3rd-party code that calls these methods indirectly may
still be affected.
Hotfix
We have prepared a hot fix for this problem
at:
http://www.zope.org/Products/Zope/Hotfix-2007-03-20/
Hotfix-20070320/,
http://www.zope.org/Products/Zope/Hotfix-2007-03-20/
Hotfix-20070320
Log message for revision 73386:
- Add a request method decorator to AccessControl, creating decorators that
limit a method to one request method only.
- Protect various security-setting-mutators with a POST-only decorator.
Changed:
U Zope/trunk/doc/CHANGES.txt
U
Log message for revision 73388:
- Backport a postonly decorator from Zope trunk's requestmethod decorator
factory.
- Protect various security-setting-mutators with this decorator.
Changed:
U Zope/branches/2.10/doc/CHANGES.txt
U Zope/branches/2.10/lib/python/AccessControl/Owned.py
U
Log message for revision 73389:
- Backport a postonly decorator from Zope trunk's requestmethod decorator
factory.
- Protect various security-setting-mutators with this decorator.
Changed:
U Zope/branches/2.9/doc/CHANGES.txt
U Zope/branches/2.9/lib/python/AccessControl/Owned.py
U
Log message for revision 73390:
- Backport a postonly decorator from Zope trunk's requestmethod decorator
factory.
- Protect various security-setting-mutators with this decorator.
Changed:
U Zope/branches/Zope-2_8-branch/doc/CHANGES.txt
U
/README.txt
===
--- Zope/hotfixes/README.txt2007-03-20 09:05:56 UTC (rev 73390)
+++ Zope/hotfixes/README.txt2007-03-20 09:09:02 UTC (rev 73391)
@@ -0,0 +1,62 @@
+Hotfix-20070320 README
+
+This hotfix corrects a cross-site
===
--- Zope/hotfixes/README.txt2007-03-20 09:09:02 UTC (rev 73391)
+++ Zope/hotfixes/README.txt2007-03-20 09:10:28 UTC (rev 73392)
@@ -1,62 +0,0 @@
-Hotfix-20070320 README
-
-This hotfix corrects a cross-site scripting vulnerability in Zope2,
-where an attacker can use a hidden GET request
73392)
+++ Zope/hotfixes/Hotfix_20070320/README.txt2007-03-20 09:11:46 UTC (rev
73393)
@@ -0,0 +1,62 @@
+Hotfix-20070320 README
+
+This hotfix corrects a cross-site scripting vulnerability in Zope2,
+where an attacker can use a hidden GET request to leverage a
+authenticated user's
Log message for revision 73395:
Add backward compatible postonly decorator
Changed:
U Zope/trunk/lib/python/AccessControl/requestmethod.py
-=-
Modified: Zope/trunk/lib/python/AccessControl/requestmethod.py
===
---
Log message for revision 73396:
Add comment about postonly status
Changed:
U Zope/trunk/lib/python/AccessControl/requestmethod.py
-=-
Modified: Zope/trunk/lib/python/AccessControl/requestmethod.py
===
---
Summary of messages to the zope-tests list.
Period Mon Mar 19 12:00:00 2007 UTC to Tue Mar 20 12:00:00 2007 UTC.
There were 5 messages: 5 from Zope Unit Tests.
Tests passed OK
---
Subject: OK : Zope-2.7 Python-2.3.6 : Linux
From: Zope Unit Tests
Date: Mon Mar 19 21:52:50 EDT 2007
Hello,
i try to add Properties to all of my PAS-Users.
The Properties should be the adresse information
of my Users, which i get about an WebService.
Now i have developed a very simple example of a
IPropertiesPlugin:
security.declarePrivate('getPropertiesForUser')
def
I made a pyhon product with catalogaware as one of my base class but my
zcatalog named 'catalog' doesn't automatically catalog when I add a product
item. what could be a problem?
Please help
this is part of my code that include catalogawareness:
class ShpTypePointClass(Item, Persistent,
Hi Allen
I made a pyhon product with catalogaware as one of my base class but my
zcatalog named 'catalog' doesn't automatically catalog when I add a
product item. what could be a problem?
Perhaps setting the catalog in your object instance may help:
self.manage_editCataloger(catalogPath)
Hi,
I have realy searched for a nice addressbook product for a couple two
days now. I dont find anything suitable. I need it for a collaboration
plattform running on zope, cmf. I like zope very much and am looking for
a shared addressbook.
Anybody any experiences or suggestions?
What would
- Original Message -
From: Allen Huang [EMAIL PROTECTED]
To: Zope zope@zope.org
Sent: Tuesday, March 20, 2007 3:09 AM
Subject: [Zope] catalog aware not working.. help
I made a pyhon product with catalogaware as one of my base class but my
zcatalog named 'catalog' doesn't
- Original Message -
From: Allen Huang [EMAIL PROTECTED]
Subject: [Zope] I keep getting validate error.. why?
I keep getting this error, but the same code work on another zope server
and I didn't use any key or attribute named 'validate'. What is the cause
of this?
Time2007/03/20
Allen Huang wrote at 2007-3-20 05:39 -0700:
I keep getting this error, but the same code work on another zope server and I
didn't use any key or attribute named 'validate'. What is the cause of this?
Time2007/03/20 17:38:03.726 GMT+8
User Name (User Id)admin (admin)
Request
Hi,
I just wondered if there was some Quanta+/Kdevelop users in here.
I am looking for their way to handle ZPTs.
I know it's pretty close to XML, but any tip would interest me.
Thank you!
___
Zope maillist - Zope@zope.org
On Tuesday 20 March 2007 11:39, Frank Drews wrote:
Hi,
I have realy searched for a nice addressbook product for a couple two
days now. I dont find anything suitable. I need it for a collaboration
plattform running on zope, cmf. I like zope very much and am looking for
a shared addressbook.
On 3/20/07, Allen Huang [EMAIL PROTECTED] wrote:
I made a pyhon product with catalogaware as one of my base class but my
zcatalog named 'catalog' doesn't automatically catalog when I add a product
item. what could be a problem?
Please help
this is part of my code that include
To give an update:
To run a stored procedure which returns a ref cursor, I tried:
c1 = db.cursor()
c2 = db.cursor()
sql = storedProcedureName(:inparam1, :inparam2, etccc, :outparam)
options = (inparam1, inparam2, et, c2)
c1.execute(sql, options)
As recommended below.
This did not work.
You have a point Maciej - but I got used to DCOracle2 and so far it has
performed quite well. I link it with Oracle lib32 libraries, but use it
with ora lib 64-bit libraries in the path. So far, there has been no
issues I am aware of. The only thing that came up recently is how to
use it with a
Chances are good that the C code that is trying to construct the
timestamp doesn't know how to convert it...
A quick peek into the source code hints the code doesn't have a type
converter for SQLT_TIMESTAMP, although there is a converter for
SQLT_DAT (date).
Putting a converter into the
This was causing a segmentation fault on a Sun Solaris box.
On Windows, I got an actual error message. While fetching, the cursor
has a field of ora datatype TimeStamp. This was crashing DCOracle2. a
to_char solved the issue.
I am using DCOracle2 and Oracle 10 on Solaris (and Windows XP).
25 matches
Mail list logo