do not use pickle only with cookies

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@865 20353a03-c40f-0410-a6d1-a30d3c3de9de

do not use pickle only with cookies
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@865 20353a03-c40f-0410-a6d1-a30d3c3de9de
cec1ac58 · Sebastien Robin · e602c577 · cec1ac58
Commit cec1ac58 authored May 11, 2004 by Sebastien Robin
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 11 deletions

product/ERP5Form/SelectionTool.py product/ERP5Form/SelectionTool.py +30 -11

No files found.
--- a/product/ERP5Form/SelectionTool.py
+++ b/product/ERP5Form/SelectionTool.py
@@ -727,14 +727,13 @@ class SelectionTool( UniqueObject, SimpleItem ):
      LOG('selectionHasChanged, return...',0,'False')
      return False

-    security.declareProtected(ERP5Permissions.View, 'getPickleAndSignature')
-    def getPickleAndSignature(self,**kw):
+    security.declareProtected(ERP5Permissions.View, 'getPickle')
+    def getPickle(self,**kw):
      """
      we give many keywords and we will get the corresponding
      pickle string and signature
      """
-      LOG('getPickleAndSignature kw',0,kw)
-      cookie_password = self._getCookiePassword()
+      LOG('getPickle kw',0,kw)
      # XXX Remove DateTime, This is really bad, only use for zope 2.6
      # XXX This has to be removed as quickly as possible
      for k,v in kw.items():
@@ -748,10 +747,35 @@ class SelectionTool( UniqueObject, SimpleItem ):
      pickle_string = msg.get_payload()
      pickle_string = pickle_string.replace('\n','@@@')
      LOG('getPickleAndSignature pickle',0,pickle_string)
+      return pickle_string
+
+    security.declareProtected(ERP5Permissions.View, 'getPickleAndSignature')
+    def getPickleAndSignature(self,**kw):
+      """
+      we give many keywords and we will get the corresponding
+      pickle string and signature
+      """
+      pickle_string = self.getPickle(**kw)
+      LOG('getPickleAndSignature pickle',0,pickle_string)
      signature = hmac.new(cookie_password,pickle_string).hexdigest()
      LOG('getPickleAndSignature signature',0,signature)
      return (pickle_string,signature)

+    security.declareProtected(ERP5Permissions.View, 'getObjectFromPickle')
+    def getObjectFromPickle(self,pickle_string):
+      """
+      we give a pickle string and a signature
+      """
+      object = None
+      pickle_string = pickle_string.replace('@@@','\n')
+      LOG('getObjectFromPickleAndSignature pickle_string',0,pickle_string)
+      msg = MIMEBase('application','octet-stream')
+      Encoders.encode_base64(msg)
+      msg.set_payload(pickle_string)
+      pickle_string = msg.get_payload(decode=1)
+      object = pickle.loads(pickle_string)
+      return object
+
    security.declareProtected(ERP5Permissions.View, 'getObjectFromPickleAndSignature')
    def getObjectFromPickleAndSignature(self,pickle_string,signature):
      """
@@ -760,17 +784,11 @@ class SelectionTool( UniqueObject, SimpleItem ):
      cookie_password = self._getCookiePassword()
      object = None
      new_signature = hmac.new(cookie_password,pickle_string).hexdigest()
-      pickle_string = pickle_string.replace('@@@','\n')
      LOG('getObjectFromPickleAndSignature pickle_string',0,pickle_string)
      LOG('getObjectFromPickleAndSignature signature',0,signature)
      LOG('getObjectFromPickleAndSignature signature',0,new_signature)
      if new_signature==signature:
-        LOG('getObjectFromPickleAndSignature ',0,'XXX same signature XXX')
-        msg = MIMEBase('application','octet-stream')
-        Encoders.encode_base64(msg)
-        msg.set_payload(pickle_string)
-        pickle_string = msg.get_payload(decode=1)
-        object = pickle.loads(pickle_string)
+        object = self.getObjectFromPickle(pickle_string)
      return object

    security.declarePrivate('_getCookiePassword')
@@ -815,4 +833,5 @@ class SelectionTool( UniqueObject, SimpleItem ):



+
 InitializeClass( SelectionTool )