[CMF-checkins] CVS: CMF/CMFCore - FSPageTemplate.py:1.19
FSPythonScript.py:1.22
Shane Hathaway
shane at zope.com
Mon Aug 4 17:05:49 EDT 2003
Update of /cvs-repository/CMF/CMFCore
In directory cvs.zope.org:/tmp/cvs-serv3361
Modified Files:
FSPageTemplate.py FSPythonScript.py
Log Message:
Made FSPythonScripts and FSPageTemplates unowned.
Until now, scripts and templates were owned by the owner of the
portal. User permissions were intersected with the rights of the
owner of the portal. The intent of the ownership machinery is to
prevent privileged users from executing trojan scripts, but in this
case the scripts can't theoretically be trojans. They can only be
created by users who have filesystem privileges. Therefore script
ownership in this case is not useful and causes unnecessary security
denials.
=== CMF/CMFCore/FSPageTemplate.py 1.18 => 1.19 ===
--- CMF/CMFCore/FSPageTemplate.py:1.18 Thu Nov 14 11:49:10 2002
+++ CMF/CMFCore/FSPageTemplate.py Mon Aug 4 16:05:43 2003
@@ -46,6 +46,8 @@
meta_type = 'Filesystem Page Template'
+ _owner = None # Unowned
+
manage_options=(
(
{'label':'Customize', 'action':'manage_main'},
=== CMF/CMFCore/FSPythonScript.py 1.21 => 1.22 ===
--- CMF/CMFCore/FSPythonScript.py:1.21 Mon Mar 24 00:03:08 2003
+++ CMF/CMFCore/FSPythonScript.py Mon Aug 4 16:05:43 2003
@@ -47,6 +47,8 @@
_params = _body = ''
_v_f = None
_proxy_roles = ()
+
+ _owner = None # Unowned
manage_options=(
(
More information about the CMF-checkins
mailing list