Commit ca018bfd authored by Hanno Schlichting's avatar Hanno Schlichting

Provide security declarations for `BTreeFolder2Base` class, instead of only

  for `BTreeFolder2` via the `OFS.Folder` mix-in. LP #902068: Fixed missing security declaration for `ObjectManager` class.
parent d944819b
......@@ -8,6 +8,11 @@ http://docs.zope.org/zope2/releases/.
2.12.21 (unreleased)
--------------------
- Provide security declarations for `BTreeFolder2Base` class, instead of only
for `BTreeFolder2` via the `OFS.Folder` mix-in.
- LP #902068: Fixed missing security declaration for `ObjectManager` class.
- Fixed serious authentication vulnerability in stock configuration.
2.12.20 (2011-10-04)
......
......@@ -805,7 +805,7 @@ class ObjectManager(CopyContainer,
def keys(self):
return self.objectIds()
security.declareProtected(access_contents_information, 'get')
security.declareProtected(access_contents_information, 'items')
def items(self):
return self.objectItems()
......
......@@ -472,11 +472,15 @@ class BTreeFolder2Base (Persistent):
# Aliases for mapping-like access.
__len__ = objectCount
security.declareProtected(access_contents_information, 'keys')
keys = objectIds
security.declareProtected(access_contents_information, 'values')
values = objectValues
security.declareProtected(access_contents_information, 'items')
items = objectItems
# backward compatibility
security.declareProtected(access_contents_information, 'hasObject')
hasObject = has_key
security.declareProtected(access_contents_information, 'get')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment