class UntrustedPythonExpr(expressions.PythonExpr): rm = RestrictionMutator() rt = RestrictionTransform() # Make copy of parent expression builtins builtins = expressions.PythonExpr.builtins.copy() # Update builtins with Restricted Python utility builtins builtins.update( dict((name, static(builtin)) for (name, builtin) in utility_builtins.items())) def rewrite(self, node): if node.id == 'repeat': node.id = 'wrapped_repeat' else: node = super(UntrustedPythonExpr, self).rewrite(node) return node def parse(self, string): encoded = string.encode('utf-8') node = ast24_parse(encoded, 'eval').node MutatingWalker.walk(node, self.rm) string = generate_code(node) decoded = string.decode('utf-8') value = super(UntrustedPythonExpr, self).parse(decoded) # Run restricted python transform self.rt.visit(value) return value
class UntrustedPythonExpr(expressions.PythonExpr): restricted_python_transformer = RestrictingNodeTransformer() page_templates_expression_transformer = RestrictionTransform() # Make copy of parent expression builtins builtins = expressions.PythonExpr.builtins.copy() # Update builtins with Restricted Python utility builtins builtins.update({ name: static(builtin) for (name, builtin) in utility_builtins.items() }) def rewrite(self, node): if node.id == 'repeat': node.id = 'wrapped_repeat' else: node = super().rewrite(node) return node def parse(self, string): encoded = string.encode('utf-8') node = parse(encoded, mode='eval') # Run Node Transformation from RestrictedPython: self.restricted_python_transformer.visit(node) # Run PageTemplate.expression RestrictedPython Transform: self.page_templates_expression_transformer.visit(node) return node
class UntrustedPythonExpr(expressions.PythonExpr): restricted_python_transformer = RestrictingNodeTransformer() page_templates_expression_transformer = RestrictionTransform() # Make copy of parent expression builtins builtins = expressions.PythonExpr.builtins.copy() # Update builtins with Restricted Python utility builtins builtins.update( dict((name, static(builtin)) for (name, builtin) in utility_builtins.items())) def parse(self, string): encoded = string.encode('utf-8') node = parse(encoded, mode='eval') # Run Node Transformation from RestrictedPython: self.restricted_python_transformer.visit(node) # Run PageTemplate.expression RestrictedPython Transform: self.page_templates_expression_transformer.visit(node) return node
return v or 0 functype = type(int_param) class NotBindable(object): # Used to prevent TemplateDict from trying to bind to functions. def __init__(self, f): self._func = f def __call__(self, *args, **kw): return self._func(*args, **kw) for name, f in list(safe_builtins.items()) + list(utility_builtins.items()): if type(f) is functype: f = NotBindable(f) setattr(TemplateDict, name, f) if LIMITED_BUILTINS: # Replace certain builtins with limited versions. from RestrictedPython.Limits import limited_builtins for name, f in limited_builtins.items(): if type(f) is functype: f = NotBindable(f) setattr(TemplateDict, name, f) class StringModuleWrapper(object): # Wrap the string module so it can deal with TaintedString strings.
try: import ExtensionClass from cDocumentTemplate import InstanceDict, TemplateDict, \ render_blocks, safe_callable, join_unicode except: from pDocumentTemplate import InstanceDict, TemplateDict, \ render_blocks, safe_callable, join_unicode functype = type(int_param) class NotBindable: # Used to prevent TemplateDict from trying to bind to functions. def __init__(self, f): self.__call__ = f d = TemplateDict.__dict__ for name, f in safe_builtins.items() + utility_builtins.items(): if type(f) is functype: d[name] = NotBindable(f) else: d[name] = f if LIMITED_BUILTINS: # Replace certain builtins with limited versions. from RestrictedPython.Limits import limited_builtins for name, f in limited_builtins.items(): if type(f) is functype: d[name] = NotBindable(f) else: d[name] = f try:
if v: try: v = int(v) except: v = md[v] if isinstance(v, str): v = int(v) return v or 0 functype = type(int_param) class NotBindable: # Used to prevent TemplateDict from trying to bind to functions. def __init__(self, f): self.__call__ = f for name, f in safe_builtins.items() + utility_builtins.items(): if type(f) is functype: f = NotBindable(f) setattr(TemplateDict, name, f) if LIMITED_BUILTINS: # Replace certain builtins with limited versions. from RestrictedPython.Limits import limited_builtins for name, f in limited_builtins.items(): if type(f) is functype: f = NotBindable(f) setattr(TemplateDict, name, f) try: # Wrap the string module so it can deal with TaintedString strings. from ZPublisher.TaintedString import TaintedString