Commit 11d30e34 authored by Tres Seaver's avatar Tres Seaver

Forward-port fix for LP #978980 from 2.12 branch.

parent f380c5b8
...@@ -8,6 +8,9 @@ http://docs.zope.org/zope2/releases/. ...@@ -8,6 +8,9 @@ http://docs.zope.org/zope2/releases/.
2.13.20 (unreleased) 2.13.20 (unreleased)
-------------------- --------------------
- LP #978980: Protect views of ZPT source with 'View Management Screens'
permision.
- Make sure the generated classes for simple browser pages (SimpleViewClasses) - Make sure the generated classes for simple browser pages (SimpleViewClasses)
have a str __name__. See LP #1129030. have a str __name__. See LP #1129030.
......
...@@ -56,6 +56,8 @@ if os.environ.has_key('ZPT_PREFERRED_ENCODING'): ...@@ -56,6 +56,8 @@ if os.environ.has_key('ZPT_PREFERRED_ENCODING'):
class Src(Explicit): class Src(Explicit):
""" I am scary code """ """ I am scary code """
security = ClassSecurityInfo()
security.declareObjectProtected(view_management_screens)
PUT = document_src = Acquired PUT = document_src = Acquired
index_html = None index_html = None
...@@ -68,6 +70,8 @@ class Src(Explicit): ...@@ -68,6 +70,8 @@ class Src(Explicit):
" " " "
return self.document_src(REQUEST) return self.document_src(REQUEST)
InitializeClass(Src)
class ZopePageTemplate(Script, PageTemplate, Historical, Cacheable, class ZopePageTemplate(Script, PageTemplate, Historical, Cacheable,
Traversable, PropertyManager): Traversable, PropertyManager):
"Zope wrapper for Page Template using TAL, TALES, and METAL" "Zope wrapper for Page Template using TAL, TALES, and METAL"
......
...@@ -232,7 +232,8 @@ class ZPTUnicodeEncodingConflictResolution(ZopeTestCase): ...@@ -232,7 +232,8 @@ class ZPTUnicodeEncodingConflictResolution(ZopeTestCase):
self.app.REQUEST.debug = DebugFlags() self.app.REQUEST.debug = DebugFlags()
self.assertEqual(zpt.pt_render(), unicode('<div>foo</div>')) self.assertEqual(zpt.pt_render(), unicode('<div>foo</div>'))
self.app.REQUEST.debug.showTAL = True self.app.REQUEST.debug.showTAL = True
self.assertEqual(zpt.pt_render(), unicode('<div tal:content="string:foo">foo</div>')) self.assertEqual(zpt.pt_render(),
unicode('<div tal:content="string:foo">foo</div>'))
self.app.REQUEST.debug.sourceAnnotations = True self.app.REQUEST.debug.sourceAnnotations = True
self.assertEqual(zpt.pt_render().startswith(unicode('<!--')), True) self.assertEqual(zpt.pt_render().startswith(unicode('<!--')), True)
...@@ -483,6 +484,54 @@ class ZPTMacros(zope.component.testing.PlacelessSetup, unittest.TestCase): ...@@ -483,6 +484,54 @@ class ZPTMacros(zope.component.testing.PlacelessSetup, unittest.TestCase):
pt.pt_render(source=True) pt.pt_render(source=True)
self.assertEqual(pt.pt_errors(), None) self.assertEqual(pt.pt_errors(), None)
class SrcTests(unittest.TestCase):
def _getTargetClass(self):
from Products.PageTemplates.ZopePageTemplate import Src
return Src
def _makeOne(self, zpt=None):
if zpt is None:
zpt = self._makeTemplate()
zpt.test_src = self._getTargetClass()()
return zpt.test_src
def _makeTemplate(self, id='test', source='<html/>'):
from Products.PageTemplates.ZopePageTemplate import ZopePageTemplate
return ZopePageTemplate(id, source)
def test___before_publishing_traverse___wo__hacked_path(self):
src = self._makeOne()
request = DummyRequest()
src.__before_publishing_traverse__(None, request)
self.assertFalse('_hacked_path' in request.__dict__)
def test___before_publishing_traverse___w__hacked_path_false(self):
src = self._makeOne()
request = DummyRequest()
request._hacked_path = False
src.__before_publishing_traverse__(None, request)
self.assertFalse(request._hacked_path)
def test___before_publishing_traverse___w__hacked_path_true(self):
src = self._makeOne()
request = DummyRequest()
request._hacked_path = True
src.__before_publishing_traverse__(None, request)
self.assertFalse(request._hacked_path)
def test___call__(self):
template = self._makeTemplate(source='TESTING')
src = self._makeOne(template)
request = DummyRequest()
response = object()
self.assertEqual(src(request, response), 'TESTING')
class DummyRequest(dict):
pass
class DummyFileUpload: class DummyFileUpload:
def __init__(self, data='', filename='', content_type=''): def __init__(self, data='', filename='', content_type=''):
...@@ -495,10 +544,12 @@ class DummyFileUpload: ...@@ -495,10 +544,12 @@ class DummyFileUpload:
def test_suite(): def test_suite():
suite = unittest.makeSuite(ZPTRegressions) return unittest.TestSuite((
suite.addTests(unittest.makeSuite(ZPTUtilsTests)) unittest.makeSuite(ZPTRegressions),
suite.addTests(unittest.makeSuite(ZPTMacros)) unittest.makeSuite(ZPTUtilsTests),
suite.addTests(unittest.makeSuite(ZopePageTemplateFileTests)) unittest.makeSuite(ZPTMacros),
suite.addTests(unittest.makeSuite(ZPTUnicodeEncodingConflictResolution)) unittest.makeSuite(ZopePageTemplateFileTests),
suite.addTests(unittest.makeSuite(PreferredCharsetUnicodeResolverTests)) unittest.makeSuite(ZPTUnicodeEncodingConflictResolution),
return suite unittest.makeSuite(PreferredCharsetUnicodeResolverTests),
unittest.makeSuite(SrcTests),
))
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment