Log message for revision 73641:
Back port from trunk on svn.zope.org:
------------------------------------------------------------------------
r73639 | jinty | 2007-03-26 19:37:07 +0200 (Mon, 26 Mar 2007) | 5 lines
Prevent ZPublisher from insering incorrect <base/> tags into the
headers of plain html files served from Zope3 resource directories.
Changed:
U Products.Five/branches/1.4/CHANGES.txt
U Products.Five/branches/1.4/browser/resource.py
U Products.Five/branches/1.4/browser/tests/resource_ftest.txt
A Products.Five/branches/1.4/browser/tests/resource_subdir/resource.html
-=-
Modified: Products.Five/branches/1.4/CHANGES.txt
===================================================================
--- Products.Five/branches/1.4/CHANGES.txt 2007-03-26 18:26:53 UTC (rev
73640)
+++ Products.Five/branches/1.4/CHANGES.txt 2007-03-26 18:31:34 UTC (rev
73641)
@@ -14,6 +14,9 @@
* site/metaconfigure: Local site hook now only applied once per class, so
multiple <five:localsite> tags for the same class won't cause config
errors.
+
+* Prevent ZPublisher from insering incorrect <base/> tags into the
+ headers of plain html files served from Zope3 resource directories.
Five 1.4.2 (2006-11-04)
=======================
Modified: Products.Five/branches/1.4/browser/resource.py
===================================================================
--- Products.Five/branches/1.4/browser/resource.py 2007-03-26 18:26:53 UTC
(rev 73640)
+++ Products.Five/branches/1.4/browser/resource.py 2007-03-26 18:31:34 UTC
(rev 73641)
@@ -65,6 +65,9 @@
def render(self):
"""Rendered content"""
+ # ZPublisher might have called setBody with an incorrect URL
+ # we definitely don't want that if we are plain html
+ self.request.RESPONSE.setBase(None)
pt = self.context
return pt(self.request)
Modified: Products.Five/branches/1.4/browser/tests/resource_ftest.txt
===================================================================
--- Products.Five/branches/1.4/browser/tests/resource_ftest.txt 2007-03-26
18:26:53 UTC (rev 73640)
+++ Products.Five/branches/1.4/browser/tests/resource_ftest.txt 2007-03-26
18:31:34 UTC (rev 73641)
@@ -78,6 +78,33 @@
<BLANKLINE>
+We also can traverse into sub-directories:
+
+ >>> print http(r'''
+ ... GET
/test_folder_1_/testoid/++resource++fivetest_resources/resource_subdir/resource.txt
HTTP/1.1
+ ... Authorization: Basic manager:r00t
+ ... ''')
+ HTTP/1.1 200 OK
+ ...
+ This is a resource in a subdirectory of a normal resource to test traversal.
+ <BLANKLINE>
+
+ >>> print http(r'''
+ ... GET
/test_folder_1_/testoid/++resource++fivetest_resources/resource_subdir/resource.html
HTTP/1.1
+ ... Authorization: Basic manager:r00t
+ ... ''')
+ HTTP/1.1 200 OK
+ ...
+ <html>
+ <head>
+ </head>
+ <body>
+ This .html should not have a base tag automatically
+ added to the header.
+ </body>
+ </html>
+ <BLANKLINE>
+
Clean up
--------
Copied: Products.Five/branches/1.4/browser/tests/resource_subdir/resource.html
(from rev 73639,
Zope/trunk/lib/python/Products/Five/browser/tests/resource_subdir/resource.html)
_______________________________________________
Zope-Checkins maillist - Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins
