Re: [Zope-dev] Zope 2.1.4 released...
heck, use CVS: cvs diff -rZope-2_1_3-src -rZope-2_1_4-src I've appended the patch to this mail, but aside from the documentation update (the CHANGES file) the patch can be summarised as: --- BaseRequest.py 1999/08/17 18:48:31 1.16 +++ BaseRequest.py 2000/02/09 20:35:42 1.16.4.1 @@ -226,6 +226,10 @@ request_get=request.get if response is None: response=self.response debug_mode=response.debug_mode + + # Make sure that REQUEST cannot be traversed. + if find(path, 'REQUEST') >= 0: + return response.notFoundError(path) if path[:1] != '/': path='/'+path if path[-1:] != '/': path=path+'/'
Gregor Hoffleit wrote
--9amGYk9869ThD9tj Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable
Hmm,
On Wed, Feb 09, 2000 at 04:54:48PM -0500, Brian Lloyd wrote:
Also (I know many of you are already thinking it :), we are=20 working on a way to distribute "patch" releases for things=20 like this to make updates easier. Until then, for those who=20 _really_ just want to patch your installation you can=20 replace the file lib/python/ZPublisher/BaseRequest.py in=20 your installation with the one from the 2.1.4 distribution=20 and restart your Zope instance.
while it won't grok all cases (removed files etc.), why don't you start with providing simple diffs. At least most Unix folks would be glad about them:
tar xvpzf Zope-2.1.3-src.tar.gz tar xvpzf Zope-2.1.4-src.tar.gz diff -urN Zope-2.1.3-src Zope-2.1.4-src >Zope-2.1.4.diff
wc -l Zope-2.1.4.diff 82 Zope-2.1.4.diff
I.e. the patch is only 82 lines long or 3kb. Furthermore you can easily spot the changes.
I guess this won't help the win32 people, but it's better than having nothing IMHO.
Gregor
--9amGYk9869ThD9tj Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQE4o+vD3eVfDf25G40RATk8AKCNyzZsVrXaA4HBZSqj1XoczgTB+QCbBAei EEl0C2SXNVNf/aibQUzKSzk= =bSQU -----END PGP SIGNATURE-----
--9amGYk9869ThD9tj--
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
-- Anthony Baxter <anthony@interlink.com.au> It's never too late to have a happy childhood.
participants (1)
-
Anthony Baxter