[Zope] <code> tag?
Martijn Pieters
mj@antraciet.nl
Sun, 29 Aug 1999 07:14:43 +0200
At 02:03 29-8-99 , Mike Winter wrote:
>Hi, just a quick question: how do you get Zope to display DTML without
>evaluating it?
There are two methods, one of which is (to me) a very serious security
breach: document_src (for which you need the View management screens
permission), and PrincipiaSearchSource, for which you do not need any
permissions at all. At any Zope2 site, I can add /PrincipiaSearchSource to
the URL and see the source of that DTML Method/Document.
I just discovered this, and will report it to the Collector.
--
Martijn Pieters, Web Developer
| Antraciet http://www.antraciet.nl
| T: +31 35 7502100 F: +31 35 7502111
| mj@antraciet.nl http://www.antraciet.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
---------------------------------------------