Commit b138afc8 authored by Shane Hathaway's avatar Shane Hathaway

Restricted property sheet IDs using ObjectManager's checkValidId().

parent 40940438
...@@ -29,6 +29,9 @@ Zope changes ...@@ -29,6 +29,9 @@ Zope changes
- A misspelled function name which prevented the addition of - A misspelled function name which prevented the addition of
properties was corrected. properties was corrected.
- Caused PropertySheets to restrict IDs the same way
ObjectManager does.
Zope 2.3.0 alpha 1 Zope 2.3.0 alpha 1
Features Added Features Added
......
...@@ -84,7 +84,7 @@ ...@@ -84,7 +84,7 @@
############################################################################## ##############################################################################
"""Property sheets""" """Property sheets"""
__version__='$Revision: 1.58 $'[11:-2] __version__='$Revision: 1.59 $'[11:-2]
import time, string, App.Management, Globals import time, string, App.Management, Globals
from ZPublisher.Converters import type_converters from ZPublisher.Converters import type_converters
...@@ -250,6 +250,11 @@ class PropertySheet(Traversable, Persistent, Implicit): ...@@ -250,6 +250,11 @@ class PropertySheet(Traversable, Persistent, Implicit):
self._wrapperCheck(value) self._wrapperCheck(value)
if not self.valid_property_id(id): if not self.valid_property_id(id):
raise 'Bad Request', 'Invalid property id, %s.' % id raise 'Bad Request', 'Invalid property id, %s.' % id
# Perform additional validation checks for security.
from ObjectManager import checkValidId
checkValidId(self, id)
if not self.property_extensible_schema__(): if not self.property_extensible_schema__():
raise 'Bad Request', ( raise 'Bad Request', (
'Properties cannot be added to this property sheet') 'Properties cannot be added to this property sheet')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment