[Zope-Checkins] CVS: Packages/Zope/Startup - handlers.py:1.6.2.14 zopeschema.xml:1.7.2.16

Andreas Jung andreas at andreas-jung.com
Fri Nov 26 07:07:54 EST 2004


Update of /cvs-repository/Packages/Zope/Startup
In directory cvs.zope.org:/tmp/cvs-serv16157/lib/python/Zope/Startup

Modified Files:
      Tag: Zope-2_7-branch
	handlers.py zopeschema.xml 
Log Message:

      - Collector #1371: added new 'cgi-maxlen' directive to zope.conf 
        to limit the amount of form data being processed by Zope 
        to prevent DoS attacks


=== Packages/Zope/Startup/handlers.py 1.6.2.13 => 1.6.2.14 ===
--- Packages/Zope/Startup/handlers.py:1.6.2.13	Wed Nov 24 03:49:27 2004
+++ Packages/Zope/Startup/handlers.py	Fri Nov 26 07:07:24 2004
@@ -113,6 +113,12 @@
     import ZServer
     ZServer.CONNECTION_LIMIT = value
 
+
+def cgi_maxlen(value):
+    import cgi
+    cgi.maxlen = value
+
+
 # server handlers
 
 def root_handler(config):


=== Packages/Zope/Startup/zopeschema.xml 1.7.2.15 => 1.7.2.16 ===
--- Packages/Zope/Startup/zopeschema.xml:1.7.2.15	Mon Jul 26 13:38:08 2004
+++ Packages/Zope/Startup/zopeschema.xml	Fri Nov 26 07:07:24 2004
@@ -530,6 +530,14 @@
     <metadefault>Zope</metadefault>
   </key>
 
+  <key name="cgi-maxlen" default="0" handler="cgi_maxlen" datatype="integer">
+    <description>
+     Set the cgi.maxlen parameter to limit the number of data passwed to
+     cgi.escape(). This is helpful to prevent DoS attacks. Set the parameter
+     to 0 for no restrictions.
+    </description>
+  </key>
+
   <key name="automatically-quote-dtml-request-data" datatype="boolean"
        default="on" handler="automatically_quote_dtml_request_data">
      <description>



More information about the Zope-Checkins mailing list