[z3-five] Re: Five 1.0.2 [was: Security bug in browser menus?]
Philipp von Weitershausen
philipp at weitershausen.de
Tue Jul 12 06:44:11 CEST 2005
Lennart Regebro wrote:
> On 7/11/05, Philipp von Weitershausen <philipp at weitershausen.de> wrote:
>
>>Lennart is using CMFonFive which unfortunately does a lot of code
>>duplication regarding menus. In particular, it duplicates the getMenu()
>>function in which Five's checkPermission is called. That is why it's
>>been working for Lennart in the past, even though Five's checkPermission
>>and Zope 3's checkPermission behaved differently. (I couldn't figure out
>>why actually the code duplication is necessary; if it is for the
>>security, then it can now be gotten rid of...)
>
> Most of the code duplication is for a cmf:menuItem statement, and it's
> there to implement CMF TALES for the filter statements. There should
> be no security difference (and I'm no longer using the CMF statement,
> actually).
But you're using Zope 3 menu items through the FiveActionsTool in CMF,
right?
Philipp
More information about the z3-five
mailing list