[Zope] frustrating security problem

[Daryl Tester]

joel grimes wrote:

> Following that link I found the text of RDB.py but there seems to be a lot
> of codes in it that I'd need to replace with something (=0A= and =3, etc.)-
> being new to python as well as zope, I don't know what to replace them with.
>   Here's an example:
> 
>                     % _def, names[i])=0A=
>             type=3Dlower(defre.group(2))=0A=
>             width=3Ddefre.group(1)=0A=
>             if width: width=3Datoi(width)=0A=
>             else: width=3D8=0A=
> 
> Don't look quite right to me.  I assume I can just strip =0A=, is =3D just a
> space?

Urk.  OK, =3D gets replaced with '=', =0A is a linefeed, and if = appears
at the end of the line, you need to join the next line (it's a line wrap
where previously there wasn't one, and remember, Python is syntactically
sensitive to this).  I couldn't see any other character sequences that
would trip you up, so those replacements should suffice.


Regards,
  Daryl Tester