[Erp5-report] r24658 - in /erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style: SkinTemplat...

nobody at svn.erp5.org nobody at svn.erp5.org
Fri Nov 21 14:29:30 CET 2008 

Author: ivan
Date: Fri Nov 21 14:29:27 2008
New Revision: 24658

URL: http://svn.erp5.org?rev=24658&view=rev
Log:
Use restrictedTraverse which will perform security checks rather than getattr which will raise Unauthorized if logged in user can't access portal_gadgets.

Modified:
    erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_access_tab/erp5_site_main_template.xml
    erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/bt/revision

Modified: erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_access_tab/erp5_site_main_template.xml
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_access_tab/erp5_site_main_template.xml?rev=24658&r1=24657&r2=24658&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_access_tab/erp5_site_main_template.xml [utf8] (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_access_tab/erp5_site_main_template.xml [utf8] Fri Nov 21 14:29:27 2008
@@ -65,7 +65,7 @@
               </div>\n
                 <p class="clear" />\n
               </div>\n
-              <tal:block tal:condition="python: getattr(here,\'portal_gadgets\', None) is not None">\n
+              <tal:block tal:condition="python: here.getPortalObject().restrictedTraverse(\'portal_gadgets\', None) is not None">\n
                   <link href="erp5_knowledge_box_top_newpage.css" rel="stylesheet" type="text/css" />\n
                   <tal:block tal:condition="exists:here/ERP5Site_viewHomeAreaRenderer"\n
                             tal:replace="structure here/ERP5Site_viewHomeAreaRenderer" />\n

Modified: erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/bt/revision
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/bt/revision?rev=24658&r1=24657&r2=24658&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/bt/revision [utf8] (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/bt/revision [utf8] Fri Nov 21 14:29:27 2008
@@ -1,1 +1,1 @@
-629
+631

More information about the Erp5-report mailing list