From a433c20a597e3af9ad3024f181c3c85879331bd5 Mon Sep 17 00:00:00 2001 From: Armin Ronacher Date: Mon, 24 Dec 2007 15:59:47 +0100 Subject: [PATCH] work around a pylons oddity --HG-- branch : trunk --- jinja/utils.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/jinja/utils.py b/jinja/utils.py index 7fe5d2e..9444c5c 100644 --- a/jinja/utils.py +++ b/jinja/utils.py @@ -200,8 +200,12 @@ def get_attribute(obj, name): if getattr(obj, '__class__', None) in callable_types and \ name.startswith('func_') or name.startswith('im_'): raise SecurityException('not allowed to access function attributes') + r = _getattr(obj, 'jinja_allowed_attributes', None) - if r is not None and name not in r: + # the empty string check is for pylons which returns empty strings on + # it's stacked something foobar object + if r not in (None, '') and name not in r: + print "broken here" raise SecurityException('disallowed attribute accessed') # attribute lookups convert unicode strings to ascii bytestrings. -- 2.26.2