Log message for revision 73641: Back port from trunk on svn.zope.org: ------------------------------------------------------------------------ r73639 | jinty | 2007-03-26 19:37:07 +0200 (Mon, 26 Mar 2007) | 5 lines Prevent ZPublisher from insering incorrect <base/> tags into the headers of plain html files served from Zope3 resource directories.
Changed: U Products.Five/branches/1.4/CHANGES.txt U Products.Five/branches/1.4/browser/resource.py U Products.Five/branches/1.4/browser/tests/resource_ftest.txt A Products.Five/branches/1.4/browser/tests/resource_subdir/resource.html -=- Modified: Products.Five/branches/1.4/CHANGES.txt =================================================================== --- Products.Five/branches/1.4/CHANGES.txt 2007-03-26 18:26:53 UTC (rev 73640) +++ Products.Five/branches/1.4/CHANGES.txt 2007-03-26 18:31:34 UTC (rev 73641) @@ -14,6 +14,9 @@ * site/metaconfigure: Local site hook now only applied once per class, so multiple <five:localsite> tags for the same class won't cause config errors. + +* Prevent ZPublisher from insering incorrect <base/> tags into the + headers of plain html files served from Zope3 resource directories. Five 1.4.2 (2006-11-04) ======================= Modified: Products.Five/branches/1.4/browser/resource.py =================================================================== --- Products.Five/branches/1.4/browser/resource.py 2007-03-26 18:26:53 UTC (rev 73640) +++ Products.Five/branches/1.4/browser/resource.py 2007-03-26 18:31:34 UTC (rev 73641) @@ -65,6 +65,9 @@ def render(self): """Rendered content""" + # ZPublisher might have called setBody with an incorrect URL + # we definitely don't want that if we are plain html + self.request.RESPONSE.setBase(None) pt = self.context return pt(self.request) Modified: Products.Five/branches/1.4/browser/tests/resource_ftest.txt =================================================================== --- Products.Five/branches/1.4/browser/tests/resource_ftest.txt 2007-03-26 18:26:53 UTC (rev 73640) +++ Products.Five/branches/1.4/browser/tests/resource_ftest.txt 2007-03-26 18:31:34 UTC (rev 73641) @@ -78,6 +78,33 @@ <BLANKLINE> +We also can traverse into sub-directories: + + >>> print http(r''' + ... GET /test_folder_1_/testoid/++resource++fivetest_resources/resource_subdir/resource.txt HTTP/1.1 + ... Authorization: Basic manager:r00t + ... ''') + HTTP/1.1 200 OK + ... + This is a resource in a subdirectory of a normal resource to test traversal. + <BLANKLINE> + + >>> print http(r''' + ... GET /test_folder_1_/testoid/++resource++fivetest_resources/resource_subdir/resource.html HTTP/1.1 + ... Authorization: Basic manager:r00t + ... ''') + HTTP/1.1 200 OK + ... + <html> + <head> + </head> + <body> + This .html should not have a base tag automatically + added to the header. + </body> + </html> + <BLANKLINE> + Clean up -------- Copied: Products.Five/branches/1.4/browser/tests/resource_subdir/resource.html (from rev 73639, Zope/trunk/lib/python/Products/Five/browser/tests/resource_subdir/resource.html) _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins