[Zope-Coders] Re: [Zope-dev] DTML and REQUEST data changes about to be checked in
Martijn Pieters
mj@zope.com
Mon, 19 Aug 2002 12:19:59 -0400
On Wed, Aug 14, 2002 at 04:25:09PM -0400, Brian Lloyd wrote:
> So here's what we'll do. Zope 2.6 will include the string tainting
> changes, enabled by default. The tainting can be turned off by
> providing an environment variable.
>
> The next Zope 2.5.x release will contain the tainting code, but it
> will be *disabled* by default. If you are worried about the issues
> it addresses, you will be able to enable it explicitly using an
> environment variable (without having to upgrade to 2.6).
I checked in the changes for 2.5; auto quoating now has to be enabled with
an environment variable. Higly recommended!
--
Martijn Pieters
| Software Engineer mailto:mj@zope.com
| Zope Corporation http://www.zope.com/
| Creators of Zope http://www.zope.org/
---------------------------------------------