no security check on accessing the nodeType attribute during traversal
git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@3439 fd906abe-77d9-0310-91a1-e0d9ade77398
This commit is contained in:
helmutm
parent
5fd90c421d
commit
41a623145f
1 changed files with 3 additions and 2 deletions
|
|
@ -788,8 +788,9 @@ class NodeTraverser(ItemTraverser):
|
||||||
def publishTraverse(self, request, name):
|
def publishTraverse(self, request, name):
|
||||||
viewAnnotations = request.annotations.setdefault('loops.view', {})
|
viewAnnotations = request.annotations.setdefault('loops.view', {})
|
||||||
viewAnnotations['node'] = self.context
|
viewAnnotations['node'] = self.context
|
||||||
if removeSecurityProxy(self.context).nodeType == 'menu':
|
context = removeSecurityProxy(self.context)
|
||||||
setViewConfiguration(self.context, request)
|
if context.nodeType == 'menu':
|
||||||
|
setViewConfiguration(context, request)
|
||||||
if name == '.loops':
|
if name == '.loops':
|
||||||
return self.context.getLoopsRoot()
|
return self.context.getLoopsRoot()
|
||||||
if name.startswith('.target'):
|
if name.startswith('.target'):
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue