def render(ob, ns):
"""Calls the object, possibly a document template, or just returns
it if not callable. (From DT_Util.py)
"""
if hasattr(ob, '__render_with_namespace__'):
ob = ZRPythonExpr.call_with_ns(ob.__render_with_namespace__, ns)
else:
# items might be acquisition wrapped
base = aq_base(ob)
# item might be proxied (e.g. modules might have a deprecation
# proxy)
base = removeAllProxies(base)
if isinstance(base, collections.Callable):
if getattr(base, 'isDocTemp', 0):
ob = ZRPythonExpr.call_with_ns(ob, ns, 2)
else:
ob = ob()
return ob
def render(ob, ns):
"""Calls the object, possibly a document template, or just returns
it if not callable. (From DT_Util.py)
"""
if hasattr(ob, '__render_with_namespace__'):
ob = ZRPythonExpr.call_with_ns(ob.__render_with_namespace__, ns)
else:
# items might be acquisition wrapped
base = aq_base(ob)
# item might be proxied (e.g. modules might have a deprecation
# proxy)
base = removeAllProxies(base)
if callable(base):
try:
if getattr(base, 'isDocTemp', 0):
ob = ZRPythonExpr.call_with_ns(ob, ns, 2)
else:
ob = ob()
except NotImplementedError:
pass
return ob
from zope.tales.tales import ErrorInfo as BaseErrorInfo
from zope.tales.tales import Iterator
from zope.traversing.interfaces import ITraversable
from zope.traversing.adapters import traversePathElement
import OFS.interfaces
from MultiMapping import MultiMapping
from Acquisition import aq_base
from zExceptions import NotFound
from zExceptions import Unauthorized
from zope.contentprovider.tales import TALESProviderExpression
from Products.PageTemplates import ZRPythonExpr
from Products.PageTemplates.interfaces import IUnicodeEncodingConflictResolver
SecureModuleImporter = ZRPythonExpr._SecureModuleImporter()
LOG = logging.getLogger('Expressions')
# In Zope 2 traversal semantics, NotFound or Unauthorized (the Zope 2
# versions) indicate that traversal has failed. By default, zope.tales'
# engine doesn't recognize them as such which is why we extend its
# list here and make sure our implementation of the TALES
# Path Expression uses them
ZopeUndefs = Undefs + (NotFound, Unauthorized)
def boboAwareZopeTraverse(object, path_items, econtext):
"""Traverses a sequence of names, first trying attributes then items.
This uses zope.traversing path traversal where possible and interacts
class Program:
# Zope 2 Page Template expressions
secure_expression_types = {
'python': UntrustedPythonExpr,
'string': StringExpr,
'not': NotExpr,
'exists': ExistsExpr,
'path': PathExpr,
'provider': ProviderExpr,
'nocall': NocallExpr,
}
# Zope 3 Page Template expressions
expression_types = {
'python': PythonExpr,
'string': StringExpr,
'not': NotExpr,
'exists': ExistsExpr,
'path': TrustedPathExpr,
'provider': ProviderExpr,
'nocall': NocallExpr,
}
extra_builtins = {
'modules': ZRPythonExpr._SecureModuleImporter()
}
def __init__(self, template):
self.template = template
def __call__(self, context, macros, tal=True, **options):
if tal is False:
return self.template.body
# Swap out repeat dictionary for Chameleon implementation
# and store wrapped dictionary in new variable -- this is
# in turn used by the secure Python expression
# implementation whenever a 'repeat' symbol is found
kwargs = context.vars
kwargs['wrapped_repeat'] = kwargs['repeat']
kwargs['repeat'] = RepeatDict(context.repeat_vars)
return self.template.render(**kwargs)
@classmethod
def cook(cls, source_file, text, engine, content_type):
if engine is getEngine():
def sanitize(m):
match = m.group(1)
logger.info(
'skipped "<?python%s?>" code block in '
'Zope 2 page template object "%s".',
match, source_file
)
return ''
text, count = re_match_pi.subn(sanitize, text)
if count:
logger.warning(
"skipped %d code block%s (not allowed in "
"restricted evaluation scope)." % (
count, 's' if count > 1 else ''
)
)
expression_types = cls.secure_expression_types
else:
expression_types = cls.expression_types
# BBB: Support CMFCore's FSPagetemplateFile formatting
if source_file is not None and source_file.startswith('file:'):
source_file = source_file[5:]
if source_file is None:
# Default to '<string>'
source_file = ChameleonPageTemplate.filename
template = ChameleonPageTemplate(
text, filename=source_file, keep_body=True,
expression_types=expression_types,
encoding='utf-8', extra_builtins=cls.extra_builtins,
)
return cls(template), template.macros
from zope.proxy import removeAllProxies
from zope.tales.expressions import DeferExpr
from zope.tales.expressions import LazyExpr
from zope.tales.expressions import NotExpr
from zope.tales.expressions import PathExpr
from zope.tales.expressions import StringExpr
from zope.tales.expressions import Undefs
from zope.tales.pythonexpr import PythonExpr
from zope.tales.tales import Context
from zope.tales.tales import ErrorInfo as BaseErrorInfo
from zope.tales.tales import Iterator
from zope.traversing.adapters import traversePathElement
from zope.traversing.interfaces import ITraversable
SecureModuleImporter = ZRPythonExpr._SecureModuleImporter()
LOG = logging.getLogger('Expressions')
# In Zope 2 traversal semantics, NotFound or Unauthorized (the Zope 2
# versions) indicate that traversal has failed. By default, zope.tales'
# engine doesn't recognize them as such which is why we extend its
# list here and make sure our implementation of the TALES
# Path Expression uses them
ZopeUndefs = Undefs + (NotFound, Unauthorized)
def boboAwareZopeTraverse(object, path_items, econtext):
"""Traverses a sequence of names, first trying attributes then items.
This uses zope.traversing path traversal where possible and interacts
class Program(object):
implements(IPageTemplateProgram)
classProvides(IPageTemplateEngine)
# Zope 2 Page Template expressions
secure_expression_types = {
'python': UntrustedPythonExpr,
'string': StringExpr,
'not': NotExpr,
'exists': ExistsExpr,
'path': PathExpr,
'provider': ProviderExpr,
'nocall': NocallExpr,
}
# Zope 3 Page Template expressions
expression_types = {
'python': PythonExpr,
'string': StringExpr,
'not': NotExpr,
'exists': ExistsExpr,
'path': TrustedPathExpr,
'provider': ProviderExpr,
'nocall': NocallExpr,
}
extra_builtins = {'modules': ZRPythonExpr._SecureModuleImporter()}
def __init__(self, template):
self.template = template
def __call__(self, context, macros, tal=True, **options):
if tal is False:
return self.template.body
# Swap out repeat dictionary for Chameleon implementation
# and store wrapped dictionary in new variable -- this is
# in turn used by the secure Python expression
# implementation whenever a 'repeat' symbol is found
kwargs = context.vars
kwargs['wrapped_repeat'] = kwargs['repeat']
kwargs['repeat'] = RepeatDict(context.repeat_vars)
return self.template.render(**kwargs)
@classmethod
def cook(cls, source_file, text, engine, content_type):
if engine is getEngine():
expression_types = cls.secure_expression_types
else:
expression_types = cls.expression_types
# BBB: Support CMFCore's FSPagetemplateFile formatting
if source_file is not None and source_file.startswith('file:'):
source_file = source_file[5:]
template = ChameleonPageTemplate(
text,
filename=source_file,
keep_body=True,
expression_types=expression_types,
encoding='utf-8',
extra_builtins=cls.extra_builtins,
)
return cls(template), template.macros
