[Checkins] CVS: Zope/lib/python/Products/ZReST - ZReST.py:1.6.12.11

Tres Seaver tseaver at palladion.com
Mon Jul 10 17:29:00 EDT 2006


Update of /cvs-repository/Zope/lib/python/Products/ZReST
In directory cvs.zope.org:/tmp/cvs-serv7924/lib/python/Products/ZReST

Modified Files:
      Tag: Zope-2_7-branch
	ZReST.py 
Log Message:
 - Backport tests and fixes for ReST file inclusion vulnerability.


=== Zope/lib/python/Products/ZReST/ZReST.py 1.6.12.10 => 1.6.12.11 ===
--- Zope/lib/python/Products/ZReST/ZReST.py:1.6.12.10	Sun Nov 21 12:47:51 2004
+++ Zope/lib/python/Products/ZReST/ZReST.py	Mon Jul 10 17:28:29 2006
@@ -198,6 +198,10 @@
         # remember warnings
         pub.settings.warning_stream = Warnings()
 
+        # disable unsafe directives
+        pub.settings.raw_enabled = 0
+        pub.settings.file_insertion_enabled = 0
+
         pub.source = docutils.io.StringInput(
             source=self.source, encoding=self.input_encoding)
 



More information about the Checkins mailing list