[Zope-Checkins] SVN: Zope/branches/Zope-2_8-branch/ Fix yet another resTructuredText glitch, and add tests (test backported from

Tres Seaver tseaver at palladion.com
Wed Aug 2 22:11:21 EDT 2006 

Log message for revision 69341:
  Fix yet another resTructuredText glitch, and add tests (test backported from
  2.9, which was not in fact vulnerable).
  
  

Changed:
  U   Zope/branches/Zope-2_8-branch/doc/CHANGES.txt
  U   Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/tests/test_ZReST.py
  U   Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py
  U   Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/tests/testReST.py

-=-
Modified: Zope/branches/Zope-2_8-branch/doc/CHANGES.txt
===================================================================
--- Zope/branches/Zope-2_8-branch/doc/CHANGES.txt	2006-08-02 14:16:04 UTC (rev 69340)
+++ Zope/branches/Zope-2_8-branch/doc/CHANGES.txt	2006-08-03 02:11:19 UTC (rev 69341)
@@ -8,6 +8,9 @@
 
     Bugs fixed
 
+      - Fix yet another resTructuredText glitch, and add tests (test
+        backported from 2.9, which was not in fact vulnerable).
+
       - Collector #2157: Expose name of broken class in SystemError raised
         from '__getstate__' of a broken instance.
 

Modified: Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/tests/test_ZReST.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/tests/test_ZReST.py	2006-08-02 14:16:04 UTC (rev 69340)
+++ Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/tests/test_ZReST.py	2006-08-03 02:11:19 UTC (rev 69341)
@@ -3,7 +3,13 @@
 $Id$
 """
 import unittest
+import tempfile
 
+
+csv_text = """bin:x:1:1:bin:/bin:/bin/bash
+daemon:x:2:2:Daemon:/sbin:/bin/bash
+"""
+
 class TestZReST(unittest.TestCase):
 
     def _getTargetClass(self):
@@ -13,6 +19,11 @@
     def _makeOne(self, id='test', *args, **kw):
         return self._getTargetClass()(id=id, *args, **kw)
 
+    def _csvfile(self):
+        fn = tempfile.mktemp()
+        open(fn, 'w').write(csv_text)
+        return fn
+
     def test_empty(self):
         empty = self._makeOne()
 
@@ -59,6 +70,24 @@
         resty.source = '.. raw:: html\n  :url: http://www.zope.org/'
         self.assertRaises(NotImplementedError, resty.render)
 
+    def test_csv_table_file_option_raise(self):
+
+        resty = self._makeOne()
+        csv_file = self._csvfile()
+        resty.source = '.. csv-table:: \n  :file: %s' % csv_file
+        result = resty.render()
+        self.failUnless('daemon' not in result, 
+                        'csv-table/file directive is not disabled!')
+
+    def test_csv_table_url_option_raise(self):
+        resty = self._makeOne()
+        csv_file = self._csvfile()
+        resty.source = '.. csv-table:: \n  :url: file://%s' % csv_file
+        result = resty.render()
+        self.failUnless('daemon' not in result, 
+                        'csv-table/url directive is not disabled!')
+
+
 def test_suite():
     suite = unittest.TestSuite()
     suite.addTest(unittest.makeSuite(TestZReST))

Modified: Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py	2006-08-02 14:16:04 UTC (rev 69340)
+++ Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py	2006-08-03 02:11:19 UTC (rev 69341)
@@ -74,7 +74,7 @@
     if language_code:
         settings['language_code'] = language_code
     settings['language_code'] = language_code
-    settings['file_insertion_enabled '] = 0
+    settings['file_insertion_enabled'] = 0
     settings['raw_enabled'] = 0
     # starting level for <H> elements:
     settings['initial_header_level'] = initial_header_level + 1

Modified: Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/tests/testReST.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/tests/testReST.py	2006-08-02 14:16:04 UTC (rev 69340)
+++ Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/tests/testReST.py	2006-08-03 02:11:19 UTC (rev 69341)
@@ -48,6 +48,18 @@
         source = '.. raw:: html\n  :url: http://www.zope.org'
         self.assertRaises(NotImplementedError, HTML, source)
 
+    def test_csv_table_file_option_raise(self):
+
+        source = '.. csv-table:: \n  :file: inclusion.txt'
+        result = HTML(source)
+        self.failUnless('directive disabled' in result)
+
+    def test_csv_table_url_option_raise(self):
+
+        source = '.. csv-table:: \n  :url: http://www.evil.org'
+        result = HTML(source)
+        self.failUnless('directive disabled' in result)
+
 def test_suite():
     from unittest import TestSuite, makeSuite
     return TestSuite((makeSuite(TestReST),))

More information about the Zope-Checkins mailing list