[prev in list] [next in list] [prev in thread] [next in thread]
List: zope-dev
Subject: Re: [Zope-dev] security problem in an monkey-patch
From: "Dieter Maurer" <dieter () handshake ! de>
Date: 2007-09-19 17:56:34
Message-ID: 18161.25298.791286.255599 () gargle ! gargle ! HOWL
[Download RAW message or body]
Joachim Schmitz wrote at 2007-9-19 11:54 +0200:
>and
>
>../portal_catalog/getBypassQueue
>displays a 1
This looks like a security bug.
You should not be able to "call" something via the ZPublisher
what you cannot call in a script.
Maybe, you file a bug report?
--
Dieter
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic