=getattr, has=hasattr, N=None, M=[],
>                        TupleType=type(()) ):
> 
>     if not path[0]:
>         # If the path starts with an empty string, go to the root first.
>         object = object.getPhysicalRoot()
>         if not securityManager.validateValue(object):
>             raise Unauthorized, name
>         path.pop(0)

This can just raise Unauthorized with no exception value.  AFAIK, 
however, no one will ever fail this security check, so this bug was 
never spotted.

Shane