[Checkins] SVN: five.grok/trunk/ Fix a securty issue with resource directories. See https://bugs.launchpad.net/five.grok/+bug/347162
Martin Aspeli
optilude at gmx.net
Sun May 31 12:32:17 EDT 2009
Log message for revision 100565:
Fix a securty issue with resource directories. See https://bugs.launchpad.net/five.grok/+bug/347162
Changed:
U five.grok/trunk/docs/HISTORY.txt
U five.grok/trunk/src/five/grok/components.py
-=-
Modified: five.grok/trunk/docs/HISTORY.txt
===================================================================
--- five.grok/trunk/docs/HISTORY.txt 2009-05-30 22:54:40 UTC (rev 100564)
+++ five.grok/trunk/docs/HISTORY.txt 2009-05-31 16:32:16 UTC (rev 100565)
@@ -4,6 +4,10 @@
five.grok - 1.0b1 (unreleased)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+* Let static resource directories allow access to unprotected subattributes
+ to avoid authorisation problems when accessing them from protected code.
+ [optilude]
+
* Do not create static resource directories if the 'static' directory does
not actually exist.
[optilude]
Modified: five.grok/trunk/src/five/grok/components.py
===================================================================
--- five.grok/trunk/src/five/grok/components.py 2009-05-30 22:54:40 UTC (rev 100564)
+++ five.grok/trunk/src/five/grok/components.py 2009-05-31 16:32:16 UTC (rev 100565)
@@ -149,6 +149,9 @@
# the resources so that .pt and .html do not get created as page
# templates
+ # Allow traversal to contained resources from protected code
+ __allow_access_to_unprotected_subobjects__ = True
+
resource_factories = {}
for type, factory in (resource.DirectoryResource.resource_factories.items()):
if factory is resource.PageTemplateResourceFactory:
More information about the Checkins
mailing list