[Zope-Checkins] CVS: Zope/lib/python/OFS - DTMLDocument.py:1.48.6.2
DTMLMethod.py:1.79.6.4
Tres Seaver
tseaver at zope.com
Thu Jan 8 15:53:48 EST 2004
Update of /cvs-repository/Zope/lib/python/OFS
In directory cvs.zope.org:/tmp/cvs-serv4625/lib/python/OFS
Modified Files:
Tag: Zope-2_6-branch
DTMLDocument.py DTMLMethod.py
Log Message:
- Some improper security assertions on DTMLDocument objects could
potentially allow access to members that should be protected.
=== Zope/lib/python/OFS/DTMLDocument.py 1.48.6.1 => 1.48.6.2 ===
--- Zope/lib/python/OFS/DTMLDocument.py:1.48.6.1 Mon Sep 29 08:11:37 2003
+++ Zope/lib/python/OFS/DTMLDocument.py Thu Jan 8 15:53:47 2004
@@ -44,16 +44,11 @@
PropertyManager.manage_options +
DTMLMethod.manage_options[2:]
)
-
+
+ ps = DTMLMethod.__ac_permissions__
__ac_permissions__=(
- ('Change DTML Documents',
- ('manage_editForm', 'manage', 'manage_main',
- 'manage_edit', 'manage_upload', 'PUT',
- 'manage_historyCopy',
- 'manage_beforeHistoryCopy', 'manage_afterHistoryCopy',
- )
- ),
- )
+ ps[0], ('Change DTML Documents', ps[1][1]), ps[2], ps[3], ps[4])
+ del ps
def manage_edit(self,data,title,SUBMIT='Change',dtpref_cols='100%',
dtpref_rows='20',REQUEST=None):
=== Zope/lib/python/OFS/DTMLMethod.py 1.79.6.3 => 1.79.6.4 ===
--- Zope/lib/python/OFS/DTMLMethod.py:1.79.6.3 Mon Sep 29 08:11:37 2003
+++ Zope/lib/python/OFS/DTMLMethod.py Thu Jan 8 15:53:47 2004
@@ -71,6 +71,7 @@
+Cacheable.manage_options
)
+ # Careful in changes--used by DTMLDocument!
__ac_permissions__=(
('View management screens',
('document_src', 'PrincipiaSearchSource')),
More information about the Zope-Checkins
mailing list