[Zope-Checkins] SVN: Zope/branches/2.12/ Prepare Zope2 2.12.19.

Hanno Schlichting hannosch at hannosch.eu
Tue Jun 28 11:01:08 EDT 2011


Log message for revision 122019:
  Prepare Zope2 2.12.19.

Changed:
  U   Zope/branches/2.12/doc/CHANGES.rst
  U   Zope/branches/2.12/setup.py
  U   Zope/branches/2.12/src/Products/Five/configure.zcml
  A   Zope/branches/2.12/src/Products/Five/traversing.py
  U   Zope/branches/2.12/src/Products/Five/traversing.zcml
  U   Zope/branches/2.12/versions.cfg

-=-
Modified: Zope/branches/2.12/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.12/doc/CHANGES.rst	2011-06-28 14:13:33 UTC (rev 122018)
+++ Zope/branches/2.12/doc/CHANGES.rst	2011-06-28 15:01:07 UTC (rev 122019)
@@ -5,12 +5,14 @@
 Change information for previous versions of Zope can be found at
 http://docs.zope.org/zope2/releases/.
 
-2.12.19 (unreleased)
+2.12.19 (2011-06-28)
 --------------------
 
 Bugs Fixed
 ++++++++++
 
+- Fixed a serious privilege escalation issue. For more information see:
+  http://plone.org/products/plone/security/advisories/20110622
 
 Features
 ++++++++

Modified: Zope/branches/2.12/setup.py
===================================================================
--- Zope/branches/2.12/setup.py	2011-06-28 14:13:33 UTC (rev 122018)
+++ Zope/branches/2.12/setup.py	2011-06-28 15:01:07 UTC (rev 122019)
@@ -16,7 +16,7 @@
 from setuptools import setup, find_packages, Extension
 
 setup(name='Zope2',
-    version='2.12.19dev',
+    version='2.12.19',
     url='http://www.zope.org',
     license='ZPL 2.1',
     description='Zope2 application server / web framework',

Modified: Zope/branches/2.12/src/Products/Five/configure.zcml
===================================================================
--- Zope/branches/2.12/src/Products/Five/configure.zcml	2011-06-28 14:13:33 UTC (rev 122018)
+++ Zope/branches/2.12/src/Products/Five/configure.zcml	2011-06-28 15:01:07 UTC (rev 122019)
@@ -1,6 +1,9 @@
 <configure xmlns="http://namespaces.zope.org/zope"
            xmlns:five="http://namespaces.zope.org/five">
 
+  <!-- Disable unsupported Zope Toolkit functionality -->
+  <exclude package="zope.traversing" />
+
   <include file="meta.zcml" />
   <include file="permissions.zcml" />
   <include file="i18n.zcml" />

Added: Zope/branches/2.12/src/Products/Five/traversing.py
===================================================================
--- Zope/branches/2.12/src/Products/Five/traversing.py	                        (rev 0)
+++ Zope/branches/2.12/src/Products/Five/traversing.py	2011-06-28 15:01:07 UTC (rev 122019)
@@ -0,0 +1,14 @@
+from zExceptions import Forbidden
+from zope.interface.interface import InterfaceClass
+from zope.traversing import namespace
+
+
+class resource(namespace.view):
+
+    def traverse(self, name, ignored):
+        # The context is important here, since it becomes the parent of the
+        # resource, which is needed to generate the absolute URL.
+        res = namespace.getResource(self.context, name, self.request)
+        if isinstance(res, InterfaceClass):
+            raise Forbidden('Access to traverser is forbidden.')
+        return res


Property changes on: Zope/branches/2.12/src/Products/Five/traversing.py
___________________________________________________________________
Added: svn:eol-style
   + native

Modified: Zope/branches/2.12/src/Products/Five/traversing.zcml
===================================================================
--- Zope/branches/2.12/src/Products/Five/traversing.zcml	2011-06-28 14:13:33 UTC (rev 122018)
+++ Zope/branches/2.12/src/Products/Five/traversing.zcml	2011-06-28 15:01:07 UTC (rev 122019)
@@ -1,7 +1,61 @@
-<configure xmlns="http://namespaces.zope.org/zope"
-           xmlns:five="http://namespaces.zope.org/five">
+<configure xmlns="http://namespaces.zope.org/zope">
 
   <!-- define default namespace adapters, etc. -->
-  <include package="zope.traversing" />
+  <adapter
+      for="*"
+      factory="zope.traversing.adapters.Traverser"
+      provides="zope.location.interfaces.ITraverser" />
 
+  <adapter
+      for="*"
+      factory="zope.traversing.adapters.DefaultTraversable"
+      provides="zope.traversing.interfaces.ITraversable" />
+
+  <adapter
+      name="etc"
+      for="*"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.etc"
+      />
+  <adapter
+      name="etc"
+      for="* zope.publisher.interfaces.IRequest"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.etc"
+      />
+
+  <adapter
+      name="adapter"
+      for="*"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.adapter"
+      />
+  <adapter
+      name="adapter"
+      for="* zope.publisher.interfaces.IRequest"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.adapter"
+      />
+
+  <adapter
+      name="skin"
+      for="* zope.publisher.interfaces.IRequest"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.skin"
+      />
+
+  <adapter
+      name="resource"
+      for="* zope.publisher.interfaces.IRequest"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="Products.Five.traversing.resource"
+      />
+
+  <adapter
+      name="view"
+      for="* zope.publisher.interfaces.IRequest"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.view"
+      />
+
 </configure>

Modified: Zope/branches/2.12/versions.cfg
===================================================================
--- Zope/branches/2.12/versions.cfg	2011-06-28 14:13:33 UTC (rev 122018)
+++ Zope/branches/2.12/versions.cfg	2011-06-28 15:01:07 UTC (rev 122019)
@@ -2,7 +2,7 @@
 versions = versions
 
 [versions]
-Zope2 =
+Zope2 = 2.12.19
 Acquisition = 2.13.8
 buildout.dumppickedversions = 0.4
 ClientForm = 0.2.10



More information about the Zope-Checkins mailing list