Log message for revision 68979: - reStructuredText/ZReST: setting raw_enabled to 0 for security reasons
Changed: U Zope/branches/Zope-2_8-branch/doc/CHANGES.txt U Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py U Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py -=- Modified: Zope/branches/Zope-2_8-branch/doc/CHANGES.txt =================================================================== --- Zope/branches/Zope-2_8-branch/doc/CHANGES.txt 2006-07-05 16:12:23 UTC (rev 68978) +++ Zope/branches/Zope-2_8-branch/doc/CHANGES.txt 2006-07-05 16:13:42 UTC (rev 68979) @@ -18,6 +18,9 @@ Bugs fixed + - reStructuredText/ZReST: setting raw_enabled to 0 for security + reasons + - OFS Application: Removed deprecation warnings added in Zope 2.8.5. The warning period starts in Zope 2.9.0. Modified: Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py =================================================================== --- Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py 2006-07-05 16:12:23 UTC (rev 68978) +++ Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py 2006-07-05 16:13:42 UTC (rev 68979) @@ -210,6 +210,9 @@ # disallow use of the .. include directive for security reasons pub.settings.file_insertion_enabled = 0 + # disallow insertion of raw data for security reasons + pub.settings.raw_enabled = 0 + # don't break if we get errors pub.settings.halt_level = 6 Modified: Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py =================================================================== --- Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py 2006-07-05 16:12:23 UTC (rev 68978) +++ Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py 2006-07-05 16:13:42 UTC (rev 68979) @@ -75,6 +75,7 @@ settings['language_code'] = language_code settings['language_code'] = language_code settings['file_insertion_enabled '] = 0 + settings['raw_enabled'] = 0 # starting level for <H> elements: settings['initial_header_level'] = initial_header_level + 1 # set the reporting level to something sane: _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins