Log message for revision 120128: Don't publish acquired attributes if acquired object has no docstring. See https://bugs.launchpad.net/zope2/+bug/713253/
Changed: U Zope/branches/2.12/doc/CHANGES.rst U Zope/branches/2.12/setup.py U Zope/branches/2.12/src/ZPublisher/BaseRequest.py U Zope/branches/2.12/src/ZPublisher/tests/testBaseRequest.py -=- Modified: Zope/branches/2.12/doc/CHANGES.rst =================================================================== --- Zope/branches/2.12/doc/CHANGES.rst 2011-02-06 13:28:22 UTC (rev 120127) +++ Zope/branches/2.12/doc/CHANGES.rst 2011-02-06 13:30:29 UTC (rev 120128) @@ -5,12 +5,15 @@ Change information for previous versions of Zope can be found at http://docs.zope.org/zope2/releases/. -2.12.15 (unreleased) +2.12.15 (2011-02-04) -------------------- Bugs Fixed ++++++++++ +- LP #713253: Prevent publication of acquired attributes, where the acquired + object does not have a docstring. + - Fix `LazyMap` to avoid unnecessary function calls. 2.12.14 (2010-12-07) Modified: Zope/branches/2.12/setup.py =================================================================== --- Zope/branches/2.12/setup.py 2011-02-06 13:28:22 UTC (rev 120127) +++ Zope/branches/2.12/setup.py 2011-02-06 13:30:29 UTC (rev 120128) @@ -16,7 +16,7 @@ from setuptools import setup, find_packages, Extension setup(name='Zope2', - version='2.12.15dev', + version='2.12.15', url='http://www.zope.org', license='ZPL 2.1', description='Zope2 application server / web framework', Modified: Zope/branches/2.12/src/ZPublisher/BaseRequest.py =================================================================== --- Zope/branches/2.12/src/ZPublisher/BaseRequest.py 2011-02-06 13:28:22 UTC (rev 120127) +++ Zope/branches/2.12/src/ZPublisher/BaseRequest.py 2011-02-06 13:30:29 UTC (rev 120128) @@ -120,23 +120,21 @@ # Again, clear any error status created by __bobo_traverse__ # because we actually found something: request.response.setStatus(200) - return subobject except AttributeError: pass # Lastly we try with key access: - try: - subobject = object[name] - except TypeError: # unsubscriptable - raise KeyError(name) + if subobject is None: + try: + subobject = object[name] + except TypeError: # unsubscriptable + raise KeyError(name) # Ensure that the object has a docstring, or that the parent # object has a pseudo-docstring for the object. Objects that # have an empty or missing docstring are not published. doc = getattr(subobject, '__doc__', None) - if doc is None: - doc = getattr(object, '%s__doc__' % name, None) if not doc: raise Forbidden( "The object at %s has an empty or missing " \ Modified: Zope/branches/2.12/src/ZPublisher/tests/testBaseRequest.py =================================================================== --- Zope/branches/2.12/src/ZPublisher/tests/testBaseRequest.py 2011-02-06 13:28:22 UTC (rev 120127) +++ Zope/branches/2.12/src/ZPublisher/tests/testBaseRequest.py 2011-02-06 13:30:29 UTC (rev 120128) @@ -304,6 +304,14 @@ r = self._makeOne(root) self.assertRaises(NotFound, r.traverse, 'folder/objBasic/noview') + def test_traverse_acquired_attribute_without_docstring(self): + from ZPublisher import NotFound + root, folder = self._makeRootAndFolder() + root._setObject('objBasic', + self._makeObjectWithEmptyDocstring()) + r = self._makeOne(root) + self.assertRaises(NotFound, r.traverse, 'folder/objBasic') + def test_traverse_class_without_docstring(self): from ZPublisher import NotFound root, folder = self._makeRootAndFolder() _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins
