Commit 7396bf14 authored by Tres Seaver's avatar Tres Seaver

LP #490514: preserve tainting when calling into DTML from ZPT.

parent 815f006f
...@@ -27,9 +27,12 @@ Features Added ...@@ -27,9 +27,12 @@ Features Added
Bugs Fixed Bugs Fixed
++++++++++ ++++++++++
- LP #490514: preserve tainting when calling into DTML from ZPT.
- Avoid possible errors on test tear-down in Products.Five.fiveconfigure's - Avoid possible errors on test tear-down in Products.Five.fiveconfigure's
cleanUp() function if Products.meta_types has not been set cleanUp() function if Products.meta_types has not been set
Zope 2.12.1 (2009/11/02) Zope 2.12.1 (2009/11/02)
------------------------ ------------------------
......
...@@ -69,6 +69,8 @@ def call_with_ns(f, ns, arg=1): ...@@ -69,6 +69,8 @@ def call_with_ns(f, ns, arg=1):
this = ns.get('context', ns.get('here')) this = ns.get('context', ns.get('here'))
td.this = this td.this = this
request = ns.get('request', {}) request = ns.get('request', {})
if hasattr(request, 'taintWrapper'):
request = request.taintWrapper()
td._push(request) td._push(request)
td._push(InstanceDict(td.this, td)) td._push(InstanceDict(td.this, td))
td._push(ns) td._push(ns)
......
...@@ -40,6 +40,18 @@ class MiscTests(unittest.TestCase): ...@@ -40,6 +40,18 @@ class MiscTests(unittest.TestCase):
result = call_with_ns(_find_request, names) result = call_with_ns(_find_request, names)
self.assertEqual(result, {}) self.assertEqual(result, {})
def test_call_with_request_preserves_tainting(self):
from Products.PageTemplates.ZRPythonExpr import call_with_ns
class Request(dict):
def taintWrapper(self):
return {'tainted': 'found'}
context = ['context']
here = ['here']
names = {'context' : context, 'here': here, 'request' : Request()}
found = call_with_ns(lambda td: td['tainted'], names)
self.assertEqual(found, 'found')
def test_suite(): def test_suite():
return unittest.makeSuite(MiscTests) return unittest.makeSuite(MiscTests)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment