[Zope-dev] Versions without version objects...
Chris Withers
chrisw@nipltd.com
Fri, 21 Apr 2000 15:30:15 +0100
> Could one of you guys details this on the SecurityWiki?
>
> http://www.zope.org/Members/jim/ZopeSecurity/FrontPage
I'll do it in a minute. Not sure why it's a security issue though. It's just a plain bug. If a
version object doesn't exist, then a cookie (whether generated through the FTP server or through an
HTTP post (for example, from a cached management interface page) should be ignored, or more likely,
generate an error with the option "would you like to stop working in this non-existent version?"
This issue is in the following bugs:
http://classic.zope.org:8080/Collector/1194/view
http://classic.zope.org:8080/Collector/1195/view
cheers,
Chris