[ZPT] Re: Please help: No protection for PageTemplateFile!!
Michael R. Bernstein
webmaven@lvcm.com
29 Jan 2002 11:27:04 -0800
On Tue, 2002-01-29 at 09:02, Evan Simpson wrote:
> Dirksen Lau wrote:
> > I want to shut off anonymous access to my class, but to my surprise,
> > instances of PageTemplateFile leak through the security check, even
> > the id of which starts with 'manage_'! Here's my class
>
> Thanks for uncovering this. There were some bad security declarations
> in both Script.py and PageTemplateFile.py.
Methinks I hear a 2.5.1 release in the distance.
:-)
Michael.