From 12eb6980bcc6419728b21fee16028b2c057fbd91 Mon Sep 17 00:00:00 2001
From: Jens Vagelpohl <jens@netz.ooo>
Date: Sat, 16 Feb 2019 10:14:32 -0600
Subject: [PATCH] Fix subscript access on Page Template `macros` attribute
 (#503)

* Fix subscript access on Page Template ``macros`` attribute

* - adding a test that exercises the issue
---
 CHANGES.rst                                   |  3 +++
 src/Products/PageTemplates/engine.py          |  5 +++++
 src/Products/PageTemplates/tests/macros.pt    |  1 +
 .../PageTemplates/tests/test_engine.py        | 21 +++++++++++++++++++
 4 files changed, 30 insertions(+)
 create mode 100644 src/Products/PageTemplates/tests/macros.pt

diff --git a/CHANGES.rst b/CHANGES.rst
index 4169d2b5a8..d588513e88 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -14,6 +14,9 @@ https://github.com/zopefoundation/Zope/blob/4.0a6/CHANGES.rst
 Fixes
 +++++
 
+- Fix subscript access on Page Template ``macros`` attribute
+  (`#210 <https://github.com/zopefoundation/Zope/issues/210>`_)
+
 - Fix ``OFS.interfaces`` attribute declarations to match reality
   (`#498 <https://github.com/zopefoundation/Zope/issues/498`_)
 
diff --git a/src/Products/PageTemplates/engine.py b/src/Products/PageTemplates/engine.py
index 75c952b2fe..12168c3ae7 100644
--- a/src/Products/PageTemplates/engine.py
+++ b/src/Products/PageTemplates/engine.py
@@ -17,6 +17,7 @@
 from chameleon.tales import StringExpr
 from chameleon.tales import NotExpr
 from chameleon.tal import RepeatDict
+from chameleon.zpt.template import Macros
 
 from z3c.pt.expressions import PythonExpr, ProviderExpr
 
@@ -33,6 +34,10 @@
 
 InitializeClass(RepeatDict)
 
+# Declare Chameleon Macros object accessible
+# This makes subscripting work, as in template.macros['name']
+Macros.__allow_access_to_unprotected_subobjects__ = True
+
 re_match_pi = re.compile(r'<\?python([^\w].*?)\?>', re.DOTALL)
 logger = logging.getLogger('Products.PageTemplates')
 
diff --git a/src/Products/PageTemplates/tests/macros.pt b/src/Products/PageTemplates/tests/macros.pt
new file mode 100644
index 0000000000..4aa550c45e
--- /dev/null
+++ b/src/Products/PageTemplates/tests/macros.pt
@@ -0,0 +1 @@
+<i metal:define-macro="foo">bar</i><i metal:use-macro="template/macros/foo" /><i metal:use-macro="python:template.macros['foo']" />
diff --git a/src/Products/PageTemplates/tests/test_engine.py b/src/Products/PageTemplates/tests/test_engine.py
index 9c152c18b8..529bf18ffc 100644
--- a/src/Products/PageTemplates/tests/test_engine.py
+++ b/src/Products/PageTemplates/tests/test_engine.py
@@ -85,6 +85,27 @@ def test_zopepagetemplate_processing_instruction_skipped(self):
         template.write(data)
         self.assertIn('world', template())
 
+    def test_macros_access(self):
+        from Products.PageTemplates.ZopePageTemplate import \
+            manage_addPageTemplate
+        from zExceptions import Unauthorized
+        template = manage_addPageTemplate(self.folder, 'test')
+
+        # aq-wrap before we proceed
+        template = template.__of__(self.folder)
+
+        # test rendering engine
+        with open(os.path.join(path, "macros.pt")) as fd:
+            data = fd.read()
+        template.write(data)
+        try:
+            output = template()
+            raised = False
+        except Unauthorized:
+            raised = True
+        self.assertFalse(raised, 'Unauthorized exception raised')
+        self.assertIn('<i>bar</i><i>bar</i><i>bar</i>', output)
+
 
 def test_suite():
     return unittest.TestSuite((