do not use pickle only with cookies

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@865 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5Form/SelectionTool.py

@@ -727,14 +727,13 @@ class SelectionTool( UniqueObject, SimpleItem ):
       LOG('selectionHasChanged, return...',0,'False')
       return False
 
-    security.declareProtected(ERP5Permissions.View, 'getPickleAndSignature')
-    def getPickleAndSignature(self,**kw):
+    security.declareProtected(ERP5Permissions.View, 'getPickle')
+    def getPickle(self,**kw):
       """
       we give many keywords and we will get the corresponding
       pickle string and signature
       """
-      LOG('getPickleAndSignature kw',0,kw)
-      cookie_password = self._getCookiePassword()
+      LOG('getPickle kw',0,kw)
       # XXX Remove DateTime, This is really bad, only use for zope 2.6
       # XXX This has to be removed as quickly as possible
       for k,v in kw.items():
@@ -748,10 +747,35 @@ class SelectionTool( UniqueObject, SimpleItem ):
       pickle_string = msg.get_payload()
       pickle_string = pickle_string.replace('\n','@@@')
       LOG('getPickleAndSignature pickle',0,pickle_string)
+      return pickle_string
+
+    security.declareProtected(ERP5Permissions.View, 'getPickleAndSignature')
+    def getPickleAndSignature(self,**kw):
+      """
+      we give many keywords and we will get the corresponding
+      pickle string and signature
+      """
+      pickle_string = self.getPickle(**kw)
+      LOG('getPickleAndSignature pickle',0,pickle_string)
       signature = hmac.new(cookie_password,pickle_string).hexdigest()
       LOG('getPickleAndSignature signature',0,signature)
       return (pickle_string,signature)
 
+    security.declareProtected(ERP5Permissions.View, 'getObjectFromPickle')
+    def getObjectFromPickle(self,pickle_string):
+      """
+      we give a pickle string and a signature
+      """
+      object = None
+      pickle_string = pickle_string.replace('@@@','\n')
+      LOG('getObjectFromPickleAndSignature pickle_string',0,pickle_string)
+      msg = MIMEBase('application','octet-stream')
+      Encoders.encode_base64(msg)
+      msg.set_payload(pickle_string)
+      pickle_string = msg.get_payload(decode=1)
+      object = pickle.loads(pickle_string)
+      return object
+
     security.declareProtected(ERP5Permissions.View, 'getObjectFromPickleAndSignature')
     def getObjectFromPickleAndSignature(self,pickle_string,signature):
       """
@@ -760,17 +784,11 @@ class SelectionTool( UniqueObject, SimpleItem ):
       cookie_password = self._getCookiePassword()
       object = None
       new_signature = hmac.new(cookie_password,pickle_string).hexdigest()
-      pickle_string = pickle_string.replace('@@@','\n')
       LOG('getObjectFromPickleAndSignature pickle_string',0,pickle_string)
       LOG('getObjectFromPickleAndSignature signature',0,signature)
       LOG('getObjectFromPickleAndSignature signature',0,new_signature)
       if new_signature==signature:
-        LOG('getObjectFromPickleAndSignature ',0,'XXX same signature XXX')
-        msg = MIMEBase('application','octet-stream')
-        Encoders.encode_base64(msg)
-        msg.set_payload(pickle_string)
-        pickle_string = msg.get_payload(decode=1)
-        object = pickle.loads(pickle_string)
+        object = self.getObjectFromPickle(pickle_string)
       return object
 
     security.declarePrivate('_getCookiePassword')
@@ -815,4 +833,5 @@ class SelectionTool( UniqueObject, SimpleItem ):
 
 
 
+
 InitializeClass( SelectionTool )