Log message for revision 120128:
  Don't publish acquired attributes if acquired object has no docstring.
  
  See https://bugs.launchpad.net/zope2/+bug/713253/
  

Changed:
  U   Zope/branches/2.12/doc/CHANGES.rst
  U   Zope/branches/2.12/setup.py
  U   Zope/branches/2.12/src/ZPublisher/BaseRequest.py
  U   Zope/branches/2.12/src/ZPublisher/tests/testBaseRequest.py

-=-
Modified: Zope/branches/2.12/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.12/doc/CHANGES.rst  2011-02-06 13:28:22 UTC (rev 120127)
+++ Zope/branches/2.12/doc/CHANGES.rst  2011-02-06 13:30:29 UTC (rev 120128)
@@ -5,12 +5,15 @@
 Change information for previous versions of Zope can be found at
 http://docs.zope.org/zope2/releases/.
 
-2.12.15 (unreleased)
+2.12.15 (2011-02-04)
 --------------------
 
 Bugs Fixed
 ++++++++++
 
+- LP #713253: Prevent publication of acquired attributes, where the acquired
+  object does not have a docstring.
+
 - Fix `LazyMap` to avoid unnecessary function calls.
 
 2.12.14 (2010-12-07)

Modified: Zope/branches/2.12/setup.py
===================================================================
--- Zope/branches/2.12/setup.py 2011-02-06 13:28:22 UTC (rev 120127)
+++ Zope/branches/2.12/setup.py 2011-02-06 13:30:29 UTC (rev 120128)
@@ -16,7 +16,7 @@
 from setuptools import setup, find_packages, Extension
 
 setup(name='Zope2',
-    version='2.12.15dev',
+    version='2.12.15',
     url='http://www.zope.org',
     license='ZPL 2.1',
     description='Zope2 application server / web framework',

Modified: Zope/branches/2.12/src/ZPublisher/BaseRequest.py
===================================================================
--- Zope/branches/2.12/src/ZPublisher/BaseRequest.py    2011-02-06 13:28:22 UTC 
(rev 120127)
+++ Zope/branches/2.12/src/ZPublisher/BaseRequest.py    2011-02-06 13:30:29 UTC 
(rev 120128)
@@ -120,23 +120,21 @@
                     # Again, clear any error status created by 
__bobo_traverse__
                     # because we actually found something:
                     request.response.setStatus(200)
-                    return subobject
                 except AttributeError:
                     pass
 
                 # Lastly we try with key access:
-                try:
-                    subobject = object[name]
-                except TypeError: # unsubscriptable
-                    raise KeyError(name)
+                if subobject is None:
+                    try:
+                        subobject = object[name]
+                    except TypeError: # unsubscriptable
+                        raise KeyError(name)
                 
 
         # Ensure that the object has a docstring, or that the parent
         # object has a pseudo-docstring for the object. Objects that
         # have an empty or missing docstring are not published.
         doc = getattr(subobject, '__doc__', None)
-        if doc is None:
-            doc = getattr(object, '%s__doc__' % name, None)
         if not doc:
             raise Forbidden(
                 "The object at %s has an empty or missing " \

Modified: Zope/branches/2.12/src/ZPublisher/tests/testBaseRequest.py
===================================================================
--- Zope/branches/2.12/src/ZPublisher/tests/testBaseRequest.py  2011-02-06 
13:28:22 UTC (rev 120127)
+++ Zope/branches/2.12/src/ZPublisher/tests/testBaseRequest.py  2011-02-06 
13:30:29 UTC (rev 120128)
@@ -304,6 +304,14 @@
         r = self._makeOne(root)
         self.assertRaises(NotFound, r.traverse, 'folder/objBasic/noview')
 
+    def test_traverse_acquired_attribute_without_docstring(self):
+        from ZPublisher import NotFound
+        root, folder = self._makeRootAndFolder()
+        root._setObject('objBasic',
+                        self._makeObjectWithEmptyDocstring())
+        r = self._makeOne(root)
+        self.assertRaises(NotFound, r.traverse, 'folder/objBasic')
+
     def test_traverse_class_without_docstring(self):
         from ZPublisher import NotFound
         root, folder = self._makeRootAndFolder()

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
https://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to