Log message for revision 39116: - Forward port fix from 2.8 branch - OFS.Image.manage_FTPget() would str() it's .data attribute, potentially loading the whole file in memory as a string. Changed to use RESPONSE.write() iterating through the Pdata chain, just like index_html().
Changed: U Zope/trunk/doc/CHANGES.txt U Zope/trunk/lib/python/OFS/Image.py -=- Modified: Zope/trunk/doc/CHANGES.txt =================================================================== --- Zope/trunk/doc/CHANGES.txt 2005-10-13 13:03:40 UTC (rev 39115) +++ Zope/trunk/doc/CHANGES.txt 2005-10-13 14:13:02 UTC (rev 39116) @@ -48,6 +48,11 @@ Bugs Fixed + - OFS.Image.manage_FTPget() would str() it's .data attribute, + potentially loading the whole file in memory as a + string. Changed to use RESPONSE.write() iterating through the + Pdata chain, just like index_html(). + - Collector #1863: Prevent possibly sensitive information to leak via the TransientObject's __repr__ method. Modified: Zope/trunk/lib/python/OFS/Image.py =================================================================== --- Zope/trunk/lib/python/OFS/Image.py 2005-10-13 13:03:40 UTC (rev 39115) +++ Zope/trunk/lib/python/OFS/Image.py 2005-10-13 14:13:02 UTC (rev 39116) @@ -594,6 +594,8 @@ def manage_FTPget(self): """Return body for ftp.""" + RESPONSE = self.REQUEST.RESPONSE + if self.ZCacheable_isCachingEnabled(): result = self.ZCacheable_get(default=None) if result is not None: @@ -602,11 +604,20 @@ # from FileCacheManager. # the content-length is required here by HTTPResponse, even # though FTP doesn't use it. - self.REQUEST.RESPONSE.setHeader('Content-Length', self.size) + RESPONSE.setHeader('Content-Length', self.size) return result - return str(self.data) + data = self.data + if type(data) is type(''): + RESPONSE.setBase(None) + return data + while data is not None: + RESPONSE.write(data.data) + data = data.next + + return '' + manage_addImageForm=DTMLFile('dtml/imageAdd',globals(), Kind='Image',kind='image') def manage_addImage(self, id, file, title='', precondition='', content_type='', _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins