[z3-five] Re: Five 1.0.2 [was: Security bug in browser menus?]
Lennart Regebro
regebro at gmail.com
Mon Jul 11 23:38:02 CEST 2005
On 7/11/05, Philipp von Weitershausen <philipp at weitershausen.de> wrote:
> Lennart is using CMFonFive which unfortunately does a lot of code
> duplication regarding menus. In particular, it duplicates the getMenu()
> function in which Five's checkPermission is called. That is why it's
> been working for Lennart in the past, even though Five's checkPermission
> and Zope 3's checkPermission behaved differently. (I couldn't figure out
> why actually the code duplication is necessary; if it is for the
> security, then it can now be gotten rid of...)
Most of the code duplication is for a cmf:menuItem statement, and it's
there to implement CMF TALES for the filter statements. There should
be no security difference (and I'm no longer using the CMF statement,
actually).
More information about the z3-five
mailing list