[Checkins] SVN: z3c.form/trunk/ - Security issue, removed IBrowserRequest from IFormLayer. This prevents to
Roger Ineichen
roger at projekt01.ch
Tue Dec 14 04:36:13 EST 2010
Log message for revision 118858:
- Security issue, removed IBrowserRequest from IFormLayer. This prevents to
mixin IBrowserRequest into non IBrowserRequest e.g. IJSONRPCRequest.
This should be compatible since a browser request using z3c.form already
provides IBrowserRequest and the IFormLayer is only a marker interface used
as skin layer.
- added test
Changed:
U z3c.form/trunk/CHANGES.txt
U z3c.form/trunk/src/z3c/form/form.txt
U z3c.form/trunk/src/z3c/form/interfaces.py
-=-
Modified: z3c.form/trunk/CHANGES.txt
===================================================================
--- z3c.form/trunk/CHANGES.txt 2010-12-14 07:48:25 UTC (rev 118857)
+++ z3c.form/trunk/CHANGES.txt 2010-12-14 09:36:13 UTC (rev 118858)
@@ -5,6 +5,12 @@
2.4.2 (unreleased)
------------------
+- Security issue, removed IBrowserRequest from IFormLayer. This prevents to
+ mixin IBrowserRequest into non IBrowserRequest e.g. IJSONRPCRequest.
+ This should be compatible since a browser request using z3c.form already
+ provides IBrowserRequest and the IFormLayer is only a marker interface used
+ as skin layer.
+
- Add English translation (generated from translation template using
msgen z3c.form.pot > en/LC_MESSAGES/z3c.form.po).
Modified: z3c.form/trunk/src/z3c/form/form.txt
===================================================================
--- z3c.form/trunk/src/z3c/form/form.txt 2010-12-14 07:48:25 UTC (rev 118857)
+++ z3c.form/trunk/src/z3c/form/form.txt 2010-12-14 09:36:13 UTC (rev 118858)
@@ -17,6 +17,15 @@
>>> from z3c.form import testing
>>> testing.setupFormDefaults()
+Note, since version 2.4.2 the IFomrLayer doesn't provide IBrowserRequest
+anymore. This is usefull if you like to use z3c.form components for other
+requets then the IBrowserRequest.
+
+ >>> from zope.publisher.interfaces.browser import IBrowserRequest
+ >>> import z3c.form.interfaces
+ >>> z3c.form.interfaces.IFormLayer.isOrExtends(IBrowserRequest)
+ False
+
Before we can start writing forms, we must have the content to work with:
>>> import zope.interface
Modified: z3c.form/trunk/src/z3c/form/interfaces.py
===================================================================
--- z3c.form/trunk/src/z3c/form/interfaces.py 2010-12-14 07:48:25 UTC (rev 118857)
+++ z3c.form/trunk/src/z3c/form/interfaces.py 2010-12-14 09:36:13 UTC (rev 118858)
@@ -21,7 +21,6 @@
import zope.schema
from zope.interface.common import mapping
from zope.location.interfaces import ILocation
-from zope.publisher.interfaces.browser import IBrowserRequest
MessageFactory = _ = zope.i18nmessageid.MessageFactory('z3c.form')
@@ -43,11 +42,15 @@
# ----[ Layer Declaration ]--------------------------------------------------
-class IFormLayer(IBrowserRequest):
+class IFormLayer(zope.interface.Interface):
"""A layer that contains all registrations of this package.
It is intended that someone can just use this layer as a base layer when
using this package.
+
+ Since version 2.4.2, this layer doesn't provide IBrowserRequst anymore.
+ This makes it possible to use the IFormLayer within z3c.jsonrpc without
+ to apply the IBrowserRequest into the jsonrpc request.
"""
More information about the checkins
mailing list