Log message for revision 69341: Fix yet another resTructuredText glitch, and add tests (test backported from 2.9, which was not in fact vulnerable).
Changed: U Zope/branches/Zope-2_8-branch/doc/CHANGES.txt U Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/tests/test_ZReST.py U Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py U Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/tests/testReST.py -=- Modified: Zope/branches/Zope-2_8-branch/doc/CHANGES.txt =================================================================== --- Zope/branches/Zope-2_8-branch/doc/CHANGES.txt 2006-08-02 14:16:04 UTC (rev 69340) +++ Zope/branches/Zope-2_8-branch/doc/CHANGES.txt 2006-08-03 02:11:19 UTC (rev 69341) @@ -8,6 +8,9 @@ Bugs fixed + - Fix yet another resTructuredText glitch, and add tests (test + backported from 2.9, which was not in fact vulnerable). + - Collector #2157: Expose name of broken class in SystemError raised from '__getstate__' of a broken instance. Modified: Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/tests/test_ZReST.py =================================================================== --- Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/tests/test_ZReST.py 2006-08-02 14:16:04 UTC (rev 69340) +++ Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/tests/test_ZReST.py 2006-08-03 02:11:19 UTC (rev 69341) @@ -3,7 +3,13 @@ $Id$ """ import unittest +import tempfile + +csv_text = """bin:x:1:1:bin:/bin:/bin/bash +daemon:x:2:2:Daemon:/sbin:/bin/bash +""" + class TestZReST(unittest.TestCase): def _getTargetClass(self): @@ -13,6 +19,11 @@ def _makeOne(self, id='test', *args, **kw): return self._getTargetClass()(id=id, *args, **kw) + def _csvfile(self): + fn = tempfile.mktemp() + open(fn, 'w').write(csv_text) + return fn + def test_empty(self): empty = self._makeOne() @@ -59,6 +70,24 @@ resty.source = '.. raw:: html\n :url: http://www.zope.org/' self.assertRaises(NotImplementedError, resty.render) + def test_csv_table_file_option_raise(self): + + resty = self._makeOne() + csv_file = self._csvfile() + resty.source = '.. csv-table:: \n :file: %s' % csv_file + result = resty.render() + self.failUnless('daemon' not in result, + 'csv-table/file directive is not disabled!') + + def test_csv_table_url_option_raise(self): + resty = self._makeOne() + csv_file = self._csvfile() + resty.source = '.. csv-table:: \n :url: file://%s' % csv_file + result = resty.render() + self.failUnless('daemon' not in result, + 'csv-table/url directive is not disabled!') + + def test_suite(): suite = unittest.TestSuite() suite.addTest(unittest.makeSuite(TestZReST)) Modified: Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py =================================================================== --- Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py 2006-08-02 14:16:04 UTC (rev 69340) +++ Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py 2006-08-03 02:11:19 UTC (rev 69341) @@ -74,7 +74,7 @@ if language_code: settings['language_code'] = language_code settings['language_code'] = language_code - settings['file_insertion_enabled '] = 0 + settings['file_insertion_enabled'] = 0 settings['raw_enabled'] = 0 # starting level for <H> elements: settings['initial_header_level'] = initial_header_level + 1 Modified: Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/tests/testReST.py =================================================================== --- Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/tests/testReST.py 2006-08-02 14:16:04 UTC (rev 69340) +++ Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/tests/testReST.py 2006-08-03 02:11:19 UTC (rev 69341) @@ -48,6 +48,18 @@ source = '.. raw:: html\n :url: http://www.zope.org' self.assertRaises(NotImplementedError, HTML, source) + def test_csv_table_file_option_raise(self): + + source = '.. csv-table:: \n :file: inclusion.txt' + result = HTML(source) + self.failUnless('directive disabled' in result) + + def test_csv_table_url_option_raise(self): + + source = '.. csv-table:: \n :url: http://www.evil.org' + result = HTML(source) + self.failUnless('directive disabled' in result) + def test_suite(): from unittest import TestSuite, makeSuite return TestSuite((makeSuite(TestReST),)) _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins