[Zope-Checkins] SVN: Zope/branches/2.13/ Prepare Zope2 2.13.8.

Hanno Schlichting hannosch at hannosch.eu
Tue Jun 28 11:01:44 EDT 2011


Log message for revision 122021:
  Prepare Zope2 2.13.8.

Changed:
  U   Zope/branches/2.13/doc/CHANGES.rst
  U   Zope/branches/2.13/setup.py
  U   Zope/branches/2.13/src/Zope2/App/configure.zcml
  U   Zope/branches/2.13/src/Zope2/App/exclude.zcml
  A   Zope/branches/2.13/src/Zope2/App/traversing.py
  A   Zope/branches/2.13/src/Zope2/App/traversing.zcml
  U   Zope/branches/2.13/versions.cfg

-=-
Modified: Zope/branches/2.13/doc/CHANGES.rst
===================================================================
--- Zope/branches/2.13/doc/CHANGES.rst	2011-06-28 15:01:20 UTC (rev 122020)
+++ Zope/branches/2.13/doc/CHANGES.rst	2011-06-28 15:01:43 UTC (rev 122021)
@@ -5,12 +5,15 @@
 Change information for previous versions of Zope can be found at
 http://docs.zope.org/zope2/releases/.
 
-2.13.8 (unreleased)
+2.13.8 (2011-06-28)
 -------------------
 
 Bugs Fixed
 ++++++++++
 
+- Fixed a serious privilege escalation issue. For more information see:
+  http://plone.org/products/plone/security/advisories/20110622
+
 - Ensure __name__ is not None as well as __name__ existing. For example, object
   could be a widget within a z3c.form MultiWidget, which do not have __name__ set.
 

Modified: Zope/branches/2.13/setup.py
===================================================================
--- Zope/branches/2.13/setup.py	2011-06-28 15:01:20 UTC (rev 122020)
+++ Zope/branches/2.13/setup.py	2011-06-28 15:01:43 UTC (rev 122021)
@@ -23,7 +23,7 @@
 
 
 setup(name='Zope2',
-    version='2.13.8dev',
+    version='2.13.8',
     url='http://zope2.zope.org',
     license='ZPL 2.1',
     description='Zope2 application server / web framework',

Modified: Zope/branches/2.13/src/Zope2/App/configure.zcml
===================================================================
--- Zope/branches/2.13/src/Zope2/App/configure.zcml	2011-06-28 15:01:20 UTC (rev 122020)
+++ Zope/branches/2.13/src/Zope2/App/configure.zcml	2011-06-28 15:01:43 UTC (rev 122021)
@@ -5,7 +5,7 @@
   <include file="meta.zcml" />
   <include package="AccessControl" file="permissions.zcml" />
 
-  <include package="zope.traversing" />
+  <include file="traversing.zcml" />
   <include package="OFS "/>
   <include package="ZPublisher" />
 

Modified: Zope/branches/2.13/src/Zope2/App/exclude.zcml
===================================================================
--- Zope/branches/2.13/src/Zope2/App/exclude.zcml	2011-06-28 15:01:20 UTC (rev 122020)
+++ Zope/branches/2.13/src/Zope2/App/exclude.zcml	2011-06-28 15:01:43 UTC (rev 122021)
@@ -4,6 +4,7 @@
   <exclude package="zope.browsermenu" file="meta.zcml" />
   <exclude package="zope.browserresource" file="meta.zcml" />
   <exclude package="zope.publisher" file="meta.zcml" />
+  <exclude package="zope.traversing" />
   <exclude package="zope.viewlet" file="meta.zcml" />
 
 </configure>

Added: Zope/branches/2.13/src/Zope2/App/traversing.py
===================================================================
--- Zope/branches/2.13/src/Zope2/App/traversing.py	                        (rev 0)
+++ Zope/branches/2.13/src/Zope2/App/traversing.py	2011-06-28 15:01:43 UTC (rev 122021)
@@ -0,0 +1,14 @@
+from zExceptions import Forbidden
+from zope.interface.interface import InterfaceClass
+from zope.traversing import namespace
+
+
+class resource(namespace.view):
+
+    def traverse(self, name, ignored):
+        # The context is important here, since it becomes the parent of the
+        # resource, which is needed to generate the absolute URL.
+        res = namespace.getResource(self.context, name, self.request)
+        if isinstance(res, InterfaceClass):
+            raise Forbidden('Access to traverser is forbidden.')
+        return res


Property changes on: Zope/branches/2.13/src/Zope2/App/traversing.py
___________________________________________________________________
Added: svn:eol-style
   + native

Added: Zope/branches/2.13/src/Zope2/App/traversing.zcml
===================================================================
--- Zope/branches/2.13/src/Zope2/App/traversing.zcml	                        (rev 0)
+++ Zope/branches/2.13/src/Zope2/App/traversing.zcml	2011-06-28 15:01:43 UTC (rev 122021)
@@ -0,0 +1,61 @@
+<configure xmlns="http://namespaces.zope.org/zope">
+
+  <!-- define default namespace adapters, etc. -->
+  <adapter
+      for="*"
+      factory="zope.traversing.adapters.Traverser"
+      provides="zope.traversing.interfaces.ITraverser" />
+
+  <adapter
+      for="*"
+      factory="zope.traversing.adapters.DefaultTraversable"
+      provides="zope.traversing.interfaces.ITraversable" />
+
+  <adapter
+      name="etc"
+      for="*"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.etc"
+      />
+  <adapter
+      name="etc"
+      for="* zope.publisher.interfaces.IRequest"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.etc"
+      />
+
+  <adapter
+      name="adapter"
+      for="*"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.adapter"
+      />
+  <adapter
+      name="adapter"
+      for="* zope.publisher.interfaces.IRequest"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.adapter"
+      />
+
+  <adapter
+      name="skin"
+      for="* zope.publisher.interfaces.IRequest"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.skin"
+      />
+
+  <adapter
+      name="resource"
+      for="* zope.publisher.interfaces.IRequest"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="Zope2.App.traversing.resource"
+      />
+
+  <adapter
+      name="view"
+      for="* zope.publisher.interfaces.IRequest"
+      provides="zope.traversing.interfaces.ITraversable"
+      factory="zope.traversing.namespace.view"
+      />
+
+</configure>


Property changes on: Zope/branches/2.13/src/Zope2/App/traversing.zcml
___________________________________________________________________
Added: svn:eol-style
   + native

Modified: Zope/branches/2.13/versions.cfg
===================================================================
--- Zope/branches/2.13/versions.cfg	2011-06-28 15:01:20 UTC (rev 122020)
+++ Zope/branches/2.13/versions.cfg	2011-06-28 15:01:43 UTC (rev 122021)
@@ -4,7 +4,7 @@
 
 [versions]
 # Zope2-specific
-Zope2 =
+Zope2 = 2.13.8
 AccessControl = 2.13.4
 Acquisition = 2.13.8
 DateTime = 2.12.6



More information about the Zope-Checkins mailing list