Get rid of fake ModuleSecurity module

ce588282 · Evan Simpson · c89f8ec7 · ce588282 · c89f8ec7 · ce588282
Commit ce588282 authored Dec 05, 2000 by Evan Simpson
3 changed files
--- a/lib/python/Products/PythonScripts/Guarded.py
+++ b/lib/python/Products/PythonScripts/Guarded.py
@@ -83,7 +83,7 @@
 # 
 ##############################################################################

-__version__='$Revision: 1.2 $'[11:-2]
+__version__='$Revision: 1.3 $'[11:-2]

 from zbytecodehacks.VSExec import SafeBlock, GuardedBinaryOps, \
     UntupleFunction, RedirectWrites, WriteGuard, RedirectReads, ReadGuard, \
@@ -92,10 +92,10 @@ from DocumentTemplate.VSEval import careful_mul
 from DocumentTemplate.DT_Util import TemplateDict, \
     careful_pow, d, ValidationError
 from DocumentTemplate.DT_Var import special_formats
-from AccessControl import getSecurityManager, getModuleSecurity
+from AccessControl import getSecurityManager, secureModule

-import standard
-standard.__allow_access_to_unprotected_subobjects__ = 1
+#import standard
+#standard.__allow_access_to_unprotected_subobjects__ = 1

 safefuncs = TemplateDict()
 safebin = {}
@@ -222,7 +222,6 @@ safebin['__import__'] = __careful_import__

 def load_module(module, mname, mnameparts, validate, globals, locals):
    modules = sys.modules
-    modsec = getModuleSecurity()
    while mnameparts:
        nextname = mnameparts.pop(0)
        if mname is None:
@@ -231,13 +230,11 @@ def load_module(module, mname, mnameparts, validate, globals, locals):
            mname = '%s.%s' % (mname, nextname)
        nextmodule = modules.get(mname, None)
        if nextmodule is None:
-            if not modsec.has_key(mname):
+            nextmodule = secureModule(mname, globals, locals)
+            if nextmodule is None:
                return
-            __import__(mname, globals, locals)
-            nextmodule = modules[mname]
-        if not hasattr(nextmodule, 'ZopeSecurity'):
-            nextmodule.ZopeSecurity = zs = modsec[mname]
-            zs.apply(nextmodule)
+        else:
+            secureModule(mname)
        if module and not validate(module, module, nextname, nextmodule):
            return
        module = nextmodule

--- a/lib/python/Products/PythonScripts/ModuleSecurity.py
+++ b/lib/python/Products/PythonScripts/ModuleSecurity.py
-##############################################################################
-# 
-# Zope Public License (ZPL) Version 1.0
-# -------------------------------------
-# 
-# Copyright (c) Digital Creations.  All rights reserved.
-# 
-# This license has been certified as Open Source(tm).
-# 
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-# 
-# 1. Redistributions in source code must retain the above copyright
-#    notice, this list of conditions, and the following disclaimer.
-# 
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions, and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-# 
-# 3. Digital Creations requests that attribution be given to Zope
-#    in any manner possible. Zope includes a "Powered by Zope"
-#    button that is installed by default. While it is not a license
-#    violation to remove this button, it is requested that the
-#    attribution remain. A significant investment has been put
-#    into Zope, and this effort will continue if the Zope community
-#    continues to grow. This is one way to assure that growth.
-# 
-# 4. All advertising materials and documentation mentioning
-#    features derived from or use of this software must display
-#    the following acknowledgement:
-# 
-#      "This product includes software developed by Digital Creations
-#      for use in the Z Object Publishing Environment
-#      (http://www.zope.org/)."
-# 
-#    In the event that the product being advertised includes an
-#    intact Zope distribution (with copyright and license included)
-#    then this clause is waived.
-# 
-# 5. Names associated with Zope or Digital Creations must not be used to
-#    endorse or promote products derived from this software without
-#    prior written permission from Digital Creations.
-# 
-# 6. Modified redistributions of any form whatsoever must retain
-#    the following acknowledgment:
-# 
-#      "This product includes software developed by Digital Creations
-#      for use in the Z Object Publishing Environment
-#      (http://www.zope.org/)."
-# 
-#    Intact (re-)distributions of any official Zope release do not
-#    require an external acknowledgement.
-# 
-# 7. Modifications are encouraged but must be packaged separately as
-#    patches to official Zope releases.  Distributions that do not
-#    clearly separate the patches from the original work must be clearly
-#    labeled as unofficial distributions.  Modifications which do not
-#    carry the name Zope may be packaged in any form, as long as they
-#    conform to all of the clauses above.
-# 
-# 
-# Disclaimer
-# 
-#   THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
-#   EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-#   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-#   PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
-#   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-#   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-#   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-#   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-#   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-#   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-#   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-#   SUCH DAMAGE.
-# 
-# 
-# This software consists of contributions made by Digital Creations and
-# many individuals on behalf of Digital Creations.  Specific
-# attributions are listed in the accompanying credits file.
-# 
-##############################################################################
-
-"""Module Security module
-"""
-
-__version__='$Revision: 1.1 $'[11:-2]
-
-import AccessControl
-
-class ModuleSecurityInfo: #(AccessControl.ClassSecurityInfo):
-    def __init__(self, module_name=None):
-        if module_name is not None:
-            moduleSecurity[module_name] = self
-    def stub(self, *args, **kwargs):
-        pass
-    def __getattr__(self, name):
-        return self.stub
-
-moduleSecurity = {}
-
-def getModuleSecurity():
-    return moduleSecurity
-
-AccessControl.getModuleSecurity = getModuleSecurity
-AccessControl.ModuleSecurityInfo = ModuleSecurityInfo
--- a/lib/python/Products/PythonScripts/standard.py
+++ b/lib/python/Products/PythonScripts/standard.py
@@ -90,16 +90,15 @@ Scripts.  It can be accessed from Python with the statement
 "import Products.PythonScripts.standard"
 """

-__version__='$Revision: 1.1 $'[11:-2]
+__version__='$Revision: 1.2 $'[11:-2]

-from AccessControl import ModuleSecurityInfo
+from AccessControl import ModuleSecurityInfo, getSecurityManager
 security = ModuleSecurityInfo()

 security.public('special_formats')
 from DocumentTemplate.DT_Var import special_formats

 from Globals import HTML
-from AccessControl import getSecurityManager

 security.public('DTML')
 class DTML(HTML):
@@ -119,5 +118,5 @@ class DTML(HTML):
    def validate(self, inst, parent, name, value, md):
        return getSecurityManager().validate(inst, parent, name, value)

-
+security.apply(globals())