[Erp5-report] r23743 - in /erp5/trunk/products/ERP5/bootstrap/erp5_core: SkinTemplateItem/p...

nobody at svn.erp5.org nobody at svn.erp5.org
Mon Sep 22 18:22:47 CEST 2008 

Author: jerome
Date: Mon Sep 22 18:22:46 2008
New Revision: 23743

URL: http://svn.erp5.org?rev=23743&view=rev
Log:
In Folder_delete, use portal_categories.getRelatedPropertyList(property_name='relative_url') instead of [related_object.getRelativeUrl() for related_object in portal_categories.getRelatedValueList()] to prevent Unauthorized that may happen while getting attribute from related_object in restricted environment.

Modified:
    erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Folder_delete.xml
    erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision

Modified: erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Folder_delete.xml
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Folder_delete.xml?rev=23743&r1=23742&r2=23743&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Folder_delete.xml (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_core/SkinTemplateItem/portal_skins/erp5_core/Folder_delete.xml Mon Sep 22 18:22:46 2008
@@ -70,12 +70,12 @@
 qs = \'\'\n
 ret_url = \'\'\n
 \n
+getRelatedPropertyList = portal.portal_categories.getRelatedPropertyList\n
 def Object_hasRelation(obj):\n
   # Check if there is some related objets.\n
   result = 0\n
   for o in obj.getIndexableChildValueList():\n
-    for related in obj.portal_categories.getRelatedValueList(o):\n
-      related_url = related.getRelativeUrl()\n
+    for related_url in getRelatedPropertyList(o, property_name=\'relative_url\'):\n
       if related_url.startswith(obj.getRelativeUrl()):\n
         continue\n
       elif related_url.startswith(\'portal_simulation\'):\n
@@ -243,6 +243,7 @@
                             <string>REQUEST</string>
                             <string>qs</string>
                             <string>ret_url</string>
+                            <string>getRelatedPropertyList</string>
                             <string>Object_hasRelation</string>
                             <string>message</string>
                             <string>None</string>

Modified: erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision?rev=23743&r1=23742&r2=23743&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_core/bt/revision Mon Sep 22 18:22:46 2008
@@ -1,1 +1,1 @@
-962
+963

More information about the Erp5-report mailing list