[Erp5-report] r14248 - in /erp5/trunk/products/ERP5/bootstrap/erp5_core: WorkflowTemplateIt...
nobody at svn.erp5.org
nobody at svn.erp5.org
Thu Apr 26 18:57:20 CEST 2007
Author: jerome
Date: Thu Apr 26 18:57:18 2007
New Revision: 14248
URL: http://svn.erp5.org?rev=14248&view=rev
Log:
Use sci['object'] instead of sci.object to workaround security problems with proxy roles in workflow scripts.
Modified:
erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/preference_workflow/scripts/disableOtherPreferences.xml
erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Predicate_updateMatrix.xml
erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Rule_updateMatrix.xml
erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision
Modified: erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/preference_workflow/scripts/disableOtherPreferences.xml
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/preference_workflow/scripts/disableOtherPreferences.xml?rev=14248&r1=14247&r2=14248&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/preference_workflow/scripts/disableOtherPreferences.xml (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/preference_workflow/scripts/disableOtherPreferences.xml Thu Apr 26 18:57:18 2007
@@ -70,7 +70,7 @@
<key> <string>_body</string> </key>
<value> <string>from Products.ERP5Type.Message import Message\n
\n
-pref = sci.object\n
+pref = sci[\'object\']\n
portal = sci.getPortal()\n
LOG = lambda msg: pref.log("PreferenceWorkflow.disableOtherPreferences on %s"%pref, msg)\n
N_ = lambda msg, **kw: Message(\'erp5_ui\', msg, **kw)\n
@@ -141,8 +141,9 @@
<string>sci</string>
<string>Products.ERP5Type.Message</string>
<string>Message</string>
+ <string>_getitem_</string>
+ <string>pref</string>
<string>_getattr_</string>
- <string>pref</string>
<string>portal</string>
<string>LOG</string>
<string>N_</string>
Modified: erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Predicate_updateMatrix.xml
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Predicate_updateMatrix.xml?rev=14248&r1=14247&r2=14248&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Predicate_updateMatrix.xml (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Predicate_updateMatrix.xml Thu Apr 26 18:57:18 2007
@@ -68,7 +68,7 @@
</item>
<item>
<key> <string>_body</string> </key>
- <value> <string>rule = state_change.object.getParentValue()\n
+ <value> <string>rule = state_change[\'object\'].getParentValue()\n
\n
if rule.getPortalType() in (\'Invoice Transaction Rule\', \'Payment Rule\') :\n
rule.activate(\n
@@ -119,6 +119,7 @@
<tuple>
<string>state_change</string>
<string>_getattr_</string>
+ <string>_getitem_</string>
<string>rule</string>
</tuple>
</value>
Modified: erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Rule_updateMatrix.xml
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Rule_updateMatrix.xml?rev=14248&r1=14247&r2=14248&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Rule_updateMatrix.xml (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_core/WorkflowTemplateItem/portal_workflow/rule_interaction_workflow/scripts/Rule_updateMatrix.xml Thu Apr 26 18:57:18 2007
@@ -68,7 +68,7 @@
</item>
<item>
<key> <string>_body</string> </key>
- <value> <string>matrix = state_change.object\n
+ <value> <string>matrix = state_change[\'object\']\n
matrix.activate(\n
after_path_and_method_id=([matrix.getPath(),],\n
[\'immediateReindexObject\', \'recursiveImmediateReindexObject\'])\n
@@ -116,8 +116,9 @@
<value>
<tuple>
<string>state_change</string>
+ <string>_getitem_</string>
+ <string>matrix</string>
<string>_getattr_</string>
- <string>matrix</string>
</tuple>
</value>
</item>
Modified: erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision?rev=14248&r1=14247&r2=14248&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision Thu Apr 26 18:57:18 2007
@@ -1,1 +1,1 @@
-309
+314
More information about the Erp5-report
mailing list