Merged 69002 from 2.10 branch:

Correct view traversal security checks

Merged 69002 from 2.10 branch:
Correct view traversal security checks
b61c632c · Florent Guillaume · a8150bfa · b61c632c
Commit b61c632c authored Jul 06, 2006 by Florent Guillaume
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

lib/python/OFS/Traversable.py lib/python/OFS/Traversable.py +4 -0

No files found.
--- a/lib/python/OFS/Traversable.py
+++ b/lib/python/OFS/Traversable.py
@@ -260,6 +260,10 @@ class Traversable:

                    if next is not None:
                        next = next.__of__(obj)
+                        if restricted:
+                            if not securityManager.validate(
+                                obj, obj, name, next):
+                                raise Unauthorized, name
                    elif bobo_traverse is not None:
                        # Attribute lookup should not be done after 
                        # __bobo_traverse__: