[Zope3-checkins] SVN: Zope3/branches/srichter-twisted-integration2/src/zope/app/ftp/__init__.py Remove the security proxy for the file when getting the modification time.

Michael Kerrin michael.kerrin at openapp.biz
Fri Oct 7 09:13:49 EDT 2005


Log message for revision 38879:
  Remove the security proxy for the file when getting the modification time.
  This stops an unauthorized error from being raised when listing directories
  we don't have access to.
  

Changed:
  U   Zope3/branches/srichter-twisted-integration2/src/zope/app/ftp/__init__.py

-=-
Modified: Zope3/branches/srichter-twisted-integration2/src/zope/app/ftp/__init__.py
===================================================================
--- Zope3/branches/srichter-twisted-integration2/src/zope/app/ftp/__init__.py	2005-10-07 13:09:14 UTC (rev 38878)
+++ Zope3/branches/srichter-twisted-integration2/src/zope/app/ftp/__init__.py	2005-10-07 13:13:49 UTC (rev 38879)
@@ -21,6 +21,7 @@
 from zope.interface import implements
 from zope.component import queryAdapter
 from zope.publisher.interfaces.ftp import IFTPPublisher
+from zope.security.proxy import removeSecurityProxy
 
 from zope.app.filerepresentation.interfaces import IReadFile, IWriteFile
 from zope.app.filerepresentation.interfaces import IReadDirectory
@@ -121,7 +122,8 @@
         return self._lsinfo(name, self._dir[name])
 
     def _mtime(self, file):
-        dc = IZopeDublinCore(file, None)
+        ## Getting the modification time is not a big security hole
+        dc = IZopeDublinCore(removeSecurityProxy(file), None)
         if dc is not None:
             return dc.modified
 



More information about the Zope3-Checkins mailing list