[Zope-Checkins] SVN: Zope/branches/2.12/ Provide security declarations for `BTreeFolder2Base` class, instead of only

Hanno Schlichting hannosch at hannosch.eu
Mon Dec 12 12:44:48 UTC 2011


Log message for revision 123739:
  Provide security declarations for `BTreeFolder2Base` class, instead of only
    for `BTreeFolder2` via the `OFS.Folder` mix-in. LP #902068: Fixed missing security declaration for `ObjectManager` class.
  

Changed:
  U   Zope/branches/2.12/doc/CHANGES.rst
  U   Zope/branches/2.12/src/OFS/ObjectManager.py
  U   Zope/branches/2.12/src/Products/BTreeFolder2/BTreeFolder2.py

-=-
Modified: Zope/branches/2.12/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.12/doc/CHANGES.rst	2011-12-12 12:17:15 UTC (rev 123738)
+++ Zope/branches/2.12/doc/CHANGES.rst	2011-12-12 12:44:47 UTC (rev 123739)
@@ -8,6 +8,11 @@
 2.12.21 (unreleased)
 --------------------
 
+- Provide security declarations for `BTreeFolder2Base` class, instead of only
+  for `BTreeFolder2` via the `OFS.Folder` mix-in.
+
+- LP #902068: Fixed missing security declaration for `ObjectManager` class.
+
 - Fixed serious authentication vulnerability in stock configuration.
 
 2.12.20 (2011-10-04)

Modified: Zope/branches/2.12/src/OFS/ObjectManager.py
===================================================================
--- Zope/branches/2.12/src/OFS/ObjectManager.py	2011-12-12 12:17:15 UTC (rev 123738)
+++ Zope/branches/2.12/src/OFS/ObjectManager.py	2011-12-12 12:44:47 UTC (rev 123739)
@@ -805,7 +805,7 @@
     def keys(self):
         return self.objectIds()
 
-    security.declareProtected(access_contents_information, 'get')
+    security.declareProtected(access_contents_information, 'items')
     def items(self):
         return self.objectItems()
 

Modified: Zope/branches/2.12/src/Products/BTreeFolder2/BTreeFolder2.py
===================================================================
--- Zope/branches/2.12/src/Products/BTreeFolder2/BTreeFolder2.py	2011-12-12 12:17:15 UTC (rev 123738)
+++ Zope/branches/2.12/src/Products/BTreeFolder2/BTreeFolder2.py	2011-12-12 12:44:47 UTC (rev 123739)
@@ -472,11 +472,15 @@
 
     # Aliases for mapping-like access.
     __len__ = objectCount
+    security.declareProtected(access_contents_information, 'keys')
     keys = objectIds
+    security.declareProtected(access_contents_information, 'values')
     values = objectValues
+    security.declareProtected(access_contents_information, 'items')
     items = objectItems
 
     # backward compatibility
+    security.declareProtected(access_contents_information, 'hasObject')
     hasObject = has_key
 
     security.declareProtected(access_contents_information, 'get')



More information about the Zope-Checkins mailing list