[Zope-Checkins] SVN: Zope/trunk/ - Forward port fix from 2.8 branch

Sidnei da Silva sidnei at enfoldsystems.com
Thu Oct 13 10:13:02 EDT 2005 

Log message for revision 39116:
  
  - Forward port fix from 2.8 branch
  
        - OFS.Image.manage_FTPget() would str() it's .data attribute,
          potentially loading the whole file in memory as a
          string. Changed to use RESPONSE.write() iterating through the
          Pdata chain, just like index_html().
  

Changed:
  U   Zope/trunk/doc/CHANGES.txt
  U   Zope/trunk/lib/python/OFS/Image.py

-=-
Modified: Zope/trunk/doc/CHANGES.txt
===================================================================
--- Zope/trunk/doc/CHANGES.txt	2005-10-13 13:03:40 UTC (rev 39115)
+++ Zope/trunk/doc/CHANGES.txt	2005-10-13 14:13:02 UTC (rev 39116)
@@ -48,6 +48,11 @@
 
     Bugs Fixed
 
+      - OFS.Image.manage_FTPget() would str() it's .data attribute,
+        potentially loading the whole file in memory as a
+        string. Changed to use RESPONSE.write() iterating through the
+        Pdata chain, just like index_html().
+
       - Collector #1863: Prevent possibly sensitive information to leak via
         the TransientObject's __repr__ method.
 

Modified: Zope/trunk/lib/python/OFS/Image.py
===================================================================
--- Zope/trunk/lib/python/OFS/Image.py	2005-10-13 13:03:40 UTC (rev 39115)
+++ Zope/trunk/lib/python/OFS/Image.py	2005-10-13 14:13:02 UTC (rev 39116)
@@ -594,6 +594,8 @@
 
     def manage_FTPget(self):
         """Return body for ftp."""
+        RESPONSE = self.REQUEST.RESPONSE
+
         if self.ZCacheable_isCachingEnabled():
             result = self.ZCacheable_get(default=None)
             if result is not None:
@@ -602,11 +604,20 @@
                 # from FileCacheManager.
                 # the content-length is required here by HTTPResponse, even
                 # though FTP doesn't use it.
-                self.REQUEST.RESPONSE.setHeader('Content-Length', self.size)
+                RESPONSE.setHeader('Content-Length', self.size)
                 return result
-        return str(self.data)
 
+        data = self.data
+        if type(data) is type(''):
+            RESPONSE.setBase(None)
+            return data
 
+        while data is not None:
+            RESPONSE.write(data.data)
+            data = data.next
+
+        return ''
+
 manage_addImageForm=DTMLFile('dtml/imageAdd',globals(),
                              Kind='Image',kind='image')
 def manage_addImage(self, id, file, title='', precondition='', content_type='',

More information about the Zope-Checkins mailing list