Update PageTemplates.expressions to use new RestrictedPython Impl. (#111

) * rewrite to use new RestrictedPython Impl * cleanup and singleton
zopefoundation · May 13, 2017 · dae7429 · dae7429
1 parent 4c38c0e
commit dae7429
Showing 1 changed file with 12 additions and 9 deletions.
diff --git a/src/Products/PageTemplates/expression.py b/src/Products/PageTemplates/expression.py
@@ -1,15 +1,16 @@
-from ast import NodeTransformer, parse
+from ast import NodeTransformer
+from ast import parse
 from six import class_types
 
 from OFS.interfaces import ITraversable
-from zExceptions import NotFound, Unauthorized
+from zExceptions import NotFound
+from zExceptions import Unauthorized
 
 from zope.traversing.adapters import traversePathElement
 from zope.traversing.interfaces import TraversalError
 
-from RestrictedPython.RestrictionMutator import RestrictionMutator
 from RestrictedPython.Utilities import utility_builtins
-from RestrictedPython import MutatingWalker
+from RestrictedPython import RestrictingNodeTransformer
 
 from Products.PageTemplates.Expressions import render
 
@@ -147,8 +148,8 @@ def visit_Name(self, node):
 
 
 class UntrustedPythonExpr(expressions.PythonExpr):
-    rm = RestrictionMutator()
-    rt = RestrictionTransform()
+    restricted_python_transformer = RestrictingNodeTransformer()
+    page_templates_expression_transformer = RestrictionTransform()
 
     # Make copy of parent expression builtins
     builtins = expressions.PythonExpr.builtins.copy()
@@ -169,9 +170,11 @@ def rewrite(self, node):
     def parse(self, string):
         encoded = string.encode('utf-8')
         node = parse(encoded, mode='eval')
-        MutatingWalker.walk(node, self.rm)
 
-        # Run restricted python transform
-        self.rt.visit(node)
+        # Run Node Transformation from RestrictedPython:
+        self.restricted_python_transformer.visit(node)
+
+        # Run PageTemplate.expression RestrictedPython Transform:
+        self.page_templates_expression_transformer.visit(node)
 
         return node