コード例 #1
0
 def test_prevents_bad_string_formatting_key(self):
     from AccessControl.safe_formatter import SafeFormatter
     from AccessControl.ZopeGuards import guarded_getitem
     from persistent.list import PersistentList
     # Accessing basic Python types in a basic Python list is fine.
     foo = list(['bar'])
     self.assertEqual(SafeFormatter('{0[0]}').safe_format(foo), 'bar')
     self.assertEqual(guarded_getitem(foo, 0), 'bar')
     # For basic Python types in a non-basic list, we guard the access.
     foo = PersistentList(foo)
     self.assertRaises(Unauthorized, guarded_getitem, foo, 0)
     self.assertRaises(Unauthorized,
                       SafeFormatter('{0[0]}').safe_format, foo)
     # though we could allow access if we want:
     foo.__allow_access_to_unprotected_subobjects__ = 1
     self.assertEqual(guarded_getitem(foo, 0), 'bar')
     self.assertEqual(SafeFormatter('{0[0]}').safe_format(foo), 'bar')
     # For non-basic items we want run checks too.
     folder = self._create_folder_with_mixed_contents()
     # We can get the public items just fine:
     self.assertEqual(
         SafeFormatter('{0[0]}').safe_format(folder), '<Item public1>')
     self.assertEqual(
         SafeFormatter('{0[2]}').safe_format(folder), '<Item public2>')
     # But not the private item:
     self.assertRaises(Unauthorized,
                       SafeFormatter('{0[1]}').safe_format, folder)
コード例 #2
0
 def test_prevents_bad_string_formatting_key(self):
     from AccessControl.safe_formatter import SafeFormatter
     from AccessControl.ZopeGuards import guarded_getitem
     from persistent.list import PersistentList
     # Accessing basic Python types in a basic Python list is fine.
     foo = list(['bar'])
     self.assertEqual(SafeFormatter('{0[0]}').safe_format(foo),
                      'bar')
     self.assertEqual(guarded_getitem(foo, 0), 'bar')
     # For basic Python types in a non-basic list, we guard the access.
     foo = PersistentList(foo)
     self.assertRaises(Unauthorized, guarded_getitem, foo, 0)
     self.assertRaises(Unauthorized,
                       SafeFormatter('{0[0]}').safe_format, foo)
     # though we could allow access if we want:
     foo.__allow_access_to_unprotected_subobjects__ = 1
     self.assertEqual(guarded_getitem(foo, 0), 'bar')
     self.assertEqual(SafeFormatter('{0[0]}').safe_format(foo),
                      'bar')
     # For non-basic items we want run checks too.
     folder = self._create_folder_with_mixed_contents()
     # We can get the public items just fine:
     self.assertEqual(SafeFormatter('{0[0]}').safe_format(folder),
                      '<Item public1>')
     self.assertEqual(SafeFormatter('{0[2]}').safe_format(folder),
                      '<Item public2>')
     # But not the private item:
     self.assertRaises(Unauthorized,
                       SafeFormatter('{0[1]}').safe_format,
                       folder)
コード例 #3
0
ファイル: Zope.py プロジェクト: Andyvs/TrackMonthlyExpenses
    def __getitem__(self,index):
        data=self._data
        try: s=self._seq
        except AttributeError: return data[index]

        i=index
        if i < 0: i=len(self)+i
        if i < 0: raise IndexError, index

        ind=len(data)
        if i < ind: return data[i]
        ind=ind-1

        test=self._test
        e=self._eindex
        skip = self._skip
        while i > ind:
            e = e + 1
            try:
                try: v = guarded_getitem(s, e)
                except Unauthorized, vv:
                    if skip is None:
                        self._eindex = e
                        msg = '(item %s): %s' % (index, vv)
                        raise Unauthorized, msg, sys.exc_info()[2]
                    skip_this = 1
                else:
                    skip_this = 0
コード例 #4
0
ファイル: Zope.py プロジェクト: vedantc98/Plone-test
    def __getitem__(self, index):
        data = self._data
        try:
            s = self._seq
        except AttributeError:
            return data[index]

