[Zope-Checkins] SVN: Products.Five/branches/1.5/ Back port from trunk on svn.zope.org:

[Brian Sutherland]

Log message for revision 73646:
  Back port from trunk on svn.zope.org:
  
      ------------------------------------------------------------------------
      r73639 | jinty | 2007-03-26 19:37:07 +0200 (Mon, 26 Mar 2007) | 5 lines
  
      Prevent ZPublisher from insering incorrect <base/> tags into the
      headers of plain html files served from Zope3 resource directories.
  

Changed:
  U   Products.Five/branches/1.5/CHANGES.txt
  U   Products.Five/branches/1.5/browser/resource.py
  U   Products.Five/branches/1.5/browser/tests/resource_ftest.txt
  A   Products.Five/branches/1.5/browser/tests/resource_subdir/resource.html

-=-
Modified: Products.Five/branches/1.5/CHANGES.txt
===================================================================
--- Products.Five/branches/1.5/CHANGES.txt	2007-03-26 18:38:21 UTC (rev 73645)
+++ Products.Five/branches/1.5/CHANGES.txt	2007-03-26 18:39:09 UTC (rev 73646)
@@ -25,6 +25,9 @@
 * site/metaconfigure: Local site hook now only applied once per class, so
   multiple <five:localsite> tags for the same class won't cause config
   errors.
+      
+* Prevent ZPublisher from insering incorrect <base/> tags into the
+  headers of plain html files served from Zope3 resource directories.
 
 Five 1.5.1 (2006-11-04)
 =======================

Modified: Products.Five/branches/1.5/browser/resource.py
===================================================================
--- Products.Five/branches/1.5/browser/resource.py	2007-03-26 18:38:21 UTC (rev 73645)
+++ Products.Five/branches/1.5/browser/resource.py	2007-03-26 18:39:09 UTC (rev 73646)
@@ -61,6 +61,9 @@
 
     def render(self):
         """Rendered content"""
+        # ZPublisher might have called setBody with an incorrect URL
+        # we definitely don't want that if we are plain html
+        self.request.RESPONSE.setBase(None)
         pt = self.context
         return pt(self.request)
 

Modified: Products.Five/branches/1.5/browser/tests/resource_ftest.txt
===================================================================
--- Products.Five/branches/1.5/browser/tests/resource_ftest.txt	2007-03-26 18:38:21 UTC (rev 73645)
+++ Products.Five/branches/1.5/browser/tests/resource_ftest.txt	2007-03-26 18:39:09 UTC (rev 73646)
@@ -78,6 +78,33 @@
   <BLANKLINE>
 
 
+We also can traverse into sub-directories:
+
+  >>> print http(r'''
+  ... GET /test_folder_1_/testoid/++resource++fivetest_resources/resource_subdir/resource.txt HTTP/1.1
+  ... Authorization: Basic manager:r00t
+  ... ''')
+  HTTP/1.1 200 OK
+  ...
+  This is a resource in a subdirectory of a normal resource to test traversal.
+  <BLANKLINE>
+
+  >>> print http(r'''
+  ... GET /test_folder_1_/testoid/++resource++fivetest_resources/resource_subdir/resource.html HTTP/1.1
+  ... Authorization: Basic manager:r00t
+  ... ''')
+  HTTP/1.1 200 OK
+  ...
+  <html>
+      <head>
+      </head>
+      <body>
+          This .html should not have a base tag automatically
+          added to the header.
+      </body>
+  </html>
+  <BLANKLINE>
+
 Clean up
 --------
 

Copied: Products.Five/branches/1.5/browser/tests/resource_subdir/resource.html (from rev 73639, Zope/trunk/lib/python/Products/Five/browser/tests/resource_subdir/resource.html)