Provide security declarations for `BTreeFolder2Base` class, instead of only

for `BTreeFolder2` via the `OFS.Folder` mix-in. LP #902068: Fixed missing security declaration for `ObjectManager` class.

Provide security declarations for `BTreeFolder2Base` class, instead of only
for `BTreeFolder2` via the `OFS.Folder` mix-in. LP #902068: Fixed missing security declaration for `ObjectManager` class.
ca018bfd · Hanno Schlichting · d944819b · ca018bfd · ca018bfd · ca018bfd
Commit ca018bfd authored Dec 12, 2011 by Hanno Schlichting
Showing with 10 additions and 1 deletion

doc/CHANGES.rst doc/CHANGES.rst +5 -0

src/OFS/ObjectManager.py src/OFS/ObjectManager.py +1 -1

src/Products/BTreeFolder2/BTreeFolder2.py src/Products/BTreeFolder2/BTreeFolder2.py +4 -0

No files found.
--- a/doc/CHANGES.rst
+++ b/doc/CHANGES.rst
@@ -8,6 +8,11 @@ http://docs.zope.org/zope2/releases/.
 2.12.21 (unreleased)
 --------------------
+- Provide security declarations for `BTreeFolder2Base` class, instead of only
+  for `BTreeFolder2` via the `OFS.Folder` mix-in.
+- LP #902068: Fixed missing security declaration for `ObjectManager` class.
 - Fixed serious authentication vulnerability in stock configuration.
 2.12.20 (2011-10-04)

--- a/src/OFS/ObjectManager.py
+++ b/src/OFS/ObjectManager.py
@@ -805,7 +805,7 @@ class ObjectManager(CopyContainer,
    def keys(self):
        return self.objectIds()
-    security.declareProtected(access_contents_information, 'get')
+    security.declareProtected(access_contents_information, 'items')
    def items(self):
        return self.objectItems()

--- a/src/Products/BTreeFolder2/BTreeFolder2.py
+++ b/src/Products/BTreeFolder2/BTreeFolder2.py
@@ -472,11 +472,15 @@ class BTreeFolder2Base (Persistent):
    # Aliases for mapping-like access.
    __len__ = objectCount
+    security.declareProtected(access_contents_information, 'keys')
    keys = objectIds
+    security.declareProtected(access_contents_information, 'values')
    values = objectValues
+    security.declareProtected(access_contents_information, 'items')
    items = objectItems
    # backward compatibility
+    security.declareProtected(access_contents_information, 'hasObject')
    hasObject = has_key
    security.declareProtected(access_contents_information, 'get')