Protect views of ZPT source with 'View Management Screens' permision.

Fixes LP #978980.

doc/CHANGES.rst

@@ -8,6 +8,9 @@ http://docs.zope.org/zope2/releases/.
 2.12.27 (unreleased)
 --------------------
 
+- LP #978980: Protect views of ZPT source with 'View Management Screens'
+  permision.
+
 
 2.12.26 (2012-10-31)
 --------------------

src/Products/PageTemplates/ZopePageTemplate.py

@@ -57,6 +57,8 @@ if os.environ.has_key('ZPT_PREFERRED_ENCODING'):
 
 class Src(Explicit):
     """ I am scary code """
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(view_management_screens)
 
     PUT = document_src = Acquired
     index_html = None
@@ -69,6 +71,8 @@ class Src(Explicit):
         " "
         return self.document_src(REQUEST)
 
+InitializeClass(Src)
+
 class ZopePageTemplate(Script, PageTemplate, Historical, Cacheable,
                        Traversable, PropertyManager):
     "Zope wrapper for Page Template using TAL, TALES, and METAL"