Skip to content
This repository
Browse code

v1.0.6.pre - Security fix in rest2html: Disable "file_insertion_enabl…

…ed" as default.
  • Loading branch information...
commit 8322f78fe0268605b02632c41890409bdb970d59 1 parent 8645a5a
Jens Diemer authored
2  README.creole
Source Rendered
@@ -163,6 +163,8 @@ Note: In this case you must install **docutils**! See above.
163 163
 
164 164
 = history =
165 165
 
  166
+* v1.0.6.pre - 2012-10-15
  167
+** Security fix in rest2html: Disable "file_insertion_enabled" as default.
166 168
 * v1.0.5 - 2012-09-03
167 169
 ** made automatic protocol links more strict: Only whitespace before and at the end are allowed.
168 170
 ** Bugfix: Don't allow {{{ftp:/broken}}} (Only one slash) to be a link.
2  creole/__init__.py
@@ -20,7 +20,7 @@
20 20
 
21 21
 from __future__ import division, absolute_import, print_function, unicode_literals
22 22
 
23  
-__version__ = (1, 0, 5)
  23
+__version__ = (1, 0, 6, "pre")
24 24
 __api__ = (1, 0) # Creole 1.0 spec - http://wikicreole.org/
25 25
 
26 26
 
3  creole/rest2html/clean_writer.py
@@ -12,7 +12,7 @@
12 12
     http://www.arnebrodowski.de/blog/write-your-own-restructuredtext-writer.html
13 13
     https://github.com/alex-morega/docutils-plainhtml/blob/master/plain_html_writer.py
14 14
     
15  
-    :copyleft: 2011 by python-creole team, see AUTHORS for more details.
  15
+    :copyleft: 2011-2012 by python-creole team, see AUTHORS for more details.
16 16
     :license: GNU GPL v3 or above, see LICENSE for more details.
17 17
 """
18 18
 
@@ -188,6 +188,7 @@ def rest2html(content, enable_exit_status=None, **kwargs):
188 188
     settings_overrides = {
189 189
         "input_encoding": "unicode",
190 190
         "doctitle_xform": False,
  191
+        "file_insertion_enabled": False,
191 192
     }
192 193
     settings_overrides.update(kwargs)
193 194
 
17  creole/tests/test_rest2html.py
@@ -7,7 +7,7 @@
7 7
     
8 8
     Unittests for rest2html, see: creole/rest2html/clean_writer.py
9 9
 
10  
-    :copyleft: 2011 by python-creole team, see AUTHORS for more details.
  10
+    :copyleft: 2011-2012 by python-creole team, see AUTHORS for more details.
11 11
     :license: GNU GPL v3 or above, see LICENSE for more details.
12 12
 """
13 13
 
@@ -100,6 +100,21 @@ def test_clean_headline(self):
100 100
             <h2>head 2</h2>
101 101
         """)
102 102
 
  103
+    def test_include(self):
  104
+        self.assert_rest2html("""
  105
+            Include should be disabled by default.
  106
+            
  107
+            .. include:: doesntexist.txt
  108
+        """, """
  109
+            <p>Include should be disabled by default.</p>
  110
+            <p class="system-message-title">System Message: WARNING/2 (<tt class="docutils">&lt;string&gt;</tt>, line 3)</p>
  111
+            <p>&quot;include&quot; directive disabled.</p>
  112
+            <pre>
  113
+            .. include:: doesntexist.txt
  114
+            </pre>
  115
+            </div>
  116
+        """)
  117
+
103 118
 
104 119
 if __name__ == '__main__':
105 120
     unittest.main()

0 notes on commit 8322f78

Please sign in to comment.
Something went wrong with that request. Please try again.