cco/loops
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

no security check on accessing the nodeType attribute during traversal

Browse source 
git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@3438 fd906abe-77d9-0310-91a1-e0d9ade77398
This commit is contained in:
helmutm 2009-07-01 13:16:53 +00:00
parent e5a0405e56
commit 5fd90c421d
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
browser/node.py
View file

@ -788,7 +788,7 @@ class NodeTraverser(ItemTraverser):
def publishTraverse(self, request, name): def publishTraverse(self, request, name):
viewAnnotations = request.annotations.setdefault('loops.view', {}) viewAnnotations = request.annotations.setdefault('loops.view', {})
viewAnnotations['node'] = self.context viewAnnotations['node'] = self.context
if self.context.nodeType == 'menu': if removeSecurityProxy(self.context).nodeType == 'menu':
setViewConfiguration(self.context, request) setViewConfiguration(self.context, request)
if name == '.loops': if name == '.loops':
return self.context.getLoopsRoot() return self.context.getLoopsRoot()