Skip to content

Commit

Permalink
Merge 2956cc2 into 06ee93c
Browse files Browse the repository at this point in the history
  • Loading branch information
@d-maurer
d-maurer committed Mar 27, 2020
2 parents 06ee93c + 2956cc2 commit b38c1b0
Show file tree
Hide file tree
Showing 23 changed files with 470 additions and 105 deletions.
7 changes: 7 additions & 0 deletions CHANGES.rst
View file
Expand Up @@ -10,6 +10,13 @@ https://zope.readthedocs.io/en/2.13/CHANGES.html
4.3.1 (unreleased)
------------------

- Fix issue 717 by fully honoring the engine returned by
``PageTemplate.pt_getEngine``
(`#717 <https://github.com/zopefoundation/Zope/issues/717>`_).
The engine also decides about the use of ``zope.tales``
(engine is an instance of ``zope.pagetemplate.engine.ZopeBaseEngine``)
or ``chameleon.tales`` (otherwise) TALES expressions.

- Fixed encoding issue of `displayname` WebDAV property
(`#797 <https://github.com/zopefoundation/Zope/issues/797>`_)

Expand Down
2 changes: 1 addition & 1 deletion requirements-full.txt
View file
Expand Up @@ -3,7 +3,7 @@ AccessControl==4.1
Acquisition==4.6
AuthEncoding==4.1
BTrees==4.6.1
Chameleon==3.6.2
Chameleon==3.7.0
DateTime==4.3
DocumentTemplate==3.2.2
ExtensionClass==4.4
Expand Down
1 change: 1 addition & 0 deletions setup.py
View file
Expand Up @@ -73,6 +73,7 @@ def _read_file(filename):
'AccessControl >= 4.0b4',
'Acquisition',
'BTrees',
'Chameleon >= 3.7.0',
'DateTime',
'DocumentTemplate >= 3.0b9',
'ExtensionClass',
Expand Down
4 changes: 2 additions & 2 deletions src/Products/Five/browser/pagetemplatefile.py
View file
Expand Up @@ -19,13 +19,13 @@
from AccessControl import getSecurityManager
from Acquisition import aq_get
from Products.PageTemplates.Expressions import SecureModuleImporter
from Products.PageTemplates.Expressions import createTrustedZopeEngine
from Products.PageTemplates.Expressions import getTrustedEngine
from zope.component import getMultiAdapter
from zope.pagetemplate.engine import TrustedAppPT
from zope.pagetemplate.pagetemplatefile import PageTemplateFile


_engine = createTrustedZopeEngine()
_engine = getTrustedEngine()


def getEngine():
Expand Down
13 changes: 11 additions & 2 deletions src/Products/PageTemplates/Expressions.py
View file
Expand Up @@ -402,7 +402,7 @@ def __call__(self, econtext):
return self._expr % tuple(vvals)


def createZopeEngine(zpe=ZopePathExpr):
def createZopeEngine(zpe=ZopePathExpr, untrusted=True):
e = ZopeEngine()
e.iteratorFactory = PathIterator
for pt in zpe._default_type_names:
Expand All @@ -414,13 +414,15 @@ def createZopeEngine(zpe=ZopePathExpr):
e.registerType('lazy', LazyExpr)
e.registerType('provider', TALESProviderExpression)
e.registerBaseName('modules', SecureModuleImporter)
e.untrusted = untrusted
return e


def createTrustedZopeEngine():
# same as createZopeEngine, but use non-restricted Python
# expression evaluator
e = createZopeEngine(TrustedZopePathExpr)
# still uses the ``SecureModuleImporter``
e = createZopeEngine(TrustedZopePathExpr, untrusted=False)
e.types['python'] = PythonExpr
return e

Expand All @@ -430,3 +432,10 @@ def createTrustedZopeEngine():

def getEngine():
return _engine


_trusted_engine = createTrustedZopeEngine()


def getTrustedEngine():
return _trusted_engine

0 comments on commit b38c1b0

Please sign in to comment.