[Zope-Checkins] CVS: Zope/lib/python/Products/PluginIndexes/TopicIndex - FilteredSet.py:1.7

Tres Seaver tseaver at zope.com
Thu Jan 15 18:17:22 EST 2004


Update of /cvs-repository/Zope/lib/python/Products/PluginIndexes/TopicIndex
In directory cvs.zope.org:/tmp/cvs-serv26041/lib/python/Products/PluginIndexes/TopicIndex

Modified Files:
	FilteredSet.py 
Log Message:


  - Don't use bare 'eval' to check filtered set membershp (merge from
    2.6 / 2.7 audit).


=== Zope/lib/python/Products/PluginIndexes/TopicIndex/FilteredSet.py 1.6 => 1.7 ===
--- Zope/lib/python/Products/PluginIndexes/TopicIndex/FilteredSet.py:1.6	Wed Dec 31 16:18:03 2003
+++ Zope/lib/python/Products/PluginIndexes/TopicIndex/FilteredSet.py	Thu Jan 15 18:17:17 2004
@@ -18,6 +18,7 @@
 from Persistence import Persistent
 from Globals import DTMLFile
 from zLOG import WARNING,LOG
+from RestrictedPython.Eval import RestrictionCapableEval
 import sys
 
 
@@ -69,7 +70,7 @@
 
     def index_object(self, documentId, o):
         try:
-            if eval(self.expr): # XXX trusted code!
+            if RestrictionCapableEval(self.expr).eval({'o': o}): 
                 self.ids.insert(documentId)
             else:
                 try:




More information about the Zope-Checkins mailing list