class UntrustedPythonExpr(expressions.PythonExpr):
rm = RestrictionMutator()
rt = RestrictionTransform()
# Make copy of parent expression builtins
builtins = expressions.PythonExpr.builtins.copy()
# Update builtins with Restricted Python utility builtins
builtins.update(
dict((name, static(builtin))
for (name, builtin) in utility_builtins.items()))
def rewrite(self, node):
if node.id == 'repeat':
node.id = 'wrapped_repeat'
else:
node = super(UntrustedPythonExpr, self).rewrite(node)
return node
def parse(self, string):
encoded = string.encode('utf-8')
node = ast24_parse(encoded, 'eval').node
MutatingWalker.walk(node, self.rm)
string = generate_code(node)
decoded = string.decode('utf-8')
value = super(UntrustedPythonExpr, self).parse(decoded)
# Run restricted python transform
self.rt.visit(value)
return value
class UntrustedPythonExpr(expressions.PythonExpr):
restricted_python_transformer = RestrictingNodeTransformer()
page_templates_expression_transformer = RestrictionTransform()
# Make copy of parent expression builtins
builtins = expressions.PythonExpr.builtins.copy()
# Update builtins with Restricted Python utility builtins
builtins.update({
name: static(builtin)
for (name, builtin) in utility_builtins.items()
})
def rewrite(self, node):
if node.id == 'repeat':
node.id = 'wrapped_repeat'
else:
node = super().rewrite(node)
return node
def parse(self, string):
encoded = string.encode('utf-8')
node = parse(encoded, mode='eval')
# Run Node Transformation from RestrictedPython:
self.restricted_python_transformer.visit(node)
# Run PageTemplate.expression RestrictedPython Transform:
self.page_templates_expression_transformer.visit(node)
return node
class UntrustedPythonExpr(expressions.PythonExpr):
restricted_python_transformer = RestrictingNodeTransformer()
page_templates_expression_transformer = RestrictionTransform()
# Make copy of parent expression builtins
builtins = expressions.PythonExpr.builtins.copy()
# Update builtins with Restricted Python utility builtins
builtins.update(
dict((name, static(builtin))
for (name, builtin) in utility_builtins.items()))
def parse(self, string):
encoded = string.encode('utf-8')
node = parse(encoded, mode='eval')
# Run Node Transformation from RestrictedPython:
self.restricted_python_transformer.visit(node)
# Run PageTemplate.expression RestrictedPython Transform:
self.page_templates_expression_transformer.visit(node)
return node
return v or 0
functype = type(int_param)
class NotBindable(object):
# Used to prevent TemplateDict from trying to bind to functions.
def __init__(self, f):
self._func = f
def __call__(self, *args, **kw):
return self._func(*args, **kw)
for name, f in list(safe_builtins.items()) + list(utility_builtins.items()):
if type(f) is functype:
f = NotBindable(f)
setattr(TemplateDict, name, f)
if LIMITED_BUILTINS:
# Replace certain builtins with limited versions.
from RestrictedPython.Limits import limited_builtins
for name, f in limited_builtins.items():
if type(f) is functype:
f = NotBindable(f)
setattr(TemplateDict, name, f)
class StringModuleWrapper(object):
# Wrap the string module so it can deal with TaintedString strings.
try:
import ExtensionClass
from cDocumentTemplate import InstanceDict, TemplateDict, \
render_blocks, safe_callable, join_unicode
except: from pDocumentTemplate import InstanceDict, TemplateDict, \
render_blocks, safe_callable, join_unicode
functype = type(int_param)
class NotBindable:
# Used to prevent TemplateDict from trying to bind to functions.
def __init__(self, f):
self.__call__ = f
d = TemplateDict.__dict__
for name, f in safe_builtins.items() + utility_builtins.items():
if type(f) is functype:
d[name] = NotBindable(f)
else:
d[name] = f
if LIMITED_BUILTINS:
# Replace certain builtins with limited versions.
from RestrictedPython.Limits import limited_builtins
for name, f in limited_builtins.items():
if type(f) is functype:
d[name] = NotBindable(f)
else:
d[name] = f
try:
if v:
try:
v = int(v)
except:
v = md[v]
if isinstance(v, str):
v = int(v)
return v or 0
functype = type(int_param)
class NotBindable:
# Used to prevent TemplateDict from trying to bind to functions.
def __init__(self, f):
self.__call__ = f
for name, f in safe_builtins.items() + utility_builtins.items():
if type(f) is functype:
f = NotBindable(f)
setattr(TemplateDict, name, f)
if LIMITED_BUILTINS:
# Replace certain builtins with limited versions.
from RestrictedPython.Limits import limited_builtins
for name, f in limited_builtins.items():
if type(f) is functype:
f = NotBindable(f)
setattr(TemplateDict, name, f)
try:
# Wrap the string module so it can deal with TaintedString strings.
from ZPublisher.TaintedString import TaintedString
