replace Element.__call__() by Element.execute; make PyReader more secure by overwriting __builtins__
git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@2486 fd906abe-77d9-0310-91a1-e0d9ade77398
This commit is contained in:
helmutm
parent
a6a7c56fb0
commit
0c4d6dda15
5 changed files with 10 additions and 9 deletions
2
external/annotation.py
vendored
2
external/annotation.py
vendored
|
|
@ -41,7 +41,7 @@ class AnnotationsElement(Element):
|
||||||
for k, v in kw.items():
|
for k, v in kw.items():
|
||||||
self[k] = v
|
self[k] = v
|
||||||
|
|
||||||
def __call__(self, loader):
|
def execute(self, loader):
|
||||||
obj = self.parent.object
|
obj = self.parent.object
|
||||||
dc = IZopeDublinCore(obj, None)
|
dc = IZopeDublinCore(obj, None)
|
||||||
if dc is not None:
|
if dc is not None:
|
||||||
|
|
|
||||||
2
external/base.py
vendored
2
external/base.py
vendored
|
|
@ -80,7 +80,7 @@ class Loader(Base, SetupManager):
|
||||||
|
|
||||||
def load(self, elements):
|
def load(self, elements):
|
||||||
for element in elements:
|
for element in elements:
|
||||||
element(self)
|
element.execute(self)
|
||||||
if element.subElements is not None:
|
if element.subElements is not None:
|
||||||
self.load(element.subElements)
|
self.load(element.subElements)
|
||||||
|
|
||||||
|
|
|
||||||
12
external/element.py
vendored
12
external/element.py
vendored
|
|
@ -69,7 +69,7 @@ class Element(dict):
|
||||||
self.subElements = []
|
self.subElements = []
|
||||||
self.subElements.append(element)
|
self.subElements.append(element)
|
||||||
|
|
||||||
def __call__(self, loader):
|
def execute(self, loader):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -78,7 +78,7 @@ class ConceptElement(Element):
|
||||||
elementType = 'concept'
|
elementType = 'concept'
|
||||||
posArgs = ('name', 'title', 'type')
|
posArgs = ('name', 'title', 'type')
|
||||||
|
|
||||||
def __call__(self, loader):
|
def execute(self, loader):
|
||||||
type = loader.concepts[self['type']]
|
type = loader.concepts[self['type']]
|
||||||
kw = dict((k, v) for k, v in self.items()
|
kw = dict((k, v) for k, v in self.items()
|
||||||
if k not in self.posArgs)
|
if k not in self.posArgs)
|
||||||
|
|
@ -97,7 +97,7 @@ class TypeElement(ConceptElement):
|
||||||
if not isinstance(ti, basestring):
|
if not isinstance(ti, basestring):
|
||||||
self['typeInterface'] = '.'.join((ti.__module__, ti.__name__))
|
self['typeInterface'] = '.'.join((ti.__module__, ti.__name__))
|
||||||
|
|
||||||
def __call__(self, loader):
|
def execute(self, loader):
|
||||||
kw = dict((k, v) for k, v in self.items()
|
kw = dict((k, v) for k, v in self.items()
|
||||||
if k not in ('name', 'title', 'type', 'typeInterface'))
|
if k not in ('name', 'title', 'type', 'typeInterface'))
|
||||||
ti = self.get('typeInterface')
|
ti = self.get('typeInterface')
|
||||||
|
|
@ -137,7 +137,7 @@ class ResourceElement(Element):
|
||||||
f.write(content)
|
f.write(content)
|
||||||
f.close()
|
f.close()
|
||||||
|
|
||||||
def __call__(self, loader):
|
def execute(self, loader):
|
||||||
type = loader.concepts[self['type']]
|
type = loader.concepts[self['type']]
|
||||||
kw = dict((k, v) for k, v in self.items()
|
kw = dict((k, v) for k, v in self.items()
|
||||||
if k not in self.posArgs)
|
if k not in self.posArgs)
|
||||||
|
|
@ -156,7 +156,7 @@ class ResourceRelationElement(ChildElement):
|
||||||
|
|
||||||
elementType = 'resourceRelation'
|
elementType = 'resourceRelation'
|
||||||
|
|
||||||
def __call__(self, loader):
|
def execute(self, loader):
|
||||||
loader.assignResource(self['first'], self['second'], self['predicate'])
|
loader.assignResource(self['first'], self['second'], self['predicate'])
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -171,7 +171,7 @@ class NodeElement(Element):
|
||||||
for k, v in kw.items():
|
for k, v in kw.items():
|
||||||
self[k] = v
|
self[k] = v
|
||||||
|
|
||||||
def __call__(self, loader):
|
def execute(self, loader):
|
||||||
type = self['type']
|
type = self['type']
|
||||||
cont = traverse(loader.views, self['path'])
|
cont = traverse(loader.views, self['path'])
|
||||||
target = self.pop('target', None)
|
target = self.pop('target', None)
|
||||||
|
|
|
||||||
2
external/interfaces.py
vendored
2
external/interfaces.py
vendored
|
|
@ -51,7 +51,7 @@ class IElement(Interface):
|
||||||
""" Add a sub-element, may be called by the extractor during export.
|
""" Add a sub-element, may be called by the extractor during export.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __call__(loader):
|
def execute(loader):
|
||||||
""" Create the object that is specified by the element in the
|
""" Create the object that is specified by the element in the
|
||||||
context of the loader and return it.
|
context of the loader and return it.
|
||||||
"""
|
"""
|
||||||
|
|
|
||||||
1
external/pyfunc.py
vendored
1
external/pyfunc.py
vendored
|
|
@ -46,6 +46,7 @@ class InputProcessor(dict):
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.elements = []
|
self.elements = []
|
||||||
|
self['__builtins__'] = {} # security!
|
||||||
|
|
||||||
def __getitem__(self, key):
|
def __getitem__(self, key):
|
||||||
def factory(*args, **kw):
|
def factory(*args, **kw):
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue