[Zope-Coders] Re: Confusing code in ObjectManager manage_FTPstat
Jim Fulton
jim at zope.com
Tue Nov 1 10:57:24 EST 2005
Chris McDonough wrote:
>
> On Oct 31, 2005, at 10:26 AM, Jim Fulton wrote:
>
>> Sidnei da Silva wrote:
>>
>>> On Mon, Oct 31, 2005 at 10:05:45AM -0500, Jim Fulton wrote:
>>> | Sidnei da Silva wrote:
>>> | >Found some lovely piece of code deep into the FTP parts of Zope 2
>>> last
>>> | >saturday, one of them is truely ugly. It's listing the contents of
>>> | >the current and parent folders for no apparent reason (or at
>>> least, it
>>> | >didn't make sense either to me or Chris McDonough).
>>> | | There's a comment stating the intent.
>>> Yes, but the original code does the check in a truely obscure way, at
>>> least to me. I've thought of spelling:
>>> # check to see if we are acquiring our objectValues or not
>>> if not (len(REQUEST.PARENTS) > 1 and
>>> self.objectValues() == REQUEST.PARENTS
>>> [1].objectValues()):
>>> As:
>>> if self.objectValues.im_self is not self:
>>
>>
>> That might be better.
>
>
> Is that what an equivalent test? It's difficult to know the intent here.
Suppose we have folders:
f1/
f11/
f12/
f2/
We don't want to allow someone to access paths like:
f1/f11/f1
f1/f11/f2
f2/f1
and so on.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope-Coders
mailing list