no security check on accessing the nodeType attribute during traversal

git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@3439 fd906abe-77d9-0310-91a1-e0d9ade77398
2009-07-01 13:20:57 +00:00 · 2009-07-01 13:20:57 +00:00 · 41a623145f
commit 41a623145f
parent 5fd90c421d
1 changed files with 3 additions and 2 deletions
--- a/browser/node.py
+++ b/browser/node.py
@ -788,8 +788,9 @@ class NodeTraverser(ItemTraverser):
    def publishTraverse(self, request, name):
        viewAnnotations = request.annotations.setdefault('loops.view', {})
        viewAnnotations['node'] = self.context
-        if removeSecurityProxy(self.context).nodeType == 'menu':
-            setViewConfiguration(self.context, request)
+        context = removeSecurityProxy(self.context)
+        if context.nodeType == 'menu':
+            setViewConfiguration(context, request)
        if name == '.loops':
            return self.context.getLoopsRoot()
        if name.startswith('.target'):