[Zope-Checkins] SVN: Zope/branches/Zope-2_8-branch/lib/python/App/ApplicationManager.py Issue #2294: 'requestmethod' protection for DOS-able ControlPanel methods.

Tres Seaver tseaver at palladion.com
Wed Mar 21 10:19:37 EDT 2007 

Log message for revision 73419:
  Issue #2294:  'requestmethod' protection for DOS-able ControlPanel methods.

Changed:
  U   Zope/branches/Zope-2_8-branch/lib/python/App/ApplicationManager.py

-=-
Modified: Zope/branches/Zope-2_8-branch/lib/python/App/ApplicationManager.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/App/ApplicationManager.py	2007-03-21 11:48:43 UTC (rev 73418)
+++ Zope/branches/Zope-2_8-branch/lib/python/App/ApplicationManager.py	2007-03-21 14:19:37 UTC (rev 73419)
@@ -33,6 +33,7 @@
 from cgi import escape
 import zLOG
 import Lifetime
+from AccessControl.requestmethod import postonly
 
 try: import thread
 except: get_ident=lambda: 0
@@ -400,8 +401,9 @@
             </head>
             <body>Zope is restarting</body></html>
             """ % escape(URL1, 1)
+        manage_restart = postonly(manage_restart)
 
-    def manage_shutdown(self):
+    def manage_shutdown(self, REQUEST=None):
         """Shut down the application"""
         try:
             user = '"%s"' % getSecurityManager().getUser().getUserName()
@@ -416,6 +418,7 @@
         </head>
         <body>Zope is shutting down</body></html>
         """
+    manage_shutdown = postonly(manage_shutdown)
 
     def manage_pack(self, days=0, REQUEST=None):
         """Pack the database"""
@@ -428,6 +431,7 @@
             REQUEST['RESPONSE'].redirect(
                 REQUEST['URL1']+'/manage_workspace')
         return t
+    manage_pack = postonly(manage_pack)
 
     def revert_points(self): return ()
 
@@ -478,6 +482,7 @@
             db.commitVersion(v)
         if REQUEST is not None:
             REQUEST['RESPONSE'].redirect(REQUEST['URL1']+'/manage_main')
+    manage_saveVersions = postonly(manage_saveVersions)
 
     def manage_discardVersions(self, versions, REQUEST=None):
         "Discard some versions"
@@ -486,6 +491,7 @@
             db.abortVersion(v)
         if REQUEST is not None:
             REQUEST['RESPONSE'].redirect(REQUEST['URL1']+'/manage_main')
+    manage_discardVersions = postonly(manage_discardVersions)
 
     def getSOFTWARE_HOME(self):
         return getConfiguration().softwarehome

More information about the Zope-Checkins mailing list