Log message for revision 123152: Fix serious authentication vulnerability in stock configuration.
Changed: U Zope/branches/2.13/doc/CHANGES.rst U Zope/branches/2.13/src/OFS/tests/test_userfolder.py U Zope/branches/2.13/src/OFS/userfolder.py -=- Modified: Zope/branches/2.13/doc/CHANGES.rst =================================================================== --- Zope/branches/2.13/doc/CHANGES.rst 2011-10-24 22:29:40 UTC (rev 123151) +++ Zope/branches/2.13/doc/CHANGES.rst 2011-10-24 22:39:13 UTC (rev 123152) @@ -8,6 +8,7 @@ 2.13.11 (unreleased) -------------------- +- Fixed serious authentication vulnerability in stock configuration. 2.13.10 (2011-10-04) -------------------- Modified: Zope/branches/2.13/src/OFS/tests/test_userfolder.py =================================================================== --- Zope/branches/2.13/src/OFS/tests/test_userfolder.py 2011-10-24 22:29:40 UTC (rev 123151) +++ Zope/branches/2.13/src/OFS/tests/test_userfolder.py 2011-10-24 22:39:13 UTC (rev 123152) @@ -17,7 +17,15 @@ # TODO class Test_readUserAccessFile(unittest.TestCase) -# TODO class BasicUserFoldertests(unittest.TestCase) +class BasicUserFolderTests(unittest.TestCase): + + def _getTargetClass(self): + from OFS.userfolder import BasicUserFolder + return BasicUserFolder + + def test_manage_users_security_initialized(self): + uf = self._getTargetClass()() + self.assertTrue(hasattr(uf, 'manage_users__roles__')) class UserFolderTests(unittest.TestCase): @@ -171,6 +179,8 @@ def test_suite(): - suite = unittest.TestSuite() - suite.addTest(unittest.makeSuite(UserFolderTests)) + suite = unittest.TestSuite(( + unittest.makeSuite(BasicUserFolderTests), + unittest.makeSuite(UserFolderTests), + )) return suite Modified: Zope/branches/2.13/src/OFS/userfolder.py =================================================================== --- Zope/branches/2.13/src/OFS/userfolder.py 2011-10-24 22:29:40 UTC (rev 123151) +++ Zope/branches/2.13/src/OFS/userfolder.py 2011-10-24 22:39:13 UTC (rev 123152) @@ -293,7 +293,9 @@ message='Cannot change the id of a UserFolder', action='./manage_main')) +InitializeClass(BasicUserFolder) + class UserFolder(accesscontrol_userfolder.UserFolder, BasicUserFolder): """Standard UserFolder object _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org https://mail.zope.org/mailman/listinfo/zope-checkins