On Jul 12, 2007, at 2:50 AM, Tres Seaver wrote:
so, unless i'm completely wrong here, i'd say this is a pretty
serious security whole, no?

No.  It has been an accident that, until just recently, the
filesystem-based templates in a Five view were running as "untrusted"

yep, martin's already told me the same on irc, along with the history of your fix. but thanks for the quick answer...

So, for
instance, it is possible for the author of the view class to write
methods which exposed "private" attributes to the view's template, for
instance (and has beenn since before Five was added to Zope).

i know that, of course, but was assuming that rendering five views as untrusted code was intentional, especially since templates registered for "*" could potentially be pretty harmful. plus i wasn't expecting an imho significant change like that to happen in a bugfix release.

but anyway, thanks for clarifying! :)


zeidler it consulting - http://zitc.de/ - [EMAIL PROTECTED]
friedelstra├če 31 - 12047 berlin - telefon +49 30 25563779
pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/
sprint with us! - http://plone.org/events/sprints/potsdam-sprint-2007

Attachment: PGP.sig
Description: This is a digitally signed message part

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to