        i = index
        if i < 0: i = len(self) + i
        if i < 0: raise IndexError, index

        ind = len(data)
        if i < ind: return data[i]
        ind = ind - 1

        test = self._test
        e = self._eindex
        skip = self._skip
        while i > ind:
            e = e + 1
            try:
                try:
                    v = guarded_getitem(s, e)
                except Unauthorized, vv:
                    if skip is None:
                        self._eindex = e
                        msg = '(item %s): %s' % (index, vv)
                        raise Unauthorized, msg, sys.exc_info()[2]
                    skip_this = 1
                else:
                    skip_this = 0
コード例 #5
0
    def get_field(self, field_name, args, kwargs):
        """Get the field value using guarded methods."""
        first, rest = formatter_field_name_split(field_name)

        obj = self.get_value(first, args, kwargs)

        # loop through the rest of the field_name, doing
        #  getattr or getitem as needed
        for is_attr, i in rest:
            if is_attr:
                obj = guarded_getattr(obj, i)
            else:
                obj = guarded_getitem(obj, i)

        return obj, first
コード例 #6
0
    def get_field(self, field_name, args, kwargs):
        """Get the field value using guarded methods."""
        first, rest = formatter_field_name_split(field_name)

        obj = self.get_value(first, args, kwargs)

        # loop through the rest of the field_name, doing
        #  getattr or getitem as needed
        for is_attr, i in rest:
            if is_attr:
                obj = guarded_getattr(obj, i)
            else:
                obj = guarded_getitem(obj, i)

        return obj, first
コード例 #7
0
ファイル: Zope.py プロジェクト: cjwood032/Zope_Walkthrough
    def __getitem__(self, index):
        data = self._data
        try:
            s = self._seq
        except AttributeError:
            return data[index]

        i = index
        if i < 0:
            i = len(self) + i
        if i < 0:
            raise IndexError(index)

        ind = len(data)
        if i < ind:
            return data[i]
        ind = ind - 1

        test = self._test
        e = self._eindex
        skip = self._skip
        while i > ind:
            e = e + 1
            try:
                try:
                    v = guarded_getitem(s, e)
                except Unauthorized as vv:
                    if skip is None:
                        self._eindex = e
                        msg = '(item %s): %s' % (index, vv)
                        raise Unauthorized(msg)
                    skip_this = 1
                else:
                    skip_this = 0
            except IndexError:
                del self._test
                del self._seq
                del self._eindex
                raise IndexError(index)
            if skip_this:
                continue
            if skip and not getSecurityManager().checkPermission(skip, v):
                continue
            if test is None or test(v):
                data.append(v)
                ind = ind + 1
        self._eindex = e
        return data[i]
コード例 #8
0
ファイル: Zope.py プロジェクト: dhavlik/Zope
    def __getitem__(self, index):
        data = self._data
        try:
            s = self._seq
        except AttributeError:
            return data[index]

        i = index
        if i < 0:
            i = len(self) + i
        if i < 0:
            raise IndexError(index)

        ind = len(data)
        if i < ind:
            return data[i]
        ind = ind - 1

        test = self._test
        e = self._eindex
        skip = self._skip
        while i > ind:
            e = e + 1
            try:
                try:
                    v = guarded_getitem(s, e)
                except Unauthorized as vv:
                    if skip is None:
                        self._eindex = e
                        msg = '(item %s): %s' % (index, vv)
                        raise Unauthorized(msg)
                    skip_this = 1
                else:
                    skip_this = 0
            except IndexError:
                del self._test
                del self._seq
                del self._eindex
                raise IndexError(index)
            if skip_this:
                continue
            if skip and not getSecurityManager().checkPermission(skip, v):
                continue
            if test is None or test(v):
                data.append(v)
                ind = ind + 1
        self._eindex = e
        return data[i]
コード例 #9
0
ファイル: security.py プロジェクト: Daetalus/DocumentTemplate
 def guarded_getitem(self, ob, index):
     return guarded_getitem(ob, index)
コード例 #10
0
 def guarded_getitem(self, ob, index):
     return guarded_getitem(ob, index)