[Zope-dev] Security audit introduced problem in PageTemplates/Expression.py

Stuart Bishop stuart at stuartbishop.net
Wed Jan 14 22:05:06 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 13/01/2004, at 4:19 PM, Stuart Bishop wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The 'security audit work for the 2.7 branch' commit on 8th Jan made
> the following change in PageTemplates/Expression.py:

As well as in other locations such as ZopeGuards.py.

I've opened http://collector.zope.org/Zope/1182 with some
example code.

Anyone know if None is being passed as the name in some locations?
I don't think it would be helpful for me to go around reversing
code changed by a security audit without some background.

- --  Stuart Bishop <stuart at stuartbishop.net>
http://www.stuartbishop.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFABgNqAfqZj7rGN0oRApeyAJ0Y4BzVbQfOdq2rpaH/m1e9cip/RACfUqzq
i1nr0FrFG544SCKh7dReZVk=
=4TUc
-----END PGP SIGNATURE-----




More information about the Zope-Dev mailing list