Log message for revision 122021: Prepare Zope2 2.13.8. Changed: U Zope/branches/2.13/doc/CHANGES.rst U Zope/branches/2.13/setup.py U Zope/branches/2.13/src/Zope2/App/configure.zcml U Zope/branches/2.13/src/Zope2/App/exclude.zcml A Zope/branches/2.13/src/Zope2/App/traversing.py A Zope/branches/2.13/src/Zope2/App/traversing.zcml U Zope/branches/2.13/versions.cfg
-=- Modified: Zope/branches/2.13/doc/CHANGES.rst =================================================================== --- Zope/branches/2.13/doc/CHANGES.rst 2011-06-28 15:01:20 UTC (rev 122020) +++ Zope/branches/2.13/doc/CHANGES.rst 2011-06-28 15:01:43 UTC (rev 122021) @@ -5,12 +5,15 @@ Change information for previous versions of Zope can be found at http://docs.zope.org/zope2/releases/. -2.13.8 (unreleased) +2.13.8 (2011-06-28) ------------------- Bugs Fixed ++++++++++ +- Fixed a serious privilege escalation issue. For more information see: + http://plone.org/products/plone/security/advisories/20110622 + - Ensure __name__ is not None as well as __name__ existing. For example, object could be a widget within a z3c.form MultiWidget, which do not have __name__ set. Modified: Zope/branches/2.13/setup.py =================================================================== --- Zope/branches/2.13/setup.py 2011-06-28 15:01:20 UTC (rev 122020) +++ Zope/branches/2.13/setup.py 2011-06-28 15:01:43 UTC (rev 122021) @@ -23,7 +23,7 @@ setup(name='Zope2', - version='2.13.8dev', + version='2.13.8', url='http://zope2.zope.org', license='ZPL 2.1', description='Zope2 application server / web framework', Modified: Zope/branches/2.13/src/Zope2/App/configure.zcml =================================================================== --- Zope/branches/2.13/src/Zope2/App/configure.zcml 2011-06-28 15:01:20 UTC (rev 122020) +++ Zope/branches/2.13/src/Zope2/App/configure.zcml 2011-06-28 15:01:43 UTC (rev 122021) @@ -5,7 +5,7 @@ <include file="meta.zcml" /> <include package="AccessControl" file="permissions.zcml" /> - <include package="zope.traversing" /> + <include file="traversing.zcml" /> <include package="OFS "/> <include package="ZPublisher" /> Modified: Zope/branches/2.13/src/Zope2/App/exclude.zcml =================================================================== --- Zope/branches/2.13/src/Zope2/App/exclude.zcml 2011-06-28 15:01:20 UTC (rev 122020) +++ Zope/branches/2.13/src/Zope2/App/exclude.zcml 2011-06-28 15:01:43 UTC (rev 122021) @@ -4,6 +4,7 @@ <exclude package="zope.browsermenu" file="meta.zcml" /> <exclude package="zope.browserresource" file="meta.zcml" /> <exclude package="zope.publisher" file="meta.zcml" /> + <exclude package="zope.traversing" /> <exclude package="zope.viewlet" file="meta.zcml" /> </configure> Added: Zope/branches/2.13/src/Zope2/App/traversing.py =================================================================== --- Zope/branches/2.13/src/Zope2/App/traversing.py (rev 0) +++ Zope/branches/2.13/src/Zope2/App/traversing.py 2011-06-28 15:01:43 UTC (rev 122021) @@ -0,0 +1,14 @@ +from zExceptions import Forbidden +from zope.interface.interface import InterfaceClass +from zope.traversing import namespace + + +class resource(namespace.view): + + def traverse(self, name, ignored): + # The context is important here, since it becomes the parent of the + # resource, which is needed to generate the absolute URL. + res = namespace.getResource(self.context, name, self.request) + if isinstance(res, InterfaceClass): + raise Forbidden('Access to traverser is forbidden.') + return res Property changes on: Zope/branches/2.13/src/Zope2/App/traversing.py ___________________________________________________________________ Added: svn:eol-style + native Added: Zope/branches/2.13/src/Zope2/App/traversing.zcml =================================================================== --- Zope/branches/2.13/src/Zope2/App/traversing.zcml (rev 0) +++ Zope/branches/2.13/src/Zope2/App/traversing.zcml 2011-06-28 15:01:43 UTC (rev 122021) @@ -0,0 +1,61 @@ +<configure xmlns="http://namespaces.zope.org/zope"> + + <!-- define default namespace adapters, etc. --> + <adapter + for="*" + factory="zope.traversing.adapters.Traverser" + provides="zope.traversing.interfaces.ITraverser" /> + + <adapter + for="*" + factory="zope.traversing.adapters.DefaultTraversable" + provides="zope.traversing.interfaces.ITraversable" /> + + <adapter + name="etc" + for="*" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.etc" + /> + <adapter + name="etc" + for="* zope.publisher.interfaces.IRequest" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.etc" + /> + + <adapter + name="adapter" + for="*" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.adapter" + /> + <adapter + name="adapter" + for="* zope.publisher.interfaces.IRequest" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.adapter" + /> + + <adapter + name="skin" + for="* zope.publisher.interfaces.IRequest" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.skin" + /> + + <adapter + name="resource" + for="* zope.publisher.interfaces.IRequest" + provides="zope.traversing.interfaces.ITraversable" + factory="Zope2.App.traversing.resource" + /> + + <adapter + name="view" + for="* zope.publisher.interfaces.IRequest" + provides="zope.traversing.interfaces.ITraversable" + factory="zope.traversing.namespace.view" + /> + +</configure> Property changes on: Zope/branches/2.13/src/Zope2/App/traversing.zcml ___________________________________________________________________ Added: svn:eol-style + native Modified: Zope/branches/2.13/versions.cfg =================================================================== --- Zope/branches/2.13/versions.cfg 2011-06-28 15:01:20 UTC (rev 122020) +++ Zope/branches/2.13/versions.cfg 2011-06-28 15:01:43 UTC (rev 122021) @@ -4,7 +4,7 @@ [versions] # Zope2-specific -Zope2 = +Zope2 = 2.13.8 AccessControl = 2.13.4 Acquisition = 2.13.8 DateTime = 2.12.6 _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins