[Zope-dev] security problem in an monkey-patch

Dieter Maurer dieter at handshake.de
Wed Sep 19 13:56:34 EDT 2007

Previous message: [Zope-dev] Re: security problem in an monkey-patch
Next message: [Zope-dev] Zope Tests: 5 OK
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Joachim Schmitz wrote at 2007-9-19 11:54 +0200:
>and
>
>../portal_catalog/getBypassQueue
>displays a 1

This looks like a security bug.

You should not be able to "call" something via the ZPublisher
what you cannot call in a script.

Maybe, you file a bug report?



-- 
Dieter

Previous message: [Zope-dev] Re: security problem in an monkey-patch
Next message: [Zope-dev] Zope Tests: 5 OK
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Zope-Dev mailing list