Commit 5fd02092 authored by Vincent Pelletier's avatar Vincent Pelletier

Allow importing python's calendar module.

Prevent access to locale-dependent and stdout-writing functions.
parent 292d2221
##############################################################################
#
# Copyright (c) 2013 Nexedi SARL and Contributors. All Rights Reserved.
# Vincent Pelletier <vincent@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
"""
Restricted calendar module.
Disable functions writing to stdout:
- TextCalendar.prweek
- TextCalendar.prmonth
- TextCalendar.pryear
- prcal
- prmonth
Do not provide access to locale-dependent representations, as it's not the
right way to handle l10n in Zope:
- day_name
- day_abbr
- month_name
- month_abbr
- LocaleTextCalendar
- LocaleHTMLCalendar
Provide access to HTMLCalendar, although it's probably not a good idea to use
it.
From restricted python, use "import calendar" (see patches/Restricted.py).
"""
from AccessControl import allow_class as _allow_class
from zExceptions import Unauthorized
import calendar as _calendar
def _disallowed(*args, **kw):
raise Unauthorized
prcal = _disallowed
prmonth = _disallowed
IllegalMonthError = _calendar.IllegalMonthError
IllegalWeekdayError = _calendar.IllegalWeekdayError
calendar = _calendar.calendar
firstweekday = _calendar.firstweekday
isleap = _calendar.isleap
leapdays = _calendar.leapdays
month = _calendar.month
monthcalendar = _calendar.monthcalendar
monthrange = _calendar.monthrange
setfirstweekday = _calendar.setfirstweekday
timegm = _calendar.timegm
weekday = _calendar.weekday
Calendar = _calendar.Calendar
_allow_class(Calendar)
HTMLCalendar = _calendar.HTMLCalendar
_allow_class(HTMLCalendar)
class TextCalendar(_calendar.TextCalendar):
prweek = _disallowed
prmonth = _disallowed
pryear = _disallowed
_allow_class(TextCalendar)
...@@ -189,6 +189,7 @@ ModuleSecurityInfo('os.path').declarePublic( ...@@ -189,6 +189,7 @@ ModuleSecurityInfo('os.path').declarePublic(
# Alias modules - only applied to restricted python. # Alias modules - only applied to restricted python.
MNAME_MAP = { MNAME_MAP = {
'zipfile': 'Products.ERP5Type.ZipFile', 'zipfile': 'Products.ERP5Type.ZipFile',
'calendar': 'Products.ERP5Type.Calendar',
} }
for alias, real in MNAME_MAP.items(): for alias, real in MNAME_MAP.items():
assert '.' not in alias, alias # TODO: support this assert '.' not in alias, alias # TODO: support this
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment