diff --git a/CHANGES.rst b/CHANGES.rst index 5ff8e43..a846c94 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -4,7 +4,10 @@ Changelog 3.1 (unreleased) ---------------- -- Nothing changed yet. +Bug fixes ++++++++++ + +- Don't call HTTPExceptions that are looked up in TemplateDicts 3.0 (2019-05-09) diff --git a/src/DocumentTemplate/_DocumentTemplate.py b/src/DocumentTemplate/_DocumentTemplate.py index 890ea90..f1b86bc 100644 --- a/src/DocumentTemplate/_DocumentTemplate.py +++ b/src/DocumentTemplate/_DocumentTemplate.py @@ -107,6 +107,7 @@ from Acquisition import aq_base from ExtensionClass import Base +from zExceptions import HTTPException from DocumentTemplate.html_quote import html_quote from DocumentTemplate.ustr import ustr @@ -393,7 +394,7 @@ def getitem(self, key, call=0): return e.__render_with_namespace__(self) base = aq_base(e) - if safe_callable(base): + if safe_callable(base) and not isinstance(base, HTTPException): if getattr(base, 'isDocTemp', False): return e(None, self) return e() diff --git a/src/DocumentTemplate/tests/test_templatedict.py b/src/DocumentTemplate/tests/test_templatedict.py index 257ccc9..51ba76a 100644 --- a/src/DocumentTemplate/tests/test_templatedict.py +++ b/src/DocumentTemplate/tests/test_templatedict.py @@ -141,6 +141,19 @@ def test_callable_namespace(self): td._push({'one': DummyNamespace('one')}) self.assertEqual(td['one'], ('namespace', 'one', (td, ))) + def test_callable_httpexception(self): + # Subclasses of zException.HTTPException are callable but should + # not be called during lookup in the template dict. + from zExceptions import NotFound + from zExceptions import Unauthorized + + notfound = NotFound('ouch') + unauth = Unauthorized('argh') + td = TemplateDict() + td._push({'one': unauth, 'two': notfound}) + self.assertEqual(td['one'], unauth) + self.assertEqual(td['two'], notfound) + class TestRestrictedTemplateDict(unittest.TestCase): # Based on tests for Products.PageTemplates.ZRPythonExpr.