Changed to use restrictedTraverse rather than unrestrictedTraverse

followed by a security check.

Changed to use restrictedTraverse rather than unrestrictedTraverse
followed by a security check.
322ceda2 · Jim Fulton · 771f7677 · 322ceda2
Commit 322ceda2 authored Nov 28, 2003 by Jim Fulton
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 10 deletions

lib/python/App/Management.py lib/python/App/Management.py +5 -10

No files found.
--- a/lib/python/App/Management.py
+++ b/lib/python/App/Management.py
@@ -13,7 +13,7 @@

 """Standard management interface support

-$Id: Management.py,v 1.64 2003/11/18 13:16:58 tseaver Exp $
+$Id: Management.py,v 1.65 2003/11/28 16:44:25 jim Exp $
 """

 import sys, Globals, ExtensionClass, urllib
@@ -53,16 +53,11 @@ class Tabs(ExtensionClass.Base):
            if path is None:
                    path=d['action']

-            o=self.unrestrictedTraverse(path, None)
+            o=self.restrictedTraverse(path, None)
            if o is None:
-                    continue
-
-            try:
-                if validate(None, self, None, o):
-                    result.append(d)
-            except:
-                if not hasattr(o, '__roles__'):
-                    result.append(d)
+                continue
+
+            result.append(d)

        return result