[Checkins] SVN: zope.publisher/trunk/ - BaseRequest.traverse should not call traversal hooks on elements
Sidnei da Silva
sidnei.da.silva at gmail.com
Sun Feb 21 18:53:33 EST 2010
Log message for revision 109239:
- BaseRequest.traverse should not call traversal hooks on elements
previously traversed but wrapped in a security Proxy.
Changed:
U zope.publisher/trunk/CHANGES.txt
U zope.publisher/trunk/src/zope/publisher/base.py
U zope.publisher/trunk/src/zope/publisher/tests/test_http.py
-=-
Modified: zope.publisher/trunk/CHANGES.txt
===================================================================
--- zope.publisher/trunk/CHANGES.txt 2010-02-21 23:27:39 UTC (rev 109238)
+++ zope.publisher/trunk/CHANGES.txt 2010-02-21 23:53:32 UTC (rev 109239)
@@ -1,9 +1,11 @@
CHANGES
=======
-3.12.1 (unreleased)
+3.12.1 (2010-02-21)
-------------------
+- BaseRequest.traverse should not call traversal hooks on elements
+ previously traversed but wrapped in a security Proxy.
3.12.0 (2009-12-31)
-------------------
Modified: zope.publisher/trunk/src/zope/publisher/base.py
===================================================================
--- zope.publisher/trunk/src/zope/publisher/base.py 2010-02-21 23:27:39 UTC (rev 109238)
+++ zope.publisher/trunk/src/zope/publisher/base.py 2010-02-21 23:53:32 UTC (rev 109239)
@@ -23,6 +23,7 @@
from zope.interface import implements, providedBy
from zope.interface.common.mapping import IReadMapping, IEnumerableMapping
from zope.exceptions.exceptionformatter import print_exception
+from zope.security.proxy import removeSecurityProxy
from zope.publisher.interfaces import IPublication, IHeld
from zope.publisher.interfaces import NotFound, DebugError, Unauthorized
@@ -245,7 +246,7 @@
self._last_obj_traversed = obj
- if obj is not prev_object:
+ if removeSecurityProxy(obj) is not removeSecurityProxy(prev_object):
# Invoke hooks (but not more than once).
publication.callTraversalHooks(self, obj)
Modified: zope.publisher/trunk/src/zope/publisher/tests/test_http.py
===================================================================
--- zope.publisher/trunk/src/zope/publisher/tests/test_http.py 2010-02-21 23:27:39 UTC (rev 109238)
+++ zope.publisher/trunk/src/zope/publisher/tests/test_http.py 2010-02-21 23:53:32 UTC (rev 109239)
@@ -28,6 +28,8 @@
from zope.testing import doctest
from zope.i18n.interfaces.locales import ILocale
from zope.interface.verify import verifyObject
+from zope.security.checker import ProxyFactory
+from zope.security.proxy import removeSecurityProxy
from zope.interface import implements
from zope.publisher.interfaces.logginginfo import ILoggingInfo
@@ -596,6 +598,31 @@
self.assertEquals(req._traversed_names, ['item'])
self.assertEquals(req._vh_root, self.app.folder)
+ def test_traverseDuplicateHooks(self):
+ """
+ BaseRequest.traverse should not call traversal hooks on elements
+ previously traversed but wrapped in a security Proxy.
+ """
+ hooks = []
+ class HookPublication(DefaultPublication):
+
+ def callTraversalHooks(self, request, object):
+ hooks.append(object)
+
+ def traverseName(self, request, ob, name, check_auth=1):
+ # Fake the virtual host
+ if name == "vh":
+ return ProxyFactory(ob)
+ return super(HookPublication, self).traverseName(
+ request, removeSecurityProxy(ob), name, check_auth=1)
+
+ publication = HookPublication(self.app)
+ req = self._createRequest()
+ req.setPublication(publication)
+ req.setTraversalStack(req.getTraversalStack() + ["vh"])
+ req.traverse(self.app)
+ self.assertEquals(len(hooks), 3)
+
def testInterface(self):
from zope.publisher.interfaces.http import IHTTPCredentials
from zope.publisher.interfaces.http import IHTTPApplicationRequest
More information about the checkins
mailing list