Don't publish acquired attributes if acquired object has no docstring.

See https://bugs.launchpad.net/zope2/+bug/713253/

Don't publish acquired attributes if acquired object has no docstring.
See https://bugs.launchpad.net/zope2/+bug/713253/
55986d1b · Tres Seaver · 747ce19e · 55986d1b · 55986d1b · 55986d1b
Commit 55986d1b authored Feb 06, 2011 by Tres Seaver
6 changed files
--- a/doc/CHANGES.txt
+++ b/doc/CHANGES.txt
@@ -4,6 +4,14 @@ Zope Changes
  Change information for previous versions of Zope can be found in the
  file HISTORY.txt.
+  Zope 2.10.13 (2011/02/04)
+    Bugs fixed
+      - Prevent publication of acquired attributes, where the acquired
+        object does not have a docstring.
+        https://bugs.launchpad.net/zope2/+bug/713253/
  Zope 2.10.12 (2010/09/01)
    Bugs fixed

--- a/inst/WinBuilders/mk/zope.mk
+++ b/inst/WinBuilders/mk/zope.mk
-ZOPEVERSION = 2.10.12-final
+ZOPEVERSION = 2.10.13-final
 ZOPEDIRNAME := Zope-$(ZOPEVERSION)
 ZOPE_REQUIRED_FILES=tmp/$(ZOPEDIRNAME).tgz

--- a/inst/versions.py
+++ b/inst/versions.py
 ZOPE_MAJOR_VERSION  = '2.10'
-ZOPE_MINOR_VERSION  = '12'
+ZOPE_MINOR_VERSION  = '13'
 ZOPE_BRANCH_NAME    = '$Name$'[6:] or 'no-branch'
 # always start prerelease branches with '0' to avoid upgrade

--- a/lib/python/ZPublisher/BaseRequest.py
+++ b/lib/python/ZPublisher/BaseRequest.py
@@ -116,23 +116,21 @@ class DefaultPublishTraverse(object):
                    # Again, clear any error status created by __bobo_traverse__
                    # because we actually found something:
                    request.response.setStatus(200)
-                    return subobject
                except AttributeError:
                    pass
                # Lastly we try with key access:
-                try:
+                if subobject is None:
-                    subobject = object[name]
+                    try:
-                except TypeError: # unsubscriptable
+                        subobject = object[name]
-                    raise KeyError(name)
+                    except TypeError: # unsubscriptable
+                        raise KeyError(name)
        # Ensure that the object has a docstring, or that the parent
        # object has a pseudo-docstring for the object. Objects that
        # have an empty or missing docstring are not published.
        doc = getattr(subobject, '__doc__', None)
-        if doc is None:
-            doc = getattr(object, '%s__doc__' % name, None)
        if not doc:
            raise Forbidden(
                "The object at %s has an empty or missing " \

--- a/lib/python/ZPublisher/tests/testBaseRequest.py
+++ b/lib/python/ZPublisher/tests/testBaseRequest.py
@@ -166,6 +166,13 @@ class TestBaseRequest(unittest.TestCase):
        r = self._makeOne(root)
        self.assertRaises(NotFound, r.traverse, 'folder/objBasic/noview')
+    def test_traverse_acquired_attribute_without_docstring(self):
+        from ZPublisher import NotFound
+        root, folder = self._makeRootAndFolder()
+        root._setObject('objBasic', DummyObjectWithoutDocstring())
+        r = self._makeOne(root)
+        self.assertRaises(NotFound, r.traverse, 'folder/objBasic')
    def test_traverse_class_without_docstring(self):
        from ZPublisher import NotFound
        root, folder = self._makeRootAndFolder()

--- a/setup.py
+++ b/setup.py
@@ -462,7 +462,7 @@ doclines = __doc__.split("\n")
 setup(name='Zope',
      author=AUTHOR,
-      version="2.10.7-dev",
+      version="2.10.13",
      maintainer="Zope Corporation",
      maintainer_email="zope-dev@zope.org",
      url = "http://www.zope.org/",