[Zope-Checkins] SVN: Zope/branches/Zope-2_8-branch/ - reStructuredText/ZReST: setting raw_enabled to 0 for security

Andreas Jung andreas at andreas-jung.com
Wed Jul 5 12:13:42 EDT 2006 

Log message for revision 68979:
  
        - reStructuredText/ZReST: setting raw_enabled to 0 for security
          reasons
  

Changed:
  U   Zope/branches/Zope-2_8-branch/doc/CHANGES.txt
  U   Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py
  U   Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py

-=-
Modified: Zope/branches/Zope-2_8-branch/doc/CHANGES.txt
===================================================================
--- Zope/branches/Zope-2_8-branch/doc/CHANGES.txt	2006-07-05 16:12:23 UTC (rev 68978)
+++ Zope/branches/Zope-2_8-branch/doc/CHANGES.txt	2006-07-05 16:13:42 UTC (rev 68979)
@@ -18,6 +18,9 @@
 
     Bugs fixed
 
+      - reStructuredText/ZReST: setting raw_enabled to 0 for security
+        reasons
+
       - OFS Application: Removed deprecation warnings added in Zope 2.8.5.
         The warning period starts in Zope 2.9.0.
 

Modified: Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py	2006-07-05 16:12:23 UTC (rev 68978)
+++ Zope/branches/Zope-2_8-branch/lib/python/Products/ZReST/ZReST.py	2006-07-05 16:13:42 UTC (rev 68979)
@@ -210,6 +210,9 @@
             # disallow use of the .. include directive for security reasons
             pub.settings.file_insertion_enabled = 0
 
+            # disallow insertion of raw data for security reasons
+            pub.settings.raw_enabled = 0
+
             # don't break if we get errors
             pub.settings.halt_level = 6
 

Modified: Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py
===================================================================
--- Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py	2006-07-05 16:12:23 UTC (rev 68978)
+++ Zope/branches/Zope-2_8-branch/lib/python/reStructuredText/__init__.py	2006-07-05 16:13:42 UTC (rev 68979)
@@ -75,6 +75,7 @@
         settings['language_code'] = language_code
     settings['language_code'] = language_code
     settings['file_insertion_enabled '] = 0
+    settings['raw_enabled'] = 0
     # starting level for <H> elements:
     settings['initial_header_level'] = initial_header_level + 1
     # set the reporting level to something sane:

More information about the Zope-Checkins mailing list