Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove monkey patches from plone.protect 3.X #1335

Open
fredvd opened this issue Jan 25, 2016 · 1 comment
Open

Remove monkey patches from plone.protect 3.X #1335

fredvd opened this issue Jan 25, 2016 · 1 comment
Labels
99 tag: cleanup

Comments

@fredvd
Copy link
Sponsor Member

fredvd commented Jan 25, 2016

plone.protect has 3 monkeypatches into other parts of Plone/Zope. Two are done using collective.monkeypatcher and replacing stuff in Products.CMFormController and Zope2 webdav.

A) Products.CMFFormController can be done right away (should be patched for both Plone 4 and Plone 5 if we stick to plone.protect 3.x for both Plone 4 and 5)

B) webdav can be done once we have know where to base Zope on. (Zope 2.13.X, Zope 4.X)

C) plone.protect also disables Products.PluggableAuthServices getCSRFToken and checkCSRFToken, presumably because these are the older CRSF protection framewok methods that are now taken over by plone.protect 3.X . Should that CSRF part be removed completely from Products.PluggableAuthServices?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
99 tag: cleanup
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thet @fredvd