Cliff Ford wrote at 2006-5-14 23:39 +0100:
...
My problem is that I figured out how a user who has permission to create
python scripts (might work with dtml and page templates too) could
access otherwise forbidden content by making calls that pretend to come
from another user. Has any one else
Cliff Ford wrote:
This is just to report that this issue is resolved (for me). Tres
Seaver kindly provided a patch for HTTPRequest.py that makes the
environ dictionary immutable (appended below for those in a similar
position). This may have adverse consequences for applications that
rely on
On 5/18/06, Jim Washington [EMAIL PROTECTED] wrote:
Completely immutable environ is not a good choice from WSGI
point-of-view. environ can be useful for middleware information-passing.
WSGI middleware would by definition get the environ and be able to
modify it before the request gets it, so
Lennart Regebro wrote:
On 5/18/06, Jim Washington [EMAIL PROTECTED] wrote:
Completely immutable environ is not a good choice from WSGI
point-of-view. environ can be useful for middleware
information-passing.
WSGI middleware would by definition get the environ and be able to
modify it before
This is just to report that this issue is resolved (for me). Tres Seaver
kindly provided a patch for HTTPRequest.py that makes the environ
dictionary immutable (appended below for those in a similar position).
This may have adverse consequences for applications that rely on
existing behaviour