[Zope-Checkins] CVS: Zope/lib/python/Products/ZReST -
ZReST.py:1.6.12.11
Tres Seaver
tseaver at palladion.com
Mon Jul 10 17:29:00 EDT 2006
Update of /cvs-repository/Zope/lib/python/Products/ZReST
In directory cvs.zope.org:/tmp/cvs-serv7924/lib/python/Products/ZReST
Modified Files:
Tag: Zope-2_7-branch
ZReST.py
Log Message:
- Backport tests and fixes for ReST file inclusion vulnerability.
=== Zope/lib/python/Products/ZReST/ZReST.py 1.6.12.10 => 1.6.12.11 ===
--- Zope/lib/python/Products/ZReST/ZReST.py:1.6.12.10 Sun Nov 21 12:47:51 2004
+++ Zope/lib/python/Products/ZReST/ZReST.py Mon Jul 10 17:28:29 2006
@@ -198,6 +198,10 @@
# remember warnings
pub.settings.warning_stream = Warnings()
+ # disable unsafe directives
+ pub.settings.raw_enabled = 0
+ pub.settings.file_insertion_enabled = 0
+
pub.source = docutils.io.StringInput(
source=self.source, encoding=self.input_encoding)
More information about the Zope-Checkins
mailing list