[Zope-Checkins] CVS: Zope2 - DT_Util.py:1.72.18.8

shane@digicool.com shane@digicool.com
Fri, 27 Apr 2001 11:17:08 -0400 (EDT)


Update of /cvs-repository/Zope2/lib/python/DocumentTemplate
In directory korak:/tmp/cvs-serv19775

Modified Files:
      Tag: RestrictedPythonBranch
	DT_Util.py 
Log Message:
- Added optional limited builtins.
- Made '_vars' available because some DTML (like the proxy roles UI)
actually uses it. (!)



--- Updated File DT_Util.py in package Zope2 --
--- DT_Util.py	2001/04/27 00:45:53	1.72.18.7
+++ DT_Util.py	2001/04/27 15:17:04	1.72.18.8
@@ -90,6 +90,8 @@
 from RestrictedPython.Utilities import utility_builtins
 from RestrictedPython.Eval import RestrictionCapableEval
 
+LIMITED_BUILTINS = 1
+
 str=__builtins__['str'] # Waaaaa, waaaaaaaa needed for pickling waaaaa
 
 ParseError='Document Template Parse Error'
@@ -117,13 +119,22 @@
     def __init__(self, f):
         self.__call__ = f
 
-d=TemplateDict.__dict__
+d = TemplateDict.__dict__
 for name, f in safe_builtins.items() + utility_builtins.items():
     if type(f) is functype:
         d[name] = NotBindable(f)
     else:
         d[name] = f
 
+if LIMITED_BUILTINS:
+    # Replace certain builtins with limited versions.
+    from RestrictedPython.Limits import limited_builtins
+    for name, f in limited_builtins.items():
+        if type(f) is functype:
+            d[name] = NotBindable(f)
+        else:
+            d[name] = f
+
 # The functions below are meant to bind to the TemplateDict.
 
 _marker = []  # Create a new marker object.
@@ -181,11 +192,12 @@
         if guard is not None:
             self.prepRestrictedCode()
             code = self.rcode
-            d = {'_': md, '_read_': guard, '__builtins__': None}
+            d = {'_': md, '_vars': md,
+                 '_read_': guard, '__builtins__': None}
         else:
             self.prepUnrestrictedCode()
             code = self.ucode
-            d = {'_': md}
+            d = {'_': md, '_vars': md}
         d.update(self.globals)
         has_key = d.has_key
         for name in self.used: