[prev in list] [next in list] [prev in thread] [next in thread]
List: zope-cvs
Subject: [Zope-Checkins] SVN: Zope/trunk/ Fix serious authentication
From: Tres Seaver <tseaver () palladion ! com>
Date: 2011-10-24 22:41:46
Message-ID: 20111024224146.D073F94200 () cvs ! zope ! org
[Download RAW message or body]
Log message for revision 123153:
Fix serious authentication vulnerability in stock configuration.
Changed:
U Zope/trunk/doc/CHANGES.rst
U Zope/trunk/src/OFS/tests/test_userfolder.py
U Zope/trunk/src/OFS/userfolder.py
-=-
Modified: Zope/trunk/doc/CHANGES.rst
===================================================================
--- Zope/trunk/doc/CHANGES.rst 2011-10-24 22:39:13 UTC (rev 123152)
+++ Zope/trunk/doc/CHANGES.rst 2011-10-24 22:41:46 UTC (rev 123153)
@@ -11,6 +11,8 @@
Bugs Fixed
++++++++++
+- Fixed serious authentication vulnerability in stock configuration.
+
- Fixed a regression in webdav support that broke external editor feature.
- Restore ability to undo multiple transactions from the ZMI by using the
Modified: Zope/trunk/src/OFS/tests/test_userfolder.py
===================================================================
--- Zope/trunk/src/OFS/tests/test_userfolder.py 2011-10-24 22:39:13 UTC (rev 123152)
+++ Zope/trunk/src/OFS/tests/test_userfolder.py 2011-10-24 22:41:46 UTC (rev 123153)
@@ -17,7 +17,15 @@
# TODO class Test_readUserAccessFile(unittest.TestCase)
-# TODO class BasicUserFoldertests(unittest.TestCase)
+class BasicUserFolderTests(unittest.TestCase):
+
+ def _getTargetClass(self):
+ from OFS.userfolder import BasicUserFolder
+ return BasicUserFolder
+
+ def test_manage_users_security_initialized(self):
+ uf = self._getTargetClass()()
+ self.assertTrue(hasattr(uf, 'manage_users__roles__'))
class UserFolderTests(unittest.TestCase):
@@ -171,6 +179,8 @@
def test_suite():
- suite = unittest.TestSuite()
- suite.addTest(unittest.makeSuite(UserFolderTests))
+ suite = unittest.TestSuite((
+ unittest.makeSuite(BasicUserFolderTests),
+ unittest.makeSuite(UserFolderTests),
+ ))
return suite
Modified: Zope/trunk/src/OFS/userfolder.py
===================================================================
--- Zope/trunk/src/OFS/userfolder.py 2011-10-24 22:39:13 UTC (rev 123152)
+++ Zope/trunk/src/OFS/userfolder.py 2011-10-24 22:41:46 UTC (rev 123153)
@@ -293,7 +293,9 @@
message='Cannot change the id of a UserFolder',
action='./manage_main'))
+InitializeClass(BasicUserFolder)
+
class UserFolder(accesscontrol_userfolder.UserFolder, BasicUserFolder):
"""Standard UserFolder object
_______________________________________________
Zope-Checkins maillist - Zope-Checkins@zope.org
https://mail.zope.org/mailman/listinfo/zope-checkins
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic