Log message for revision 122019: Prepare Zope2 2.12.19. Changed: U Zope/branches/2.12/doc/CHANGES.rst U Zope/branches/2.12/setup.py U Zope/branches/2.12/src/Products/Five/configure.zcml A Zope/branches/2.12/src/Products/Five/traversing.py U Zope/branches/2.12/src/Products/Five/traversing.zcml U Zope/branches/2.12/versions.cfg
-=- Modified: Zope/branches/2.12/doc/CHANGES.rst =================================================================== --- Zope/branches/2.12/doc/CHANGES.rst 2011-06-28 14:13:33 UTC (rev 122018) +++ Zope/branches/2.12/doc/CHANGES.rst 2011-06-28 15:01:07 UTC (rev 122019) @@ -5,12 +5,14 @@ Change information for previous versions of Zope can be found at http://docs.zope.org/zope2/releases/. -2.12.19 (unreleased) +2.12.19 (2011-06-28) -------------------- Bugs Fixed ++++++++++ +- Fixed a serious privilege escalation issue. For more information see: + http://plone.org/products/plone/security/advisories/20110622 Features ++++++++ Modified: Zope/branches/2.12/setup.py =================================================================== --- Zope/branches/2.12/setup.py 2011-06-28 14:13:33 UTC (rev 122018) +++ Zope/branches/2.12/setup.py 2011-06-28 15:01:07 UTC (rev 122019) @@ -16,7 +16,7 @@ from setuptools import setup, find_packages, Extension setup(name='Zope2', - version='2.12.19dev', + version='2.12.19', url='http://www.zope.org', license='ZPL 2.1', description='Zope2 application server / web framework', Modified: Zope/branches/2.12/src/Products/Five/configure.zcml =================================================================== --- Zope/branches/2.12/src/Products/Five/configure.zcml 2011-06-28 14:13:33 UTC (rev 122018) +++ Zope/branches/2.12/src/Products/Five/configure.zcml 2011-06-28 15:01:07 UTC (rev 122019) @@ -1,6 +1,9 @@ <configure xmlns="http://namespaces.zope.org/zope" xmlns:five="http://namespaces.zope.org/five"> + <!-- Disable unsupported Zope Toolkit functionality --> + <exclude package="zope.traversing" /> + <include file="meta.zcml" /> <include file="permissions.zcml" /> <include file="i18n.zcml" /> Added: Zope/branches/2.12/src/Products/Five/traversing.py =================================================================== --- Zope/branches/2.12/src/Products/Five/traversing.py (rev 0) +++ Zope/branches/2.12/src/Products/Five/traversing.py 2011-06-28 15:01:07 UTC (rev 122019) @@ -0,0 +1,14 @@ +from zExceptions import Forbidden +from zope.interface.interface import InterfaceClass +from zope.traversing import namespace + + +class resource(namespace.view): + + def traverse(self, name, ignored): + # The context is important here, since it becomes the parent of the + # resource, which is needed to generate the absolute URL. + res = namespace.getResource(self.context, name, self.request) + if isinstance(res, InterfaceClass): + raise Forbidden('Access to traverser is forbidden.') + return res Property changes on: Zope/branches/2.12/src/Products/Five/traversing.py ___________________________________________________________________ Added: svn:eol-style + native Modified: Zope/branches/2.12/src/Products/Five/traversing.zcml =================================================================== --- Zope/branches/2.12/src/Products/Five/traversing.zcml 2011-06-28 14:13:33 UTC (rev 122018) +++ Zope/branches/2.12/src/Products/Five/traversing.zcml 2011-06-28 15:01:07 UTC (rev 122019) @@ -1,7 +1,61 @@ -<configure xmlns="http://namespaces.zope.org/zope" - xmlns:five="http://namespaces.zope.org/five"> +<configure xmlns="http://namespaces.zope.org/zope"> <!-- define default namespace adapters, etc. --> - <include package="zope.traversing" /> + <adapter + for="*" + factory="zope.traversing.adapters.Traverser" + provides="zope.location.interfaces.ITraverser" /> + <adapter + for="*" + factory="zope.traversing.adapters.DefaultTraversable" + provides="zope.traversing.interfaces.ITraversable" /> + + <adapter + name="etc" + for="*" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.etc" + /> + <adapter + name="etc" + for="* zope.publisher.interfaces.IRequest" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.etc" + /> + + <adapter + name="adapter" + for="*" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.adapter" + /> + <adapter + name="adapter" + for="* zope.publisher.interfaces.IRequest" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.adapter" + /> + + <adapter + name="skin" + for="* zope.publisher.interfaces.IRequest" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.skin" + /> + + <adapter + name="resource" + for="* zope.publisher.interfaces.IRequest" + provides="zope.traversing.interfaces.ITraversable" + factory="Products.Five.traversing.resource" + /> + + <adapter + name="view" + for="* zope.publisher.interfaces.IRequest" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.view" + /> + </configure> Modified: Zope/branches/2.12/versions.cfg =================================================================== --- Zope/branches/2.12/versions.cfg 2011-06-28 14:13:33 UTC (rev 122018) +++ Zope/branches/2.12/versions.cfg 2011-06-28 15:01:07 UTC (rev 122019) @@ -2,7 +2,7 @@ versions = versions [versions] -Zope2 = +Zope2 = 2.12.19 Acquisition = 2.13.8 buildout.dumppickedversions = 0.4 ClientForm = 0.2.10 _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins