diff --git a/product/ERP5Form/SelectionTool.py b/product/ERP5Form/SelectionTool.py index d004923defb9a4582dd7e68fc44717132258351f..fd5245a8d8dc2898b666f928f7c19576f0851424 100755 --- a/product/ERP5Form/SelectionTool.py +++ b/product/ERP5Form/SelectionTool.py @@ -727,14 +727,13 @@ class SelectionTool( UniqueObject, SimpleItem ): LOG('selectionHasChanged, return...',0,'False') return False - security.declareProtected(ERP5Permissions.View, 'getPickleAndSignature') - def getPickleAndSignature(self,**kw): + security.declareProtected(ERP5Permissions.View, 'getPickle') + def getPickle(self,**kw): """ we give many keywords and we will get the corresponding pickle string and signature """ - LOG('getPickleAndSignature kw',0,kw) - cookie_password = self._getCookiePassword() + LOG('getPickle kw',0,kw) # XXX Remove DateTime, This is really bad, only use for zope 2.6 # XXX This has to be removed as quickly as possible for k,v in kw.items(): @@ -748,10 +747,35 @@ class SelectionTool( UniqueObject, SimpleItem ): pickle_string = msg.get_payload() pickle_string = pickle_string.replace('\n','@@@') LOG('getPickleAndSignature pickle',0,pickle_string) + return pickle_string + + security.declareProtected(ERP5Permissions.View, 'getPickleAndSignature') + def getPickleAndSignature(self,**kw): + """ + we give many keywords and we will get the corresponding + pickle string and signature + """ + pickle_string = self.getPickle(**kw) + LOG('getPickleAndSignature pickle',0,pickle_string) signature = hmac.new(cookie_password,pickle_string).hexdigest() LOG('getPickleAndSignature signature',0,signature) return (pickle_string,signature) + security.declareProtected(ERP5Permissions.View, 'getObjectFromPickle') + def getObjectFromPickle(self,pickle_string): + """ + we give a pickle string and a signature + """ + object = None + pickle_string = pickle_string.replace('@@@','\n') + LOG('getObjectFromPickleAndSignature pickle_string',0,pickle_string) + msg = MIMEBase('application','octet-stream') + Encoders.encode_base64(msg) + msg.set_payload(pickle_string) + pickle_string = msg.get_payload(decode=1) + object = pickle.loads(pickle_string) + return object + security.declareProtected(ERP5Permissions.View, 'getObjectFromPickleAndSignature') def getObjectFromPickleAndSignature(self,pickle_string,signature): """ @@ -760,17 +784,11 @@ class SelectionTool( UniqueObject, SimpleItem ): cookie_password = self._getCookiePassword() object = None new_signature = hmac.new(cookie_password,pickle_string).hexdigest() - pickle_string = pickle_string.replace('@@@','\n') LOG('getObjectFromPickleAndSignature pickle_string',0,pickle_string) LOG('getObjectFromPickleAndSignature signature',0,signature) LOG('getObjectFromPickleAndSignature signature',0,new_signature) if new_signature==signature: - LOG('getObjectFromPickleAndSignature ',0,'XXX same signature XXX') - msg = MIMEBase('application','octet-stream') - Encoders.encode_base64(msg) - msg.set_payload(pickle_string) - pickle_string = msg.get_payload(decode=1) - object = pickle.loads(pickle_string) + object = self.getObjectFromPickle(pickle_string) return object security.declarePrivate('_getCookiePassword') @@ -815,4 +833,5 @@ class SelectionTool( UniqueObject, SimpleItem ): + InitializeClass( SelectionTool )