Commit 322ceda2 authored by Jim Fulton's avatar Jim Fulton

Changed to use restrictedTraverse rather than unrestrictedTraverse

followed by a security check.
parent 771f7677
......@@ -13,7 +13,7 @@
"""Standard management interface support
$Id: Management.py,v 1.64 2003/11/18 13:16:58 tseaver Exp $
$Id: Management.py,v 1.65 2003/11/28 16:44:25 jim Exp $
"""
import sys, Globals, ExtensionClass, urllib
......@@ -53,15 +53,10 @@ class Tabs(ExtensionClass.Base):
if path is None:
path=d['action']
o=self.unrestrictedTraverse(path, None)
o=self.restrictedTraverse(path, None)
if o is None:
continue
try:
if validate(None, self, None, o):
result.append(d)
except:
if not hasattr(o, '__roles__'):
result.append(d)
return result
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment