ZReST - ZReST.py:1.6.12.11

Tres Seaver Mon, 10 Jul 2006 14:29:12 -0700

Update of /cvs-repository/Zope/lib/python/Products/ZReST
In directory cvs.zope.org:/tmp/cvs-serv7924/lib/python/Products/ZReST


Modified Files:
      Tag: Zope-2_7-branch
        ZReST.py 
Log Message:
 - Backport tests and fixes for ReST file inclusion vulnerability.


=== Zope/lib/python/Products/ZReST/ZReST.py 1.6.12.10 => 1.6.12.11 ===
--- Zope/lib/python/Products/ZReST/ZReST.py:1.6.12.10   Sun Nov 21 12:47:51 2004
+++ Zope/lib/python/Products/ZReST/ZReST.py     Mon Jul 10 17:28:29 2006
@@ -198,6 +198,10 @@
         # remember warnings
         pub.settings.warning_stream = Warnings()
 
+        # disable unsafe directives
+        pub.settings.raw_enabled = 0
+        pub.settings.file_insertion_enabled = 0
+
         pub.source = docutils.io.StringInput(
             source=self.source, encoding=self.input_encoding)
 

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

[Zope-Checkins] CVS: Zope/lib/python/Products/ZReST - ZReST.py:1.6.12.11

Reply via email to