Provide security declarations for `BTreeFolder2Base` class, instead of only

  for `BTreeFolder2` via the `OFS.Folder` mix-in. LP #902068: Fixed missing security declaration for `ObjectManager` class.

doc/CHANGES.rst

@@ -8,6 +8,11 @@ http://docs.zope.org/zope2/releases/.
 2.12.21 (unreleased)
 --------------------
 
+- Provide security declarations for `BTreeFolder2Base` class, instead of only
+  for `BTreeFolder2` via the `OFS.Folder` mix-in.
+
+- LP #902068: Fixed missing security declaration for `ObjectManager` class.
+
 - Fixed serious authentication vulnerability in stock configuration.
 
 2.12.20 (2011-10-04)

src/OFS/ObjectManager.py

@@ -805,7 +805,7 @@ class ObjectManager(CopyContainer,
     def keys(self):
         return self.objectIds()
 
-    security.declareProtected(access_contents_information, 'get')
+    security.declareProtected(access_contents_information, 'items')
     def items(self):
         return self.objectItems()
 

src/Products/BTreeFolder2/BTreeFolder2.py

@@ -472,11 +472,15 @@ class BTreeFolder2Base (Persistent):
 
     # Aliases for mapping-like access.
     __len__ = objectCount
+    security.declareProtected(access_contents_information, 'keys')
     keys = objectIds
+    security.declareProtected(access_contents_information, 'values')
     values = objectValues
+    security.declareProtected(access_contents_information, 'items')
     items = objectItems
 
     # backward compatibility
+    security.declareProtected(access_contents_information, 'hasObject')
     hasObject = has_key
 
     security.declareProtected(access_contents_information, 'get')