[Zope-dev] security problem in an monkey-patch

Dieter Maurer dieter at handshake.de
Wed Sep 19 13:56:34 EDT 2007


Joachim Schmitz wrote at 2007-9-19 11:54 +0200:
>and
>
>../portal_catalog/getBypassQueue
>displays a 1

This looks like a security bug.

You should not be able to "call" something via the ZPublisher
what you cannot call in a script.

Maybe, you file a bug report?



-- 
Dieter


More information about the Zope-Dev mailing list