[Zope-Coders] Re: [Zope-dev] DTML and REQUEST data changes about to be checked in

Martijn Pieters mj@zope.com
Mon, 19 Aug 2002 12:19:59 -0400


On Wed, Aug 14, 2002 at 04:25:09PM -0400, Brian Lloyd wrote:
> So here's what we'll do. Zope 2.6 will include the string tainting
> changes, enabled by default. The tainting can be turned off by
> providing an environment variable.
> 
> The next Zope 2.5.x release will contain the tainting code, but it
> will be *disabled* by default. If you are worried about the issues
> it addresses, you will be able to enable it explicitly using an
> environment variable (without having to upgrade to 2.6).

I checked in the changes for 2.5; auto quoating now has to be enabled with
an environment variable. Higly recommended!

-- 
Martijn Pieters
| Software Engineer  mailto:mj@zope.com
| Zope Corporation   http://www.zope.com/
| Creators of Zope   http://www.zope.org/
---------------------------------------------