[ZPT] CVS: Packages/Products/PageTemplates (Products/DC/PageTemplates) - CHANGES.txt:1.13 ZRPythonExpr.py:1.5

evan@serenade.digicool.com evan@serenade.digicool.com
Fri, 29 Jun 2001 17:02:20 -0400


Update of /cvs-repository/Packages/Products/PageTemplates
In directory serenade:/home/evan/Zope/2.4/lib/python/Products/PageTemplates

Modified Files:
	CHANGES.txt ZRPythonExpr.py 
Log Message:
Incorporated changes to security machinery for Zope 2.4



--- Updated File CHANGES.txt in package Packages/Products/PageTemplates --
--- CHANGES.txt	2001/06/21 14:20:49	1.12
+++ CHANGES.txt	2001/06/29 21:02:20	1.13
@@ -15,3 +15,4 @@
       Bugs Fixed
 
         - The various *Python modules failed to import CompilerError.
+        - Security machinery changes in Zope 2.4 broke ZRPythonExpr

--- Updated File ZRPythonExpr.py in package Packages/Products/PageTemplates --
--- ZRPythonExpr.py	2001/06/21 14:04:42	1.4
+++ ZRPythonExpr.py	2001/06/29 21:02:20	1.5
@@ -92,6 +92,7 @@
 
 from AccessControl import full_read_guard, full_write_guard, \
      safe_builtins, getSecurityManager
+from AccessControl.ZopeGuards import guarded_getattr, guarded_getitem
 from RestrictedPython import compile_restricted_eval
 from TALES import CompilerError
 from string import strip, split, join, replace, lstrip
@@ -101,8 +102,8 @@
 class PythonExpr(PythonExpr):
     _globals = {'__debug__': __debug__,
                 '__builtins__': safe_builtins,
-                '_read_': full_read_guard,
-                '_write_': full_write_guard,}
+                '_getattr_': guarded_getattr,
+                '_getitem_': guarded_getitem,}
     def __init__(self, name, expr, engine):
         self.expr = expr = replace(strip(expr), '\n', ' ')
         code, err, warn, use = compile_restricted_eval(expr, str(self))
@@ -133,7 +134,7 @@
     td = TemplateDict()
     td.this = None
     td._push(ns['request'])
-    td._push(InstanceDict(ns['here'], td, full_read_guard))
+    td._push(InstanceDict(ns['here'], td, guarded_getattr))
     td._push(ns)
     try:
         if arg==2: