Use sci['object'] instead of sci.object to workaround security problems with...

Use sci['object'] instead of sci.object to workaround security problems with proxy roles in workflow scripts.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@14248 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/preference_workflow/scripts/disableOtherPreferences.xml

@@ -70,7 +70,7 @@
             <key> <string>_body</string> </key>
             <value> <string>from Products.ERP5Type.Message import Message\n
 \n
-pref = sci.object\n
+pref = sci[\'object\']\n
 portal = sci.getPortal()\n
 LOG = lambda msg: pref.log("PreferenceWorkflow.disableOtherPreferences on %s"%pref, msg)\n
 N_ = lambda msg, **kw: Message(\'erp5_ui\', msg, **kw)\n
@@ -141,8 +141,9 @@ for p in portal.portal_preferences.searchFolder(spec=(\'ERP5 Preference\',)) :\n
                             <string>sci</string>
                             <string>Products.ERP5Type.Message</string>
                             <string>Message</string>
-                            <string>_getattr_</string>
+                            <string>_getitem_</string>
                             <string>pref</string>
+                            <string>_getattr_</string>
                             <string>portal</string>
                             <string>LOG</string>
                             <string>N_</string>

product/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Predicate_updateMatrix.xml

@@ -68,7 +68,7 @@
         </item>
         <item>
             <key> <string>_body</string> </key>
-            <value> <string>rule = state_change.object.getParentValue()\n
+            <value> <string>rule = state_change[\'object\'].getParentValue()\n
 \n
 if rule.getPortalType() in (\'Invoice Transaction Rule\', \'Payment Rule\') :\n
   rule.activate(\n
@@ -119,6 +119,7 @@ if rule.getPortalType() in (\'Invoice Transaction Rule\', \'Payment Rule\') :\n
                           <tuple>
                             <string>state_change</string>
                             <string>_getattr_</string>
+                            <string>_getitem_</string>
                             <string>rule</string>
                           </tuple>
                         </value>

product/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Rule_updateMatrix.xml

@@ -68,7 +68,7 @@
         </item>
         <item>
             <key> <string>_body</string> </key>
-            <value> <string>matrix = state_change.object\n
+            <value> <string>matrix = state_change[\'object\']\n
 matrix.activate(\n
     after_path_and_method_id=([matrix.getPath(),],\n
         [\'immediateReindexObject\', \'recursiveImmediateReindexObject\'])\n
@@ -116,8 +116,9 @@ matrix.activate(\n
                         <value>
                           <tuple>
                             <string>state_change</string>
-                            <string>_getattr_</string>
+                            <string>_getitem_</string>
                             <string>matrix</string>
+                            <string>_getattr_</string>
                           </tuple>
                         </value>
                     </item>

product/ERP5/bootstrap/erp5_core/bt/revision

-309
+314
\ No newline at end of file