Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
6ef81bdb
Commit
6ef81bdb
authored
Mar 27, 2001
by
Evan Simpson
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Change Error handling and turn on path restrictions.
parent
f262f5ca
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
67 additions
and
35 deletions
+67
-35
lib/python/Products/PageTemplates/Expressions.py
lib/python/Products/PageTemplates/Expressions.py
+32
-26
lib/python/Products/PageTemplates/PageTemplate.py
lib/python/Products/PageTemplates/PageTemplate.py
+4
-1
lib/python/Products/PageTemplates/TALES.py
lib/python/Products/PageTemplates/TALES.py
+11
-6
lib/python/Products/PageTemplates/ZopePageTemplate.py
lib/python/Products/PageTemplates/ZopePageTemplate.py
+3
-1
lib/python/Products/PageTemplates/dtml/ptDiagnostic.dtml
lib/python/Products/PageTemplates/dtml/ptDiagnostic.dtml
+16
-0
lib/python/Products/PageTemplates/tests/testExpressions.py
lib/python/Products/PageTemplates/tests/testExpressions.py
+1
-1
No files found.
lib/python/Products/PageTemplates/Expressions.py
View file @
6ef81bdb
...
@@ -89,10 +89,10 @@ Page Template-specific implementation of TALES, with handlers
...
@@ -89,10 +89,10 @@ Page Template-specific implementation of TALES, with handlers
for Python expressions, Python string literals, and paths.
for Python expressions, Python string literals, and paths.
"""
"""
__version__
=
'$Revision: 1.
2
$'
[
11
:
-
2
]
__version__
=
'$Revision: 1.
3
$'
[
11
:
-
2
]
import
re
,
sys
import
re
,
sys
from
TALES
import
Engine
,
TALES
Error
,
_valid_name
,
NAME_RE
from
TALES
import
Engine
,
Compiler
Error
,
_valid_name
,
NAME_RE
from
string
import
strip
,
split
,
join
,
replace
from
string
import
strip
,
split
,
join
,
replace
from
DocumentTemplate.DT_Util
import
TemplateDict
from
DocumentTemplate.DT_Util
import
TemplateDict
...
@@ -121,7 +121,7 @@ class PathExpr:
...
@@ -121,7 +121,7 @@ class PathExpr:
self
.
_path
=
path
=
split
(
expr
,
'/'
)
self
.
_path
=
path
=
split
(
expr
,
'/'
)
self
.
_base
=
base
=
path
.
pop
(
0
)
self
.
_base
=
base
=
path
.
pop
(
0
)
if
not
_valid_name
(
base
):
if
not
_valid_name
(
base
):
raise
TALES
Error
,
'Invalid variable name "%s"'
%
base
raise
Compiler
Error
,
'Invalid variable name "%s"'
%
base
self
.
_dynparts
=
dp
=
[]
self
.
_dynparts
=
dp
=
[]
for
i
in
range
(
len
(
path
)):
for
i
in
range
(
len
(
path
)):
e
=
path
[
i
]
e
=
path
[
i
]
...
@@ -183,16 +183,16 @@ class StringExpr:
...
@@ -183,16 +183,16 @@ class StringExpr:
for
exp
in
split
(
expr
,
'$$'
):
for
exp
in
split
(
expr
,
'$$'
):
if
parts
:
parts
.
append
(
'$'
)
if
parts
:
parts
.
append
(
'$'
)
m
=
_interp
.
search
(
exp
)
m
=
_interp
.
search
(
exp
)
if
m
is
not
None
:
while
m
is
not
None
:
parts
.
append
(
exp
[:
m
.
start
()])
parts
.
append
(
exp
[:
m
.
start
()])
parts
.
append
(
'%s'
)
parts
.
append
(
'%s'
)
vars
.
append
(
PathExpr
(
'path'
,
m
.
group
(
1
)
or
m
.
group
(
2
)))
vars
.
append
(
PathExpr
(
'path'
,
m
.
group
(
1
)
or
m
.
group
(
2
)))
exp
=
exp
[
m
.
end
():]
exp
=
exp
[
m
.
end
():]
m
=
_interp
.
search
(
exp
)
m
=
_interp
.
search
(
exp
)
if
'$'
in
exp
:
if
'$'
in
exp
:
raise
TALESError
,
(
'$ must be doubled or '
raise
CompilerError
,
(
'
followed by a variable name '
'$ must be doubled or
followed by a variable name '
'in string expression "%s"'
%
expr
)
'in string expression "%s"'
%
expr
)
parts
.
append
(
exp
)
parts
.
append
(
exp
)
expr
=
join
(
parts
,
''
)
expr
=
join
(
parts
,
''
)
self
.
_expr
=
expr
self
.
_expr
=
expr
...
@@ -231,8 +231,8 @@ if sys.modules.has_key('Zope'):
...
@@ -231,8 +231,8 @@ if sys.modules.has_key('Zope'):
self
.
expr
=
expr
=
strip
(
expr
)
self
.
expr
=
expr
=
strip
(
expr
)
blk
=
GuardedBlock
(
'def f():
\
n
return %s
\
n
'
%
expr
)
blk
=
GuardedBlock
(
'def f():
\
n
return %s
\
n
'
%
expr
)
if
blk
.
errors
:
if
blk
.
errors
:
raise
TALES
Error
,
(
'Python expression error:
\
n
%s'
%
raise
Compiler
Error
,
(
'Python expression error:
\
n
%s'
%
join
(
blk
.
errors
,
'
\
n
'
)
)
join
(
blk
.
errors
,
'
\
n
'
)
)
guards
=
{
'$guard'
:
theGuard
,
'$write_guard'
:
WriteGuard
,
guards
=
{
'$guard'
:
theGuard
,
'$write_guard'
:
WriteGuard
,
'$read_guard'
:
ReadGuard
,
'__debug__'
:
__debug__
}
'$read_guard'
:
ReadGuard
,
'__debug__'
:
__debug__
}
self
.
_f
=
UntupleFunction
(
blk
.
t
,
guards
,
__builtins__
=
safebin
)
self
.
_f
=
UntupleFunction
(
blk
.
t
,
guards
,
__builtins__
=
safebin
)
...
@@ -263,6 +263,12 @@ if sys.modules.has_key('Zope'):
...
@@ -263,6 +263,12 @@ if sys.modules.has_key('Zope'):
def
__str__
(
self
):
def
__str__
(
self
):
return
'Python expression "%s"'
%
self
.
expr
return
'Python expression "%s"'
%
self
.
expr
else
:
else
:
class
getSecurityManager
:
'''Null security manager'''
def
validate
(
self
,
*
args
,
**
kwargs
):
return
1
validateValue
=
validate
class
PythonExpr
:
class
PythonExpr
:
def
__init__
(
self
,
name
,
expr
):
def
__init__
(
self
,
name
,
expr
):
try
:
try
:
...
@@ -270,8 +276,8 @@ else:
...
@@ -270,8 +276,8 @@ else:
exec
'def f():
\
n
return %s
\
n
'
%
strip
(
expr
)
in
d
exec
'def f():
\
n
return %s
\
n
'
%
strip
(
expr
)
in
d
self
.
_f
=
d
[
'f'
]
self
.
_f
=
d
[
'f'
]
except
:
except
:
raise
TALES
Error
,
(
'Python expression error:
\
n
'
raise
Compiler
Error
,
(
'Python expression error:
\
n
'
'%s: %s'
)
%
sys
.
exc_info
()[:
2
]
'%s: %s'
)
%
sys
.
exc_info
()[:
2
]
self
.
_f_varnames
=
vnames
=
[]
self
.
_f_varnames
=
vnames
=
[]
for
vname
in
self
.
_f
.
func_code
.
co_names
:
for
vname
in
self
.
_f
.
func_code
.
co_names
:
if
vname
[
0
]
not
in
'$_'
:
if
vname
[
0
]
not
in
'$_'
:
...
@@ -310,14 +316,14 @@ def restrictedTraverse(self, path):
...
@@ -310,14 +316,14 @@ def restrictedTraverse(self, path):
REQUEST
=
{
'TraversalRequestNameStack'
:
path
}
REQUEST
=
{
'TraversalRequestNameStack'
:
path
}
path
.
reverse
()
path
.
reverse
()
pop
=
path
.
pop
pop
=
path
.
pop
#
securityManager=getSecurityManager()
securityManager
=
getSecurityManager
()
if
not
path
[
-
1
]:
if
not
path
[
-
1
]:
# If the path starts with an empty string, go to the root first.
# If the path starts with an empty string, go to the root first.
pop
()
pop
()
self
=
self
.
getPhysicalRoot
()
self
=
self
.
getPhysicalRoot
()
#
if not securityManager.validateValue(self):
if
not
securityManager
.
validateValue
(
self
):
#
raise 'Unauthorized', name
raise
'Unauthorized'
,
name
object
=
self
object
=
self
while
path
:
while
path
:
...
@@ -330,8 +336,8 @@ def restrictedTraverse(self, path):
...
@@ -330,8 +336,8 @@ def restrictedTraverse(self, path):
if
name
==
'..'
:
if
name
==
'..'
:
o
=
getattr
(
object
,
'aq_parent'
,
M
)
o
=
getattr
(
object
,
'aq_parent'
,
M
)
if
o
is
not
M
:
if
o
is
not
M
:
#
if not securityManager.validate(object, object, name, o):
if
not
securityManager
.
validate
(
object
,
object
,
name
,
o
):
#
raise 'Unauthorized', name
raise
'Unauthorized'
,
name
object
=
o
object
=
o
continue
continue
...
@@ -341,8 +347,8 @@ def restrictedTraverse(self, path):
...
@@ -341,8 +347,8 @@ def restrictedTraverse(self, path):
# Note we pass no container, because we have no
# Note we pass no container, because we have no
# way of knowing what it is
# way of knowing what it is
#
if not securityManager.validate(object, None, name, o):
if
not
securityManager
.
validate
(
object
,
None
,
name
,
o
):
#
raise 'Unauthorized', name
raise
'Unauthorized'
,
name
else
:
else
:
o
=
get
(
object
,
name
,
M
)
o
=
get
(
object
,
name
,
M
)
...
@@ -350,20 +356,20 @@ def restrictedTraverse(self, path):
...
@@ -350,20 +356,20 @@ def restrictedTraverse(self, path):
# waaaa
# waaaa
if
hasattr
(
get
(
object
,
'aq_base'
,
object
),
name
):
if
hasattr
(
get
(
object
,
'aq_base'
,
object
),
name
):
# value wasn't acquired
# value wasn't acquired
#
if not securityManager.validate(
if
not
securityManager
.
validate
(
#
object, object, name, o):
object
,
object
,
name
,
o
):
#
raise 'Unauthorized', name
raise
'Unauthorized'
,
name
pass
pass
else
:
else
:
#
if not securityManager.validate(
if
not
securityManager
.
validate
(
#
object, None, name, o):
object
,
None
,
name
,
o
):
#
raise 'Unauthorized', name
raise
'Unauthorized'
,
name
pass
pass
else
:
else
:
o
=
object
[
name
]
o
=
object
[
name
]
#
if not securityManager.validate(object, object, None, o):
if
not
securityManager
.
validate
(
object
,
object
,
None
,
o
):
#
raise 'Unauthorized', name
raise
'Unauthorized'
,
name
object
=
o
object
=
o
return
object
return
object
lib/python/Products/PageTemplates/PageTemplate.py
View file @
6ef81bdb
...
@@ -87,7 +87,7 @@
...
@@ -87,7 +87,7 @@
HTML- and XML-based template objects using TAL, TALES, and METAL.
HTML- and XML-based template objects using TAL, TALES, and METAL.
"""
"""
__version__
=
'$Revision: 1.
1
$'
[
11
:
-
2
]
__version__
=
'$Revision: 1.
2
$'
[
11
:
-
2
]
import
os
,
sys
,
traceback
import
os
,
sys
,
traceback
from
TAL.TALParser
import
TALParser
from
TAL.TALParser
import
TALParser
...
@@ -157,6 +157,9 @@ class PageTemplate:
...
@@ -157,6 +157,9 @@ class PageTemplate:
def
__call__
(
self
,
**
kwargs
):
def
__call__
(
self
,
**
kwargs
):
return
self
.
pt_render
(
extra_context
=
{
'options'
:
kwargs
})
return
self
.
pt_render
(
extra_context
=
{
'options'
:
kwargs
})
def
pt_errors
(
self
):
return
self
.
_v_errors
def
pt_diagnostic
(
self
):
def
pt_diagnostic
(
self
):
return
(
'<html><body>
\
n
'
return
(
'<html><body>
\
n
'
'<h4>Page Template Diagnostics</h4>
\
n
'
'<h4>Page Template Diagnostics</h4>
\
n
'
...
...
lib/python/Products/PageTemplates/TALES.py
View file @
6ef81bdb
...
@@ -87,7 +87,7 @@
...
@@ -87,7 +87,7 @@
An implementation of a generic TALES engine
An implementation of a generic TALES engine
"""
"""
__version__
=
'$Revision: 1.
1
$'
[
11
:
-
2
]
__version__
=
'$Revision: 1.
2
$'
[
11
:
-
2
]
import
re
,
sys
import
re
,
sys
from
MultiMapping
import
MultiMapping
from
MultiMapping
import
MultiMapping
...
@@ -97,11 +97,17 @@ _parse_expr = re.compile(r"(%s):(.*)" % NAME_RE).match
...
@@ -97,11 +97,17 @@ _parse_expr = re.compile(r"(%s):(.*)" % NAME_RE).match
_valid_name
=
re
.
compile
(
'%s$'
%
NAME_RE
).
match
_valid_name
=
re
.
compile
(
'%s$'
%
NAME_RE
).
match
class
TALESError
(
Exception
):
class
TALESError
(
Exception
):
'''TALES Error'''
__allow_access_to_unprotected_subobjects__
=
1
def
__init__
(
self
,
expression
,
info
=
(
None
,
None
,
None
)):
self
.
type
,
self
.
value
,
self
.
traceback
=
info
self
.
expression
=
expression
class
RegistrationError
(
TALESError
):
class
RegistrationError
(
Exception
):
'''TALES Type Registration Error'''
'''TALES Type Registration Error'''
class
CompilerError
(
Exception
):
'''TALES Compiler Error'''
class
Iterator
:
class
Iterator
:
'''Simple Iterator class for use in Contexts'''
'''Simple Iterator class for use in Contexts'''
def
__init__
(
self
,
name
,
seq
,
context
):
def
__init__
(
self
,
name
,
seq
,
context
):
...
@@ -168,7 +174,7 @@ class Engine:
...
@@ -168,7 +174,7 @@ class Engine:
try
:
try
:
handler
=
self
.
types
[
type
]
handler
=
self
.
types
[
type
]
except
KeyError
:
except
KeyError
:
raise
TALES
Error
,
(
raise
Compiler
Error
,
(
'Unrecognized expression type "%s".'
%
type
)
'Unrecognized expression type "%s".'
%
type
)
try
:
try
:
return
handler
(
type
,
expr
,
self
)
return
handler
(
type
,
expr
,
self
)
...
@@ -244,8 +250,7 @@ class Context:
...
@@ -244,8 +250,7 @@ class Context:
try
:
try
:
return
expression
(
self
)
return
expression
(
self
)
except
:
except
:
raise
TALESError
,
"%s
\
n
%s"
%
(
expression
,
raise
TALESError
,
(
`expression`
,
sys
.
exc_info
())
"%s:%s"
%
sys
.
exc_info
()[:
2
])
evaluateValue
=
evaluate
evaluateValue
=
evaluate
...
...
lib/python/Products/PageTemplates/ZopePageTemplate.py
View file @
6ef81bdb
...
@@ -87,7 +87,7 @@
...
@@ -87,7 +87,7 @@
Zope object encapsulating a Page Template.
Zope object encapsulating a Page Template.
"""
"""
__version__
=
'$Revision: 1.
2
$'
[
11
:
-
2
]
__version__
=
'$Revision: 1.
3
$'
[
11
:
-
2
]
import
os
,
AccessControl
,
Acquisition
,
sys
import
os
,
AccessControl
,
Acquisition
,
sys
from
Globals
import
DTMLFile
,
MessageDialog
,
package_home
from
Globals
import
DTMLFile
,
MessageDialog
,
package_home
...
@@ -152,6 +152,8 @@ class ZopePageTemplate(PageTemplate, Script, Historical, Cacheable,
...
@@ -152,6 +152,8 @@ class ZopePageTemplate(PageTemplate, Script, Historical, Cacheable,
pt_editForm
=
DTMLFile
(
'dtml/ptEdit'
,
globals
())
pt_editForm
=
DTMLFile
(
'dtml/ptEdit'
,
globals
())
manage
=
manage_main
=
pt_editForm
manage
=
manage_main
=
pt_editForm
pt_diagnostic
=
DTMLFile
(
'dtml/ptDiagnostic'
,
globals
())
security
.
declareProtected
(
'Change Page Templates'
,
security
.
declareProtected
(
'Change Page Templates'
,
'pt_editAction'
,
'pt_setTitle'
,
'pt_edit'
,
'pt_editAction'
,
'pt_setTitle'
,
'pt_edit'
,
'pt_upload'
,
'pt_changePrefs'
)
'pt_upload'
,
'pt_changePrefs'
)
...
...
lib/python/Products/PageTemplates/dtml/ptDiagnostic.dtml
0 → 100644
View file @
6ef81bdb
<dtml-var manage_page_header>
<dtml-var expr="manage_form_title(this(), _,
form_title='Page Template Diagnostics',
)">
<p class="form-help">
This Page Template needs the following changes in order to operate.
</p>
<dtml-in expr="container.pt_errors()">
<p class="form-help>
&dtml-sequence-item;
</p>
</dtml-in>
<dtml-var manage_page_footer>
lib/python/Products/PageTemplates/tests/testExpressions.py
View file @
6ef81bdb
...
@@ -13,7 +13,7 @@ class ExpressionTests(unittest.TestCase):
...
@@ -13,7 +13,7 @@ class ExpressionTests(unittest.TestCase):
e
.
compile
(
'x/y'
)
e
.
compile
(
'x/y'
)
e
.
compile
(
'string:Fred'
)
e
.
compile
(
'string:Fred'
)
e
.
compile
(
'string:A$B'
)
e
.
compile
(
'string:A$B'
)
e
.
compile
(
'string:a
${x/y}b
'
)
e
.
compile
(
'string:a
${x/y} b ${y/z} c
'
)
e
.
compile
(
'python: 2 + 2'
)
e
.
compile
(
'python: 2 + 2'
)
def
test_suite
():
def
test_suite
():
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment