Changed to use restrictedTraverse rather than unrestrictedTraverse

followed by a security check.

Changed to use restrictedTraverse rather than unrestrictedTraverse
followed by a security check.
322ceda2 · Jim Fulton · 771f7677 · 322ceda2
Commit 322ceda2 authored Nov 28, 2003 by Jim Fulton
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 10 deletions

lib/python/App/Management.py lib/python/App/Management.py +5 -10

No files found.
--- a/lib/python/App/Management.py
+++ b/lib/python/App/Management.py
@@ -13,7 +13,7 @@
 """Standard management interface support
-$Id: Management.py,v 1.64 2003/11/18 13:16:58 tseaver Exp $
+$Id: Management.py,v 1.65 2003/11/28 16:44:25 jim Exp $
 """
 import sys, Globals, ExtensionClass, urllib
@@ -53,15 +53,10 @@ class Tabs(ExtensionClass.Base):
            if path is None:
                    path=d['action']
-            o=self.unrestrictedTraverse(path, None)
+            o=self.restrictedTraverse(path, None)
            if o is None:
                continue
-            try:
-                if validate(None, self, None, o):
-                    result.append(d)
-            except:
-                if not hasattr(o, '__roles__'):
            result.append(d)
        return result