Commit 7f8b931d authored by Jérome Perrin's avatar Jérome Perrin

Fix loading pickles

See merge request nexedi/erp5!1706
parents 45de0345 880e6be6
...@@ -43,7 +43,7 @@ import re ...@@ -43,7 +43,7 @@ import re
from lxml import etree from lxml import etree
from lxml.etree import Element from lxml.etree import Element
parser = etree.XMLParser(remove_blank_text=True) parser = etree.XMLParser(remove_blank_text=True)
from xml_marshaller.xml_marshaller import load_tree as unmarshaller from xml_marshaller.xml_marshaller import Unmarshaller
from xupdate_processor import xuproc from xupdate_processor import xuproc
from base64 import standard_b64decode from base64 import standard_b64decode
from zope.interface import implementer from zope.interface import implementer
...@@ -57,6 +57,14 @@ from hashlib import sha1 ...@@ -57,6 +57,14 @@ from hashlib import sha1
from erp5.component.module.SyncMLConstant import XUPDATE_ELEMENT,\ from erp5.component.module.SyncMLConstant import XUPDATE_ELEMENT,\
XUPDATE_INSERT_OR_ADD_LIST, XUPDATE_DEL, XUPDATE_UPDATE, XUPDATE_INSERT_LIST XUPDATE_INSERT_OR_ADD_LIST, XUPDATE_DEL, XUPDATE_UPDATE, XUPDATE_INSERT_LIST
from erp5.component.interface.IConduit import IConduit from erp5.component.interface.IConduit import IConduit
class SafeUnmarshaller(Unmarshaller):
def find_class(self, module, name):
raise ValueError("Refusing to unmarshall {}.{}".format(module, name))
unmarshaller = SafeUnmarshaller().load_tree
# Constant # Constant
HISTORY_TAG = 'workflow_action' HISTORY_TAG = 'workflow_action'
XML_OBJECT_TAG = 'object' XML_OBJECT_TAG = 'object'
......
...@@ -61,7 +61,6 @@ import re ...@@ -61,7 +61,6 @@ import re
from xml.dom.minidom import parse from xml.dom.minidom import parse
from xml.parsers.expat import ExpatError from xml.parsers.expat import ExpatError
import struct import struct
from six.moves import cPickle as pickle
from base64 import b64encode, b64decode from base64 import b64encode, b64decode
from Products.ERP5Type.Message import translateString from Products.ERP5Type.Message import translateString
from zLOG import LOG, INFO, WARNING from zLOG import LOG, INFO, WARNING
...@@ -69,6 +68,7 @@ from base64 import decodestring ...@@ -69,6 +68,7 @@ from base64 import decodestring
import subprocess import subprocess
import time import time
from Products.ERP5Type.Utils import bytes2str from Products.ERP5Type.Utils import bytes2str
import json
WIN = os.name == 'nt' WIN = os.name == 'nt'
...@@ -722,7 +722,8 @@ class TemplateTool (BaseTool): ...@@ -722,7 +722,8 @@ class TemplateTool (BaseTool):
Decode the uid of a business template from a repository. Decode the uid of a business template from a repository.
Return a repository and an id. Return a repository and an id.
""" """
return pickle.loads(b64decode(uid)) repository, id = json.loads(b64decode(uid))
return repository.encode('utf-8'), id.encode('utf-8')
security.declarePublic( 'encodeRepositoryBusinessTemplateUid' ) security.declarePublic( 'encodeRepositoryBusinessTemplateUid' )
def encodeRepositoryBusinessTemplateUid(self, repository, id): def encodeRepositoryBusinessTemplateUid(self, repository, id):
...@@ -730,7 +731,7 @@ class TemplateTool (BaseTool): ...@@ -730,7 +731,7 @@ class TemplateTool (BaseTool):
encode the repository and the id of a business template. encode the repository and the id of a business template.
Return an uid. Return an uid.
""" """
return b64encode(pickle.dumps((repository, id))) return b64encode(json.dumps((repository, id)))
security.declarePublic('compareVersionStrings') security.declarePublic('compareVersionStrings')
def compareVersionStrings(self, version, comparing_string): def compareVersionStrings(self, version, comparing_string):
......
...@@ -88,7 +88,6 @@ from Products.ERP5Type.Accessor.Accessor import Accessor as Method ...@@ -88,7 +88,6 @@ from Products.ERP5Type.Accessor.Accessor import Accessor as Method
from Products.ERP5Type.Message import Message from Products.ERP5Type.Message import Message
from Products.ERP5Type.ConsistencyMessage import ConsistencyMessage from Products.ERP5Type.ConsistencyMessage import ConsistencyMessage
from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod, super_user from Products.ERP5Type.UnrestrictedMethod import UnrestrictedMethod, super_user
from Products.ERP5Type.mixin.json_representable import JSONRepresentableMixin
from Products.ERP5Type.mixin.response_header_generator import ResponseHeaderGenerator from Products.ERP5Type.mixin.response_header_generator import ResponseHeaderGenerator
from zope.interface import classImplementsOnly, implementedBy from zope.interface import classImplementsOnly, implementedBy
...@@ -728,7 +727,6 @@ class Base( ...@@ -728,7 +727,6 @@ class Base(
ActiveObject, ActiveObject,
OFS.History.Historical, OFS.History.Historical,
PropertyTranslatableBuiltInDictMixIn, PropertyTranslatableBuiltInDictMixIn,
JSONRepresentableMixin,
): ):
""" """
This is the base class for all ERP5 Zope objects. This is the base class for all ERP5 Zope objects.
......
...@@ -82,7 +82,6 @@ if 1: # BBB ...@@ -82,7 +82,6 @@ if 1: # BBB
getGlobalTranslationService = GlobalTranslationService getGlobalTranslationService = GlobalTranslationService
from Products.ERP5Type import Globals from Products.ERP5Type import Globals
from six.moves.cPickle import dumps, loads
from string import Template from string import Template
from base64 import b64encode, b64decode from base64 import b64encode, b64decode
...@@ -103,24 +102,6 @@ class Message(Persistent): ...@@ -103,24 +102,6 @@ class Message(Persistent):
default = message default = message
self.default = default self.default = default
security.declarePublic('dump')
def dump(self):
"""
Return a pickle version of the object
"""
return b64encode(dumps(self, 2))
security.declarePublic('load')
def load(self, string):
"""
Get properties from pickle version
"""
o = loads(b64decode(string))
self.message = o.message
self.domain = o.domain
self.mapping = o.mapping
self.default = o.default
def translate(self): def translate(self):
""" """
Return the translated message. If the original is a string object, Return the translated message. If the original is a string object,
......
...@@ -92,22 +92,5 @@ class XMLObject( Folder ): ...@@ -92,22 +92,5 @@ class XMLObject( Folder ):
self._setDescription(value) self._setDescription(value)
self.reindexObject() self.reindexObject()
security.declareProtected( Permissions.ModifyPortalContent, 'XUpdateDocument' )
def XUpdateDocument(self, xupdate):
"""
Update a document by providing an xupdate XML file
"""
pass
security.declareProtected( Permissions.ModifyPortalContent, 'fromXML' )
def fromXML(self, xml):
"""
Replace the content of this object by providing an xml content
"""
from erp5.component.module.ERP5Conduit import ERP5Conduit
conduit = ERP5Conduit()
conduit.addNode(object=self, xml=xml)
InitializeClass(XMLObject) InitializeClass(XMLObject)
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2017 Nexedi SA and Contributors. All Rights Reserved.
# Ayush Tiwari <ayush.tiwari@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from zope.interface import Interface
class IJSONRepresentable(Interface):
"""
An interface for objects that can be converted to JSON
and back to an ERP5 object.
This can be useful if we want to use JSON as much
as possible in ERP5 in the future and ensure
that certain objects (not all) can be converted to JSON
back and forth
"""
def asJSON():
"""
Returns a JSON representation based on
propertysheets and portal properties
"""
def fromJSON():
"""
Updates an object based on a JSON representation
"""
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2017 Nexedi SA and Contributors. All Rights Reserved.
# Ayush Tiwari <ayush.tiwari@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import json
import warnings
try:
import xmltodict
except ImportError:
xmltodict = None
warnings.warn("Please install xmltodict, it is needed by json_representable mixin",
DeprecationWarning)
import zope.interface
from Products.ERP5Type import XMLExportImport
from six import StringIO
from AccessControl import ClassSecurityInfo
from Products.ERP5Type.interfaces.json_representable import IJSONRepresentable
from Products.ERP5Type import Permissions
from Products.ERP5Type.Globals import InitializeClass
@zope.interface.implementer(IJSONRepresentable)
class JSONRepresentableMixin:
"""
An implementation for IJSONRepresentable
"""
# Declarative Security
security = ClassSecurityInfo()
security.declareObjectProtected(Permissions.AccessContentsInformation)
security.declareProtected(Permissions.AccessContentsInformation, 'asJSON')
def asJSON(self):
"""
Generate a JSON representable content for ERP5 object
Currently we use `XMLExportImport` to first convert the object to its XML
respresentation and then use xmltodict to convert it to dict and JSON
format finally
"""
dict_value = self._asDict()
# Convert the XML to json representation
return json.dumps(dict_value)
def _asDict(self):
"""
Gets the dict representation of the object
"""
# Use OFS exportXML to first export to xml
f = StringIO()
XMLExportImport.exportXML(self._p_jar, self._p_oid, f)
# Get the value of exported XML
xml_value = f.getvalue()
return xmltodict.parse(xml_value)
security.declareProtected(Permissions.AccessContentsInformation, 'fromJSON')
def fromJSON(self, val):
"""
Updates an object, based on a JSON representation
"""
dict_value = json.loads(val)
# Convert the dict_value to XML representation
xml_value = xmltodict.unparse(dict_value)
f = StringIO(xml_value)
return XMLExportImport.importXML(self._p_jar, f)
InitializeClass(JSONRepresentableMixin)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment