[Zope-Checkins] CVS: Packages/Zope/Startup - handlers.py:1.6.2.14
zopeschema.xml:1.7.2.16
Andreas Jung
andreas at andreas-jung.com
Fri Nov 26 07:07:54 EST 2004
Update of /cvs-repository/Packages/Zope/Startup
In directory cvs.zope.org:/tmp/cvs-serv16157/lib/python/Zope/Startup
Modified Files:
Tag: Zope-2_7-branch
handlers.py zopeschema.xml
Log Message:
- Collector #1371: added new 'cgi-maxlen' directive to zope.conf
to limit the amount of form data being processed by Zope
to prevent DoS attacks
=== Packages/Zope/Startup/handlers.py 1.6.2.13 => 1.6.2.14 ===
--- Packages/Zope/Startup/handlers.py:1.6.2.13 Wed Nov 24 03:49:27 2004
+++ Packages/Zope/Startup/handlers.py Fri Nov 26 07:07:24 2004
@@ -113,6 +113,12 @@
import ZServer
ZServer.CONNECTION_LIMIT = value
+
+def cgi_maxlen(value):
+ import cgi
+ cgi.maxlen = value
+
+
# server handlers
def root_handler(config):
=== Packages/Zope/Startup/zopeschema.xml 1.7.2.15 => 1.7.2.16 ===
--- Packages/Zope/Startup/zopeschema.xml:1.7.2.15 Mon Jul 26 13:38:08 2004
+++ Packages/Zope/Startup/zopeschema.xml Fri Nov 26 07:07:24 2004
@@ -530,6 +530,14 @@
<metadefault>Zope</metadefault>
</key>
+ <key name="cgi-maxlen" default="0" handler="cgi_maxlen" datatype="integer">
+ <description>
+ Set the cgi.maxlen parameter to limit the number of data passwed to
+ cgi.escape(). This is helpful to prevent DoS attacks. Set the parameter
+ to 0 for no restrictions.
+ </description>
+ </key>
+
<key name="automatically-quote-dtml-request-data" datatype="boolean"
default="on" handler="automatically_quote_dtml_request_data">
<description>
More information about the Zope-Checkins
mailing list