Jamie Heilman wrote:
Now that we've reached closure on some of the outstanding security issues in Zope there's a lot of stuff in the Collector that needs to be revisited...
Brian Lloyd wrote: ...
- Proxy rights on DTMLMethods transferred via acquisition
I believe this means issue #743 and issue #977 can be resolved now. Actually, #977 already was rejected IIRC but its never been marked as public which is rather irritating.
I've verified that this is the case, #977 should be made public, and #743 can resolved.
- Improper security assertions on DTMLDocument objects
probably fixes issue #865, but because Zope-HEAD doesn't actually run right now, due to a myriad of other bugs, I actually haven't tested it
I've tested this now, #865 can be resolved. -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity..." -Rimmer