On Jul 12, 2007, at 2:50 AM, Tres Seaver wrote:
so, unless i'm completely wrong here, i'd say this is a pretty serious security whole, no?
No. It has been an accident that, until just recently, the filesystem-based templates in a Five view were running as "untrusted" code.
yep, martin's already told me the same on irc, along with the history of your fix. but thanks for the quick answer...
So, for instance, it is possible for the author of the view class to write methods which exposed "private" attributes to the view's template, for instance (and has beenn since before Five was added to Zope).
i know that, of course, but was assuming that rendering five views as untrusted code was intentional, especially since templates registered for "*" could potentially be pretty harmful. plus i wasn't expecting an imho significant change like that to happen in a bugfix release. but anyway, thanks for clarifying! :) andi -- zeidler it consulting - http://zitc.de/ - info@zitc.de friedelstraße 31 - 12047 berlin - telefon +49 30 25563779 pgp key at http://zitc.de/pgp - http://wwwkeys.de.pgp.net/ sprint with us! - http://plone.org/events/sprints/potsdam-sprint-2007