Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Zope: Dev

Bug in Traversable.py

  

 
Zope dev RSS feed   Index | Next | Previous | View Threaded


roche at upfrontsystems

Mar 23, 2007, 3:12 AM

Post #1 of 3 (576 views)
Permalink
Bug in Traversable.py
Looks like there is a bug in Zope 2.10.2 with OFS/Traversable.py on line
228:

if not ok:
if (container is not None or
guarded_getattr(obj, name, _marker)
is not next):
raise Unauthorized(name)

Here is my debugging session:

(Pdb) guarded_getattr(obj, name, _marker)
'Guo Zhonghai'
(Pdb) obj
<Contact at /creme/Contacts/Contact_1125>
(Pdb) name
'title'
(Pdb) guarded_getattr(obj, name, _marker)
'Guo Zhonghai'
(Pdb) p next
'Guo Zhonghai'
(Pdb) guarded_getattr(obj, name, _marker) == next
True
(Pdb) guarded_getattr(obj, name, _marker) is next
False
(Pdb) type(guarded_getattr(obj, name, _marker)), type(next)
(<type 'str'>, <type 'str'>)
(Pdb) id(guarded_getattr(obj, name, _marker))
46912619931440
(Pdb) id(next)
46912619931720

Thus, often string attributes will fail with this check.

In my opinion the code should read:

if not ok:
if (container is not None or
guarded_getattr(obj, name, _marker)
!= next):
raise Unauthorized(name)


If you agree that his is a bug, I'll log it.

--
Roché Compaan
Upfront Systems http://www.upfrontsystems.co.za

_______________________________________________
Zope-Dev maillist - Zope-Dev [at] zope
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


stefan at epy

Mar 28, 2007, 1:17 PM

Post #2 of 3 (540 views)
Permalink
Re: Bug in Traversable.py [In reply to]
Please file a bug, mailing list traffic tends to get lost.

Thanks,
Stefan


On 23. Mär 2007, at 11:12, Roché Compaan wrote:

> Looks like there is a bug in Zope 2.10.2 with OFS/Traversable.py on
> line
> 228:
>
> if not ok:
> if (container is not None or
> guarded_getattr(obj, name,
> _marker)
> is not next):
> raise Unauthorized(name)
>
> Here is my debugging session:
>
> (Pdb) guarded_getattr(obj, name, _marker)
> 'Guo Zhonghai'
> (Pdb) obj
> <Contact at /creme/Contacts/Contact_1125>
> (Pdb) name
> 'title'
> (Pdb) guarded_getattr(obj, name, _marker)
> 'Guo Zhonghai'
> (Pdb) p next
> 'Guo Zhonghai'
> (Pdb) guarded_getattr(obj, name, _marker) == next
> True
> (Pdb) guarded_getattr(obj, name, _marker) is next
> False
> (Pdb) type(guarded_getattr(obj, name, _marker)), type(next)
> (<type 'str'>, <type 'str'>)
> (Pdb) id(guarded_getattr(obj, name, _marker))
> 46912619931440
> (Pdb) id(next)
> 46912619931720
>
> Thus, often string attributes will fail with this check.
>
> In my opinion the code should read:
>
> if not ok:
> if (container is not None or
> guarded_getattr(obj, name,
> _marker)
> != next):
> raise Unauthorized(name)
>
>
> If you agree that his is a bug, I'll log it.
>
> --
> Roché Compaan
> Upfront Systems http://www.upfrontsystems.co.za
>
> _______________________________________________
> Zope-Dev maillist - Zope-Dev [at] zope
> http://mail.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope )

--
Anything that, in happening, causes something else to happen,
causes something else to happen. --Douglas Adams


_______________________________________________
Zope-Dev maillist - Zope-Dev [at] zope
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


regebro at gmail

Mar 28, 2007, 11:37 PM

Post #3 of 3 (535 views)
Permalink
Re: Bug in Traversable.py [In reply to]
On 3/23/07, Roché Compaan <roche [at] upfrontsystems> wrote:
> Thus, often string attributes will fail with this check.

I don't understand how you reach that conclusion.

> In my opinion the code should read:
>
> if not ok:
> if (container is not None or
> guarded_getattr(obj, name, _marker)
> != next):
> raise Unauthorized(name)

No, we are checking for identity there, because that's what we want to
check. The question is why guarded_getattr(obj, name, _marker) and
bobo_traverse(REQUEST, name) doesn't return the same object in this
case.

> If you agree that his is a bug, I'll log it.

I suspect that the bug is something different than this.

--
Lennart Regebro: Zope and Plone consulting.
http://www.colliberty.com/
+33 661 58 14 64
_______________________________________________
Zope-Dev maillist - Zope-Dev [at] zope
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Zope dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.