[Zope-dev] Zope 2.1.4 released...
Anthony Baxter
Anthony Baxter <anthony@interlink.com.au>
Sat, 12 Feb 2000 11:13:09 +1100
This is a multipart MIME message.
--==_Exmh_17574627450
Content-Type: text/plain; charset=us-ascii
heck, use CVS:
cvs diff -rZope-2_1_3-src -rZope-2_1_4-src
I've appended the patch to this mail, but aside from the documentation
update (the CHANGES file) the patch can be summarised as:
--- BaseRequest.py 1999/08/17 18:48:31 1.16
+++ BaseRequest.py 2000/02/09 20:35:42 1.16.4.1
@@ -226,6 +226,10 @@
request_get=request.get
if response is None: response=self.response
debug_mode=response.debug_mode
+
+ # Make sure that REQUEST cannot be traversed.
+ if find(path, 'REQUEST') >= 0:
+ return response.notFoundError(path)
if path[:1] != '/': path='/'+path
if path[-1:] != '/': path=path+'/'
>>> Gregor Hoffleit wrote
>
> --9amGYk9869ThD9tj
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: quoted-printable
>
> Hmm,
>
> On Wed, Feb 09, 2000 at 04:54:48PM -0500, Brian Lloyd wrote:
> > Also (I know many of you are already thinking it :), we are=20
> > working on a way to distribute "patch" releases for things=20
> > like this to make updates easier. Until then, for those who=20
> > _really_ just want to patch your installation you can=20
> > replace the file lib/python/ZPublisher/BaseRequest.py in=20
> > your installation with the one from the 2.1.4 distribution=20
> > and restart your Zope instance.
>
> while it won't grok all cases (removed files etc.), why don't you start with
> providing simple diffs. At least most Unix folks would be glad about them:
>
> tar xvpzf Zope-2.1.3-src.tar.gz
> tar xvpzf Zope-2.1.4-src.tar.gz
> diff -urN Zope-2.1.3-src Zope-2.1.4-src >Zope-2.1.4.diff
>
> wc -l Zope-2.1.4.diff
> 82 Zope-2.1.4.diff
>
> I.e. the patch is only 82 lines long or 3kb. Furthermore you can easily spot
> the changes.
>
> I guess this won't help the win32 people, but it's better than having
> nothing IMHO.
>
> Gregor
>
> --9amGYk9869ThD9tj
> Content-Type: application/pgp-signature
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.1 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE4o+vD3eVfDf25G40RATk8AKCNyzZsVrXaA4HBZSqj1XoczgTB+QCbBAei
> EEl0C2SXNVNf/aibQUzKSzk=
> =bSQU
> -----END PGP SIGNATURE-----
>
> --9amGYk9869ThD9tj--
>
> _______________________________________________
> Zope-Dev maillist - Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )
--
Anthony Baxter <anthony@interlink.com.au>
It's never too late to have a happy childhood.
--==_Exmh_17574627450
Content-Type: text/plain; name="214.patch"; charset=us-ascii
Content-Description: 214.patch
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="214.patch"
PyBFeHRlbnNpb25zCj8gMjE0LnBhdGNoCj8gbGliL3B5dGhvbi9Qcm9kdWN0cy9TUUxTZXNz
aW9uCj8gbGliL3B5dGhvbi9Qcm9kdWN0cy9TUUxQcm9wZXJ0aWVzCj8gbGliL3B5dGhvbi9Q
cm9kdWN0cy9aT3JhY2xlREEKPyBsaWIvcHl0aG9uL1Byb2R1Y3RzL1pQeUdyZVNRTERBCj8g
bGliL3B5dGhvbi9Qcm9kdWN0cy9Xb3JrZmxvdwo/IGxpYi9weXRob24vUHJvZHVjdHMvV29y
bGRQaWxvdC5ub3QKPyBsaWIvcHl0aG9uL1Byb2R1Y3RzL1pDYXRhbG9nL2NhdGFsb2dTZWFy
Y2guZHRtbAo/IGxpYi9weXRob24vUHJvZHVjdHMvWkNhdGFsb2cvY2F0YWxvZ1NlYXJjaFJl
c3VsdHMuZHRtbAo/IGxpYi9weXRob24vUHJvZHVjdHMvWkNhdGFsb2cvWmMuCj8gbGliL3B5
dGhvbi9Qcm9kdWN0cy9aQ2F0YWxvZy9wCj8gbGliL3B5dGhvbi9UcmVlRGlzcGxheS9UcmVl
VGFnLnB5LmN1cnJlbnQKSW5kZXg6IGRvYy9DSEFOR0VTLnR4dAo9PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09ClJD
UyBmaWxlOiAvY3ZzLXJlcG9zaXRvcnkvWm9wZTIvZG9jL0NIQU5HRVMudHh0LHYKcmV0cmll
dmluZyByZXZpc2lvbiAxLjE4OC40LjExCnJldHJpZXZpbmcgcmV2aXNpb24gMS4xODguNC4x
MwpkaWZmIC11IC1yMS4xODguNC4xMSAtcjEuMTg4LjQuMTMKLS0tIENIQU5HRVMudHh0CTIw
MDAvMDEvMjQgMTk6Mzg6MTIJMS4xODguNC4xMQorKysgQ0hBTkdFUy50eHQJMjAwMC8wMi8w
OSAyMDozNToyNwkxLjE4OC40LjEzCkBAIC02Miw2ICs2MiwxNCBAQAogCiAgIFJlbGVhc2Vz
CiAKKyAgICBab3BlIDIuMS40CisKKyAgICAgIEJ1Z3MgRml4ZWQgCisKKyAgICAgICAgLSBS
ZW1vdmVkIHRoZSAiZmVhdHVyZSIgdGhhdCBhbGxvd2VkIHRoZSBSRVFVRVNUIG9iamVjdCB0
byBiZQorICAgICAgICAgIHRyYXZlcnNlZCB0aHJvdWdoIHRoZSB3ZWIuIFdoaWxlIHVzZWZ1
bCBmb3IgZGVidWdnaW5nLCB0aGlzIAorICAgICAgICAgIGNvdWxkIGJlIGEgc2VjdXJpdHkg
aXNzdWUuCisKICAgICBab3BlIDIuMS4zCiAKICAgICAgIEJ1Z3MgRml4ZWQgCkBAIC0xNjAs
MTkgKzE2OCwxOSBAQAogICAgICAgICAtIFRoZXJlIHdlcmUgYSBudW1iZXIgb2YgcHJvYmxl
bXMgd2l0aCB0aGUgbG9hZC1zaXRlIHV0aWxpdHkKIAkgICh1dGlsaXRpZXMvbG9hZF9zaXRl
LnB5KToKIAotCS0gQSByZWNlbnQgY2hhbmdlIGNhdXNlZCBIVE1MIGZpbGVzIHRvIGhhdmUg
dGhlaXIgaGVhZGVycyBhbmQKLQkgIGZvb3RlcnMgcmVwbGFjZWQgd2l0aCB2YXIgdGFncyBm
b3Igc3RhbmRhcmQgaGVhZGVycyBhbmQKLQkgIGZvb3RlcnMuICBXaGlsZSB0aGlzIGlzIHNv
bWV0aW1lcyB2ZXJ5IHVzZWZ1bCwgaXQgaXMKLQkgIHNvbWV0aW1lcyBkaXNhc3Ryb3VzLiAg
VGhpcyBmZWF0dXJlIGlzIG5vdyBlbmFibGVkIHdpdGggdGhlCi0JICAtRCBvcHRpb24uCi0J
ICAKLQktIEhhbmRsaW5nIG9mIGZpbGVzIHdpdGggYSAnLmR0bWwnIGV4dGVuc2lvbiB3YXMg
YnJva2VuLiBUaGVzZQotCSAgYXJlIG5vdyBoYW5kbGVkIGNvcnJlY3RseS4gRmlsZXMgd2l0
aCAnLmR0bWwnIHN1ZmZpeGVzIG5vdwotCSAgZ2V0IHVwbG9hZGVkIGFzIG1ldGhvZHMuCi0J
ICAKLQktIEEgd29ya2Fyb3VuZCBmb3Igb2xkIHNpdGVzIHRoYXQgaGFkIGEgYnVnIGluIERv
Y3VtZW50IChha2EKLQkgIERUTUxNZXRob2QpIHVwbG9hZCBoYXMgYmVlbiBkaXNhYmxlZC4g
VGhpcyB3b3JrYXJvdW5kIGlzIG5vdwotCSAgZW5hYmxlZCB3aGVuIHRoZSAtOSBvcHRpb24g
aXMgdXNlZC4KKyAgICAgICAgICAgIG8gQSByZWNlbnQgY2hhbmdlIGNhdXNlZCBIVE1MIGZp
bGVzIHRvIGhhdmUgdGhlaXIgaGVhZGVycyBhbmQKKyAgICAgICAgICAgICAgZm9vdGVycyBy
ZXBsYWNlZCB3aXRoIHZhciB0YWdzIGZvciBzdGFuZGFyZCBoZWFkZXJzIGFuZAorICAgICAg
ICAgICAgICBmb290ZXJzLiAgV2hpbGUgdGhpcyBpcyBzb21ldGltZXMgdmVyeSB1c2VmdWws
IGl0IGlzCisgICAgICAgICAgICAgIHNvbWV0aW1lcyBkaXNhc3Ryb3VzLiAgVGhpcyBmZWF0
dXJlIGlzIG5vdyBlbmFibGVkIHdpdGggdGhlCisgICAgICAgICAgICAgIC1EIG9wdGlvbi4K
KyAgICAgICAgICAgICAgCisgICAgICAgICAgICBvIEhhbmRsaW5nIG9mIGZpbGVzIHdpdGgg
YSAnLmR0bWwnIGV4dGVuc2lvbiB3YXMgYnJva2VuLiBUaGVzZQorICAgICAgICAgICAgICBh
cmUgbm93IGhhbmRsZWQgY29ycmVjdGx5LiBGaWxlcyB3aXRoICcuZHRtbCcgc3VmZml4ZXMg
bm93CisgICAgICAgICAgICAgIGdldCB1cGxvYWRlZCBhcyBtZXRob2RzLgorICAgICAgICAg
ICAgICAKKyAgICAgICAgICAgIG8gQSB3b3JrYXJvdW5kIGZvciBvbGQgc2l0ZXMgdGhhdCBo
YWQgYSBidWcgaW4gRG9jdW1lbnQgKGFrYQorICAgICAgICAgICAgICBEVE1MTWV0aG9kKSB1
cGxvYWQgaGFzIGJlZW4gZGlzYWJsZWQuIFRoaXMgd29ya2Fyb3VuZCBpcyBub3cKKyAgICAg
ICAgICAgICAgZW5hYmxlZCB3aGVuIHRoZSAtOSBvcHRpb24gaXMgdXNlZC4KIAogCiAgICAg
ICBUaGUgZm9sbG93aW5nIGJ1ZyBmaXhlcyB3ZXJlIGFjY2lkZW50aWFsbHkgZXhjbHVkZWQg
ZnJvbSAyLjEuMDoKSW5kZXg6IGxpYi9weXRob24vWlB1Ymxpc2hlci9CYXNlUmVxdWVzdC5w
eQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09ClJDUyBmaWxlOiAvY3ZzLXJlcG9zaXRvcnkvWm9wZTIvbGliL3B5
dGhvbi9aUHVibGlzaGVyL0Jhc2VSZXF1ZXN0LnB5LHYKcmV0cmlldmluZyByZXZpc2lvbiAx
LjE2CnJldHJpZXZpbmcgcmV2aXNpb24gMS4xNi40LjEKZGlmZiAtdSAtcjEuMTYgLXIxLjE2
LjQuMQotLS0gQmFzZVJlcXVlc3QucHkJMTk5OS8wOC8xNyAxODo0ODozMQkxLjE2CisrKyBC
YXNlUmVxdWVzdC5weQkyMDAwLzAyLzA5IDIwOjM1OjQyCTEuMTYuNC4xCkBAIC04Miw3ICs4
Miw3IEBACiAjIGF0dHJpYnV0aW9ucyBhcmUgbGlzdGVkIGluIHRoZSBhY2NvbXBhbnlpbmcg
Y3JlZGl0cyBmaWxlLgogIyAKICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwotX192ZXJzaW9u
X189JyRSZXZpc2lvbjogMS4xNiAkJ1sxMTotMl0KK19fdmVyc2lvbl9fPSckUmV2aXNpb246
IDEuMTYuNC4xICQnWzExOi0yXQogCiBmcm9tIHN0cmluZyBpbXBvcnQgam9pbiwgc3BsaXQs
IGZpbmQsIHJmaW5kLCBsb3dlciwgdXBwZXIKIGZyb20gdXJsbGliIGltcG9ydCBxdW90ZQpA
QCAtMjI2LDYgKzIyNiwxMCBAQAogICAgICAgICByZXF1ZXN0X2dldD1yZXF1ZXN0LmdldAog
ICAgICAgICBpZiByZXNwb25zZSBpcyBOb25lOiByZXNwb25zZT1zZWxmLnJlc3BvbnNlCiAg
ICAgICAgIGRlYnVnX21vZGU9cmVzcG9uc2UuZGVidWdfbW9kZQorCisgICAgICAgICMgTWFr
ZSBzdXJlIHRoYXQgUkVRVUVTVCBjYW5ub3QgYmUgdHJhdmVyc2VkLgorICAgICAgICBpZiBm
aW5kKHBhdGgsICdSRVFVRVNUJykgPj0gMDoKKyAgICAgICAgICAgIHJldHVybiByZXNwb25z
ZS5ub3RGb3VuZEVycm9yKHBhdGgpCiAKICAgICAgICAgaWYgcGF0aFs6MV0gIT0gJy8nOiBw
YXRoPScvJytwYXRoCiAgICAgICAgIGlmIHBhdGhbLTE6XSAhPSAnLyc6IHBhdGg9cGF0aCsn
LycK
--==_Exmh_17574627450--