28 Oct
2011
28 Oct
'11
8:39 a.m.
On 28/10/2011 08:46, yuppie wrote:
Is that the fault of the publisher? AFAICT the biggest security problem of Zope2 is this line in OFS.SimpleItem.Item:
# Allow (reluctantly) access to unprotected attributes __allow_access_to_unprotected_subobjects__=1
I'm not familiar with the details of the first hotfix, but the second one wouldn't have been necessary without that line.
Yep, that's what should have been done in the first place. cheers, Chris -- Simplistix - Content Management, Batch Processing & Python Consulting - http://www.simplistix.co.uk