Log message for revision 120126: Don't publish acquired attributes if acquired object has no docstring. See https://bugs.launchpad.net/zope2/+bug/713253/
Changed: U Zope/branches/2.11/doc/CHANGES.txt U Zope/branches/2.11/inst/WinBuilders/mk/zope.mk U Zope/branches/2.11/inst/versions.py U Zope/branches/2.11/lib/python/ZPublisher/BaseRequest.py U Zope/branches/2.11/lib/python/ZPublisher/tests/testBaseRequest.py U Zope/branches/2.11/setup.py -=- Modified: Zope/branches/2.11/doc/CHANGES.txt =================================================================== --- Zope/branches/2.11/doc/CHANGES.txt 2011-02-06 13:27:13 UTC (rev 120125) +++ Zope/branches/2.11/doc/CHANGES.txt 2011-02-06 13:27:36 UTC (rev 120126) @@ -4,6 +4,14 @@ Change information for previous versions of Zope can be found in the file HISTORY.txt. + Zope 2.11.8 (2011/02/04) + + Bugs fixed + + - Prevent publication of acquired attributes, where the acquired + object does not have a docstring. + https://bugs.launchpad.net/zope2/+bug/713253/ + Zope 2.11.7 (2010/09/01) Bugs Fixed Modified: Zope/branches/2.11/inst/WinBuilders/mk/zope.mk =================================================================== --- Zope/branches/2.11/inst/WinBuilders/mk/zope.mk 2011-02-06 13:27:13 UTC (rev 120125) +++ Zope/branches/2.11/inst/WinBuilders/mk/zope.mk 2011-02-06 13:27:36 UTC (rev 120126) @@ -1,4 +1,4 @@ -ZOPEVERSION = 2.11.7-final +ZOPEVERSION = 2.11.8-final ZOPEDIRNAME := Zope-$(ZOPEVERSION) ZOPE_REQUIRED_FILES=tmp/$(ZOPEDIRNAME).tgz Modified: Zope/branches/2.11/inst/versions.py =================================================================== --- Zope/branches/2.11/inst/versions.py 2011-02-06 13:27:13 UTC (rev 120125) +++ Zope/branches/2.11/inst/versions.py 2011-02-06 13:27:36 UTC (rev 120126) @@ -1,5 +1,5 @@ ZOPE_MAJOR_VERSION = '2.11' -ZOPE_MINOR_VERSION = '7' +ZOPE_MINOR_VERSION = '8' ZOPE_BRANCH_NAME = '$Name$'[6:] or 'no-branch' # always start prerelease branches with '0' to avoid upgrade Modified: Zope/branches/2.11/lib/python/ZPublisher/BaseRequest.py =================================================================== --- Zope/branches/2.11/lib/python/ZPublisher/BaseRequest.py 2011-02-06 13:27:13 UTC (rev 120125) +++ Zope/branches/2.11/lib/python/ZPublisher/BaseRequest.py 2011-02-06 13:27:36 UTC (rev 120126) @@ -116,23 +116,21 @@ # Again, clear any error status created by __bobo_traverse__ # because we actually found something: request.response.setStatus(200) - return subobject except AttributeError: pass # Lastly we try with key access: - try: - subobject = object[name] - except TypeError: # unsubscriptable - raise KeyError(name) + if subobject is None: + try: + subobject = object[name] + except TypeError: # unsubscriptable + raise KeyError(name) # Ensure that the object has a docstring, or that the parent # object has a pseudo-docstring for the object. Objects that # have an empty or missing docstring are not published. doc = getattr(subobject, '__doc__', None) - if doc is None: - doc = getattr(object, '%s__doc__' % name, None) if not doc: raise Forbidden( "The object at %s has an empty or missing " \ Modified: Zope/branches/2.11/lib/python/ZPublisher/tests/testBaseRequest.py =================================================================== --- Zope/branches/2.11/lib/python/ZPublisher/tests/testBaseRequest.py 2011-02-06 13:27:13 UTC (rev 120125) +++ Zope/branches/2.11/lib/python/ZPublisher/tests/testBaseRequest.py 2011-02-06 13:27:36 UTC (rev 120126) @@ -166,6 +166,13 @@ r = self._makeOne(root) self.assertRaises(NotFound, r.traverse, 'folder/objBasic/noview') + def test_traverse_acquired_attribute_without_docstring(self): + from ZPublisher import NotFound + root, folder = self._makeRootAndFolder() + root._setObject('objBasic', DummyObjectWithoutDocstring()) + r = self._makeOne(root) + self.assertRaises(NotFound, r.traverse, 'folder/objBasic') + def test_traverse_class_without_docstring(self): from ZPublisher import NotFound root, folder = self._makeRootAndFolder() Modified: Zope/branches/2.11/setup.py =================================================================== --- Zope/branches/2.11/setup.py 2011-02-06 13:27:13 UTC (rev 120125) +++ Zope/branches/2.11/setup.py 2011-02-06 13:27:36 UTC (rev 120126) @@ -477,7 +477,7 @@ setup(name='Zope', author='Zope Foundation and Contributors', license='ZPL 2.1', - version="2.11.2", + version="2.11.8", maintainer="Zope Foundation", maintainer_email="zope-...@zope.org", url = "http://www.zope.org/", _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins