2.10.5-final PageTemplate returns Unauthorized error while it shouldn't

Are you seeing the following when rendering that template on 2.10.x:

  AccessControl.unauthorized.Unauthorized: You are not allowed to access 'value' in this context

That's what I meant with my report. This is not the case in 2.8 and 2.9 tho.

f.-

Full traceback attached.

The attached diff against 2.11.2 fixes it. This probably needs to be applied to zope3 as well.

f.-

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Federico Schwindt wrote:
> The attached diff against 2.11.2 fixes it. This probably needs to be
> applied to zope3 as well.
>
> f.-
>
> ** Attachment added: "174705.diff"
> http://launchpadlibrarian.net/20101336/174705.diff

Actually, that fix is not relevant for Zope3's security machinery. We
would be better off adding the
'__allow_access_to_unrestricted_subobjects__' attribute to the
Zope2-specific subclass, Products.PageTemplates.Expressions.ZopeContext,
along with a unit test.

Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 <email address hidden>
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJNCB8+gerLs4ltQ4RAk3wAJ9e8wWt5BdTj59reF/CT8orOtBSDQCfcsi3
8TfvBSKy1VkWHJA8cQJAEC0=
=bt0M
-----END PGP SIGNATURE-----

Thanks for tracking this down! Fix committed with tests to the
2.10 branch, the 2.11 branch, and the trunk:

- http://svn.zope.org/Zope/branches/2.10/?rev=93506&view=rev

- http://svn.zope.org/Zope/branches/2.11/?rev=93507&view=rev

- http://svn.zope.org/Zope/trunk/?rev=93508&view=rev