[ZPT] Re: Please help: No protection for PageTemplateFile!!
Tue, 29 Jan 2002 12:02:19 -0500
Dirksen Lau wrote:
> I want to shut off anonymous access to my class, but to my surprise,
> instances of PageTemplateFile leak through the security check, even
> the id of which starts with 'manage_'! Here's my class
Thanks for uncovering this. There were some bad security declarations
in both Script.py and PageTemplateFile.py. Here are the diffs:
< ('View', ('__call__','','ZPythonScriptHTML_tryAction')),
< security.declareProtected('View', '__call__')
(in other words, just delete those lines from those files)
These overrode any attempt to set security at the container level.
Evan @ Zope