do not cache (implicit) request access to form data or cookies in `ot…

…her`: #630
zopefoundation · May 18, 2019 · 7095f8b · 7095f8b
1 parent 7ad558e
commit 7095f8b
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -30,6 +30,9 @@ Fixes
 - Fixed logic error in exceptions handling during publishing. This error would
   prevent correct Unauthorized handling when exceptions debug mode was set.
 
+- Do not cache (implicit) request access to form data and cookies in ``other``
+  (`#630 <https://github.com/zopefoundation/Zope/issues/630>`_).
+
 
 4.0 (2019-05-10)
 ----------------

diff --git a/src/ZPublisher/HTTPRequest.py b/src/ZPublisher/HTTPRequest.py
@@ -1371,26 +1371,30 @@ def get(self, key, default=None, returnTaints=0,
         if returnTaints:
             v = self.taintedform.get(key, _marker)
             if v is not _marker:
-                other[key] = v
+                # Issue 630
+                # other[key] = v
                 return v
 
         # Untrusted data *after* trusted data
         v = self.form.get(key, _marker)
         if v is not _marker:
-            other[key] = v
+            # Issue 630
+            # other[key] = v
             return v
 
         # Return tainted data first (marked as suspect)
         if returnTaints:
             v = self.taintedcookies.get(key, _marker)
             if v is not _marker:
-                other[key] = v
+                # Issue 630
+                # other[key] = v
                 return v
 
         # Untrusted data *after* trusted data
         v = self.cookies.get(key, _marker)
         if v is not _marker:
-            other[key] = v
+            # Issue 630
+            # other[key] = v
             return v
 
         return default