[Zope-CMF] Re: Inconstancy with CA traversal

Tres Seaver tseaver at palladion.com
Sat Jun 28 11:22:50 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Laurence Rowe wrote:
> Laurence Rowe wrote:
> 
>> To fix this we need to add a __bobo__traverse__ method to Skinnable that 
>> looks up objects in the order:
>>
>>  1. getattr(aq_base(obj), name), but excluding skin objects
>>
>>  2. views
>>
>>  3. getattr(aq_base(obj), name), including skin objects
>>
>>  4. getattr(obj, name)
> 
> Hmm. It looks as if the __bobo_traverse__ method will require access to 
> the `restricted` argument to unrestrictedTraverse. I can't see any way 
> to access this other than:
> 
>      sys._getframe(1).f_locals['restricted']
> 
> Which is more than a little ugly.

I don't get it:  why isn't OFS.Traversable's check sufficient?
__bobo_traverse__ has a bad enough (insane, actually) contract, without
adding security checking to it.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIZldK+gerLs4ltQ4RAqvWAJ4zkDSAUzHLIfUqPtnCqCM1wTkHowCgwVs4
6zMF1gUxD7qVZ4y/i8dSHy4=
=vy5T
-----END PGP SIGNATURE-----



More information about the Zope-CMF mailing list