Log message for revision 120132: Don't publish acquired attributes if acquired object has no docstring. See https://bugs.launchpad.net/zope2/+bug/713253/
Changed: U Zope/branches/2.13/doc/CHANGES.rst U Zope/branches/2.13/setup.py U Zope/branches/2.13/src/ZPublisher/BaseRequest.py U Zope/branches/2.13/src/ZPublisher/tests/testBaseRequest.py -=- Modified: Zope/branches/2.13/doc/CHANGES.rst =================================================================== --- Zope/branches/2.13/doc/CHANGES.rst 2011-02-06 13:38:53 UTC (rev 120131) +++ Zope/branches/2.13/doc/CHANGES.rst 2011-02-06 13:42:22 UTC (rev 120132) @@ -5,7 +5,7 @@ Change information for previous versions of Zope can be found at http://docs.zope.org/zope2/releases/. -2.13.3 (unreleased) +2.13.3 (2011-02-04) ------------------- Features Added @@ -17,6 +17,9 @@ Bugs Fixed ++++++++++ + +- LP #713253: Prevent publication of acquired attributes, where the acquired + object does not have a docstring. 2.13.2 (2011-01-19) Modified: Zope/branches/2.13/setup.py =================================================================== --- Zope/branches/2.13/setup.py 2011-02-06 13:38:53 UTC (rev 120131) +++ Zope/branches/2.13/setup.py 2011-02-06 13:42:22 UTC (rev 120132) @@ -23,7 +23,7 @@ setup(name='Zope2', - version='2.13.3dev', + version='2.13.3', url='http://zope2.zope.org', license='ZPL 2.1', description='Zope2 application server / web framework', Modified: Zope/branches/2.13/src/ZPublisher/BaseRequest.py =================================================================== --- Zope/branches/2.13/src/ZPublisher/BaseRequest.py 2011-02-06 13:38:53 UTC (rev 120131) +++ Zope/branches/2.13/src/ZPublisher/BaseRequest.py 2011-02-06 13:42:22 UTC (rev 120132) @@ -126,15 +126,15 @@ # Again, clear any error status created by __bobo_traverse__ # because we actually found something: request.response.setStatus(200) - return subobject except AttributeError: pass # Lastly we try with key access: - try: - subobject = object[name] - except TypeError: # unsubscriptable - raise KeyError(name) + if subobject is None: + try: + subobject = object[name] + except TypeError: # unsubscriptable + raise KeyError(name) # Ensure that the object has a docstring, or that the parent # object has a pseudo-docstring for the object. Objects that Modified: Zope/branches/2.13/src/ZPublisher/tests/testBaseRequest.py =================================================================== --- Zope/branches/2.13/src/ZPublisher/tests/testBaseRequest.py 2011-02-06 13:38:53 UTC (rev 120131) +++ Zope/branches/2.13/src/ZPublisher/tests/testBaseRequest.py 2011-02-06 13:42:22 UTC (rev 120132) @@ -335,6 +335,14 @@ r = self._makeOne(root) self.assertRaises(NotFound, r.traverse, 'folder/objBasic/noview') + def test_traverse_acquired_attribute_without_docstring(self): + from ZPublisher import NotFound + root, folder = self._makeRootAndFolder() + root._setObject('objBasic', + self._makeObjectWithEmptyDocstring()) + r = self._makeOne(root) + self.assertRaises(NotFound, r.traverse, 'folder/objBasic') + def test_traverse_class_without_docstring(self): from ZPublisher import NotFound root, folder = self._makeRootAndFolder() _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins