Log message for revision 73639: Prevent ZPublisher from insering incorrect <base/> tags into the headers of plain html files served from Zope3 resource directories. Also cleanup whitespace in CHANGES.txt.
Changed: U Zope/trunk/doc/CHANGES.txt U Zope/trunk/lib/python/Products/Five/browser/resource.py U Zope/trunk/lib/python/Products/Five/browser/tests/resource_ftest.txt A Zope/trunk/lib/python/Products/Five/browser/tests/resource_subdir/resource.html -=- Modified: Zope/trunk/doc/CHANGES.txt =================================================================== --- Zope/trunk/doc/CHANGES.txt 2007-03-26 16:27:10 UTC (rev 73638) +++ Zope/trunk/doc/CHANGES.txt 2007-03-26 17:37:07 UTC (rev 73639) @@ -70,7 +70,7 @@ ISO-8859-15. For other encodings you might set the environment variable ZPT_REFERRED_ENCODING to insert your preferred encoding in front of utf-8 and ISO-8859-15 within the encoding sniffer code. - + In addition there is a new 'output_encodings' property that controls the conversion from/to unicode for WebDAV/FTP operations. @@ -80,12 +80,12 @@ Products/PageTemplates/(configure.zcml, unicodeconflictresolver.py, interfaces.py) - - AccessControl.Role: added new method + - AccessControl.Role: added new method manage_getUserRolesAndPermissions(). - - - AccessControl: the form behind the "Security" tab has a new form - for user-related reporting of permissions and roles + - AccessControl: the form behind the "Security" tab has a new form + for user-related reporting of permissions and roles + Bugs Fixed - Collector #2298: webdav.Resource.COPY and webdav.Resource.MOVE did @@ -97,7 +97,7 @@ - Collector #2294: Protected DOS-able ControlPanel methods with the same 'requestmethod' wrapper. - + - Collector #2294: Protected various security mutators with a new 'postonly' decorator. The decorator limits method publishing to POST requests only, and is a backport from Zope 2.11's requestmethod @@ -109,9 +109,9 @@ is looked up. - PageTemplate/ZRPythonExpr.py: expressions represented as unicode string - caused UnicodeDecodeErrors. + caused UnicodeDecodeErrors. - - PluginIndexes: Fixed 'parseIndexRequest' for false values. + - PluginIndexes: Fixed 'parseIndexRequest' for false values. - Collector #2269: fixed broken ZPT FTP support @@ -190,6 +190,9 @@ - Collector #2187: PUT_factory broken (fwd port from 2.10 branch). + - Prevent ZPublisher from insering incorrect <base/> tags into the + headers of plain html files served from Zope3 resource directories. + Other Changes - Disabled docutils file inclusion completely, rather than trying Modified: Zope/trunk/lib/python/Products/Five/browser/resource.py =================================================================== --- Zope/trunk/lib/python/Products/Five/browser/resource.py 2007-03-26 16:27:10 UTC (rev 73638) +++ Zope/trunk/lib/python/Products/Five/browser/resource.py 2007-03-26 17:37:07 UTC (rev 73639) @@ -61,6 +61,9 @@ def render(self): """Rendered content""" + # ZPublisher might have called setBody with an incorrect URL + # we definitely don't want that if we are plain html + self.request.RESPONSE.setBase(None) pt = self.context return pt(self.request) Modified: Zope/trunk/lib/python/Products/Five/browser/tests/resource_ftest.txt =================================================================== --- Zope/trunk/lib/python/Products/Five/browser/tests/resource_ftest.txt 2007-03-26 16:27:10 UTC (rev 73638) +++ Zope/trunk/lib/python/Products/Five/browser/tests/resource_ftest.txt 2007-03-26 17:37:07 UTC (rev 73639) @@ -78,6 +78,33 @@ <BLANKLINE> +We also can traverse into sub-directories: + + >>> print http(r''' + ... GET /test_folder_1_/testoid/++resource++fivetest_resources/resource_subdir/resource.txt HTTP/1.1 + ... Authorization: Basic manager:r00t + ... ''') + HTTP/1.1 200 OK + ... + This is a resource in a subdirectory of a normal resource to test traversal. + <BLANKLINE> + + >>> print http(r''' + ... GET /test_folder_1_/testoid/++resource++fivetest_resources/resource_subdir/resource.html HTTP/1.1 + ... Authorization: Basic manager:r00t + ... ''') + HTTP/1.1 200 OK + ... + <html> + <head> + </head> + <body> + This .html should not have a base tag automatically + added to the header. + </body> + </html> + <BLANKLINE> + Clean up -------- Added: Zope/trunk/lib/python/Products/Five/browser/tests/resource_subdir/resource.html =================================================================== --- Zope/trunk/lib/python/Products/Five/browser/tests/resource_subdir/resource.html 2007-03-26 16:27:10 UTC (rev 73638) +++ Zope/trunk/lib/python/Products/Five/browser/tests/resource_subdir/resource.html 2007-03-26 17:37:07 UTC (rev 73639) @@ -0,0 +1,8 @@ +<html> + <head> + </head> + <body> + This .html should not have a base tag automatically + added to the header. + </body> +</html> _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins