[Zope-Checkins] SVN: Zope/branches/2.9/ - reStructuredText/ZReST: setting raw_enabled to 0 for security

Andreas Jung andreas at andreas-jung.com
Wed Jul 5 12:12:23 EDT 2006 

Log message for revision 68978:
  
        - reStructuredText/ZReST: setting raw_enabled to 0 for security
          reasons
  

Changed:
  U   Zope/branches/2.9/doc/CHANGES.txt
  U   Zope/branches/2.9/lib/python/Products/ZReST/ZReST.py
  U   Zope/branches/2.9/lib/python/reStructuredText/__init__.py

-=-
Modified: Zope/branches/2.9/doc/CHANGES.txt
===================================================================
--- Zope/branches/2.9/doc/CHANGES.txt	2006-07-05 16:10:16 UTC (rev 68977)
+++ Zope/branches/2.9/doc/CHANGES.txt	2006-07-05 16:12:23 UTC (rev 68978)
@@ -18,6 +18,9 @@
 
    Bugs fixed
 
+      - reStructuredText/ZReST: setting raw_enabled to 0 for security
+        reasons
+
       - Collector #2113:  'zopectl test' often masked Ctrl-C.
 
       - OFS Application: Updated deprecation warnings.

Modified: Zope/branches/2.9/lib/python/Products/ZReST/ZReST.py
===================================================================
--- Zope/branches/2.9/lib/python/Products/ZReST/ZReST.py	2006-07-05 16:10:16 UTC (rev 68977)
+++ Zope/branches/2.9/lib/python/Products/ZReST/ZReST.py	2006-07-05 16:12:23 UTC (rev 68978)
@@ -210,6 +210,9 @@
             # disallow use of the .. include directive for security reasons
             pub.settings.file_insertion_enabled = 0
 
+            # disallow insertion of raw data through for security reasons
+            pub.settings.raw_enabled = 0
+
             # don't break if we get errors
             pub.settings.halt_level = 6
 

Modified: Zope/branches/2.9/lib/python/reStructuredText/__init__.py
===================================================================
--- Zope/branches/2.9/lib/python/reStructuredText/__init__.py	2006-07-05 16:10:16 UTC (rev 68977)
+++ Zope/branches/2.9/lib/python/reStructuredText/__init__.py	2006-07-05 16:12:23 UTC (rev 68978)
@@ -72,6 +72,7 @@
     settings['output_encoding'] = output_encoding
     settings['stylesheet'] = stylesheet
     settings['file_insertion_enabled'] = 0
+    settings['raw_enabled'] = 0
     if language_code:
         settings['language_code'] = language_code
     settings['language_code'] = language_code

More information about the Zope-Checkins mailing list