[Zope-Perl] security
Gisle Aas
gisle@ActiveState.com
24 Jan 2001 12:59:20 -0800
"Chris McDonough" <chrism@digicool.com> writes:
> > > .. but I can't setattr on the perlref instance, so this doesn't work.
> >
> > The issue should be the same if you return a plain Python dict object,
> > or am I missing something.
>
> I believe the security machinery currently gathers __roles__ from things
> that are of Python type InstanceType (of which perlref is one).
This should not be the case. Perl ref objects are a separate type
called 'perl ref':
$ python
Python 1.5.2 (#2, Sep 29 2000, 15:50:24) [GCC egcs-2.91.66 19990314/Linux (egcs- on linux2
Copyright 1991-1995 Stichting Mathematisch Centrum, Amsterdam
>>> import perl
>>> type(perl.get_ref("%"))
<type 'perl ref'>
>>> type(perl.eval("\%INC"))
<type 'perl ref'>
>>> type(perl.eval("Python::dict(%INC)"))
<type 'dictionary'>
Inside ZopeSecurityPolicy's validate I find:
if p is not None:
tp=type(p)
if tp is not IntType:
if tp is DictType:
p=p.get(name, None)
else:
p=p(name, value)
so it seems to special case dicts?
--Gisle