Log message for revision 73396:
Add comment about postonly status
Changed:
U Zope/trunk/lib/python/AccessControl/requestmethod.py
-=-
Modified: Zope/trunk/lib/python/AccessControl/requestmethod.py
===
--- Zope/trunk/lib/python/
Log message for revision 73395:
Add backward compatible postonly decorator
Changed:
U Zope/trunk/lib/python/AccessControl/requestmethod.py
-=-
Modified: Zope/trunk/lib/python/AccessControl/requestmethod.py
===
--- Zope/trunk/li
73392)
+++ Zope/hotfixes/Hotfix_20070320/README.txt2007-03-20 09:11:46 UTC (rev
73393)
@@ -0,0 +1,62 @@
+Hotfix-20070320 README
+
+This hotfix corrects a cross-site scripting vulnerability in Zope2,
+where an attacker can use a hidden GET request to leverage a
+authenticated user
===
--- Zope/hotfixes/README.txt2007-03-20 09:09:02 UTC (rev 73391)
+++ Zope/hotfixes/README.txt2007-03-20 09:10:28 UTC (rev 73392)
@@ -1,62 +0,0 @@
-Hotfix-20070320 README
-
-This hotfix corrects a cross-site scripting vulnerability in Zope2,
-where an attacker can use a hidden GET request
/README.txt
===
--- Zope/hotfixes/README.txt2007-03-20 09:05:56 UTC (rev 73390)
+++ Zope/hotfixes/README.txt2007-03-20 09:09:02 UTC (rev 73391)
@@ -0,0 +1,62 @@
+Hotfix-20070320 README
+
+This hotfix corrects a cross-site
Log message for revision 73390:
- Backport a postonly decorator from Zope trunk's requestmethod decorator
factory.
- Protect various security-setting-mutators with this decorator.
Changed:
U Zope/branches/Zope-2_8-branch/doc/CHANGES.txt
U Zope/branches/Zope-2_8-branch/lib/python/Acces
Log message for revision 73389:
- Backport a postonly decorator from Zope trunk's requestmethod decorator
factory.
- Protect various security-setting-mutators with this decorator.
Changed:
U Zope/branches/2.9/doc/CHANGES.txt
U Zope/branches/2.9/lib/python/AccessControl/Owned.py
U
Log message for revision 73388:
- Backport a postonly decorator from Zope trunk's requestmethod decorator
factory.
- Protect various security-setting-mutators with this decorator.
Changed:
U Zope/branches/2.10/doc/CHANGES.txt
U Zope/branches/2.10/lib/python/AccessControl/Owned.py
U
Log message for revision 73386:
- Add a request method decorator to AccessControl, creating decorators that
limit a method to one request method only.
- Protect various security-setting-mutators with a POST-only decorator.
Changed:
U Zope/trunk/doc/CHANGES.txt
U Zope/trunk/lib/python/