Sanitize root/request lookup

parent 8fb2bbd2
...@@ -17,7 +17,7 @@ $Id$ ...@@ -17,7 +17,7 @@ $Id$
""" """
import os, sys import os, sys
from Acquisition import aq_inner from Acquisition import aq_inner, aq_acquire
from Globals import package_home from Globals import package_home
from Products.PageTemplates.PageTemplateFile import PageTemplateFile from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from Products.PageTemplates.Expressions import SecureModuleImporter from Products.PageTemplates.Expressions import SecureModuleImporter
...@@ -64,22 +64,16 @@ class ZopeTwoPageTemplateFile(PageTemplateFile): ...@@ -64,22 +64,16 @@ class ZopeTwoPageTemplateFile(PageTemplateFile):
def pt_getContext(self): def pt_getContext(self):
try: try:
root = self.getPhysicalRoot() root = aq_acquire(self.context, 'getPhysicalRoot')()
except AttributeError:
try:
root = self.context.getPhysicalRoot()
except AttributeError: except AttributeError:
root = None root = None
# Even if the context isn't a view (when would that be exaclty?),
# there shouldn't be any dange in applying a view, because it
# won't be used. However assuming that a lack of getPhysicalRoot
# implies a missing view causes problems.
view = self._getContext() view = self._getContext()
here = aq_inner(self.context) here = aq_inner(self.context)
try:
request = aq_acquire(root, 'REQUEST')
except AttributeError:
request = None
request = getattr(root, 'REQUEST', None)
c = {'template': self, c = {'template': self,
'here': here, 'here': here,
'context': here, 'context': here,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment