[Zope] Script (Python) insecure ?
Maurits van Rees
m.van.rees at zestsoftware.nl
Tue Aug 12 13:14:15 EDT 2008
Andreas Jung, on 2008-08-12:
>>> After rough test: it seems to work for Zope trunk, 2.10 and 2.11
>>> but has a failure for Zope 2.8.
>>
>> I forgot to mention that the hotfix also seems to work for Zope 2.9.
>> (third-party confirmations are highly appreciated).
>
> Update: the hotfix although works for Zope 2.8 (tested with
> a running Zope instance - however the testrunner does not seem
> to import Hotfix though the included tests under 2.8 aren't
> found/executed).
In Zope 2.8, when I place the Hotfix in the Products dir of the
instance, the two tests pass when I run the tests like this:
bin/zopectl test --dir=Products/Hotfix_20080812/
That's with: http://www.zope.org/advisories/Hotfix_20080812_0.1.tar.gz
I tested on Zope 2.8, 2.9, 2.10, 2.11. All with python 2.4. Without
the hotfix "raise SystemExit" crashed Zope. I could not confirm the
other problem; that just gave me a LookupError. With the hotfix in
the Products dir of the instance, the crash did not occur and the
tests passed.
Marvelous! Thanks Andreas!
--
Maurits van Rees | http://maurits.vanrees.org/
Work | http://zestsoftware.nl/
"This is your day, don't let them take it away." [Barlow Girl]
More information about the Zope
mailing list