[Zope-dev] patch zope-2.4.0 and guarded_getattr (and PageTemplates): is this a bug?

Steve Alexander steve@cat-box.net
Wed, 18 Jul 2001 08:54:11 +0100


Joseph Wayne Norton wrote:
> Hello.
> 
> I'm currently testing the following components together:
> 
>   - python 2.1.0
>   - zope 2.4.0 (CVS version)
>   - PageTemplates and TAL 1.3.2 (CVS version)
>   - CMF 1.1 (CVS version)
> 
> I'm having trouble using the ZPT skins included with CMFDecor and my
> own customs skins. The following patch (below) fixes the troubles I'm
> facing.
> 
> Is this patch correct or not?

The alternative to your patch is to make the appropriate NamespaceStack 
or TemplateDict kind of class (or whatever fulfils the same purpose in 
ZPT) to derive from AccessControl.DTML.RestrictedDTML.

I had to patch ZPatterns in that way to get SkinScript working properly 
with Zope 2.4.

 From Products/ZPatterns/Expressions.py

Was:
class NamespaceStack(TemplateDict):
     def validate(self, inst, parent, name, value, md):
         return getSecurityManager().validate(inst, parent, name, value)

Now:

from AccessControl.DTML import RestrictedDTML

class NamespaceStack(TemplateDict, RestrictedDTML):
     def validate(self, inst, parent, name, value, md):
         return getSecurityManager().validate(inst, parent, name, value)


If you look at the source to RestrictedDTML, you see that it just 
contains definitions for guarded_getattr and guarded_getitem.


As to whether your fix fixes a bug or a (mis-)feature, well, I just 
don't know. I guess one of the folks who worked on the new Restricted 
Python stuff could answer that.

--
Steve Alexander
Software Engineer
Cat-Box limited