Log message for revision 123153: Fix serious authentication vulnerability in stock configuration.
Changed: U Zope/trunk/doc/CHANGES.rst U Zope/trunk/src/OFS/tests/test_userfolder.py U Zope/trunk/src/OFS/userfolder.py -=- Modified: Zope/trunk/doc/CHANGES.rst =================================================================== --- Zope/trunk/doc/CHANGES.rst 2011-10-24 22:39:13 UTC (rev 123152) +++ Zope/trunk/doc/CHANGES.rst 2011-10-24 22:41:46 UTC (rev 123153) @@ -11,6 +11,8 @@ Bugs Fixed ++++++++++ +- Fixed serious authentication vulnerability in stock configuration. + - Fixed a regression in webdav support that broke external editor feature. - Restore ability to undo multiple transactions from the ZMI by using the Modified: Zope/trunk/src/OFS/tests/test_userfolder.py =================================================================== --- Zope/trunk/src/OFS/tests/test_userfolder.py 2011-10-24 22:39:13 UTC (rev 123152) +++ Zope/trunk/src/OFS/tests/test_userfolder.py 2011-10-24 22:41:46 UTC (rev 123153) @@ -17,7 +17,15 @@ # TODO class Test_readUserAccessFile(unittest.TestCase) -# TODO class BasicUserFoldertests(unittest.TestCase) +class BasicUserFolderTests(unittest.TestCase): + + def _getTargetClass(self): + from OFS.userfolder import BasicUserFolder + return BasicUserFolder + + def test_manage_users_security_initialized(self): + uf = self._getTargetClass()() + self.assertTrue(hasattr(uf, 'manage_users__roles__')) class UserFolderTests(unittest.TestCase): @@ -171,6 +179,8 @@ def test_suite(): - suite = unittest.TestSuite() - suite.addTest(unittest.makeSuite(UserFolderTests)) + suite = unittest.TestSuite(( + unittest.makeSuite(BasicUserFolderTests), + unittest.makeSuite(UserFolderTests), + )) return suite Modified: Zope/trunk/src/OFS/userfolder.py =================================================================== --- Zope/trunk/src/OFS/userfolder.py 2011-10-24 22:39:13 UTC (rev 123152) +++ Zope/trunk/src/OFS/userfolder.py 2011-10-24 22:41:46 UTC (rev 123153) @@ -293,7 +293,9 @@ message='Cannot change the id of a UserFolder', action='./manage_main')) +InitializeClass(BasicUserFolder) + class UserFolder(accesscontrol_userfolder.UserFolder, BasicUserFolder): """Standard UserFolder object _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins