[Zope3-checkins]
SVN: Zope3/trunk/src/zope/app/security/_protections.py
Configure zope.i18nmessageid.Message to be a brick. Add
comments and a TODO
Gary Poster
gary at zope.com
Fri Apr 15 12:11:46 EDT 2005
Log message for revision 30002:
Configure zope.i18nmessageid.Message to be a brick. Add comments and a TODO
reminding that MessageID's brick status is problematic.
Changed:
U Zope3/trunk/src/zope/app/security/_protections.py
-=-
Modified: Zope3/trunk/src/zope/app/security/_protections.py
===================================================================
--- Zope3/trunk/src/zope/app/security/_protections.py 2005-04-15 14:57:03 UTC (rev 30001)
+++ Zope3/trunk/src/zope/app/security/_protections.py 2005-04-15 16:11:46 UTC (rev 30002)
@@ -21,7 +21,13 @@
# Make sure the message id gets never proxied
from zope.i18n.messageid import MessageID
+ from zope.i18nmessageid import Message
+ # TODO because MessageIDs are mutable, this is a security hole. This hole
+ # is one of the primary reasons for the development of the Message
+ # replacement. See zope/i18nmessageid/messages.txt.
defineChecker(MessageID, NoProxy)
+ # this, however, is not a security hole, because Messages are immutable.
+ defineChecker(Message, NoProxy)
# add __parent__ and __name__ to always available names
import zope.security.checker
More information about the Zope3-Checkins
mailing list