Commit 322ceda2 authored by Jim Fulton's avatar Jim Fulton

Changed to use restrictedTraverse rather than unrestrictedTraverse

followed by a security check.
parent 771f7677
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
"""Standard management interface support """Standard management interface support
$Id: Management.py,v 1.64 2003/11/18 13:16:58 tseaver Exp $ $Id: Management.py,v 1.65 2003/11/28 16:44:25 jim Exp $
""" """
import sys, Globals, ExtensionClass, urllib import sys, Globals, ExtensionClass, urllib
...@@ -53,16 +53,11 @@ class Tabs(ExtensionClass.Base): ...@@ -53,16 +53,11 @@ class Tabs(ExtensionClass.Base):
if path is None: if path is None:
path=d['action'] path=d['action']
o=self.unrestrictedTraverse(path, None) o=self.restrictedTraverse(path, None)
if o is None: if o is None:
continue continue
try: result.append(d)
if validate(None, self, None, o):
result.append(d)
except:
if not hasattr(o, '__roles__'):
result.append(d)
return result return result
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment