Log message for revision 39017:
  disabled the reST .. include directive 
  

Changed:
  U   Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py
  U   Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py

-=-
Modified: Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py    
2005-10-09 14:37:54 UTC (rev 39016)
+++ Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py    
2005-10-09 14:39:29 UTC (rev 39017)
@@ -192,6 +192,9 @@
         # set the reporting level to something sane
         pub.settings.report_level = int(self.report_level)
 
+        # disallow use of the .. include directive for security reasons
+        pub.settings.file_insertion_enabled = 0
+
         # don't break if we get errors
         pub.settings.halt_level = 6
 

Modified: Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py       
2005-10-09 14:37:54 UTC (rev 39016)
+++ Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py       
2005-10-09 14:39:29 UTC (rev 39017)
@@ -74,6 +74,7 @@
     if language_code:
         settings['language_code'] = language_code
     settings['language_code'] = language_code
+    settings['file_insertion_enabled '] = 0
     # starting level for <H> elements:
     settings['initial_header_level'] = initial_header_level + 1
     # set the reporting level to something sane:

_______________________________________________
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

Reply via email to