Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merged from trunk: Support for untrusted page templates.
This merge contains a large number of patches from the Zope 3 trunk. These changes collectively cause page templates loaded from the file system to behave as trusted code (similar to what all page templates did previously, except for a few things), and page templates loaded from the database to be treated as untrusted code (so security declarations are honored during traversal and Python code execution). The following revisions are included in this merge: 26175 - make python: expressions that don't compile raise right exception 26637 - re-factor the base module importer for path:modules/ 26639 - explain the untrusted path:modules/ 26640 - clean up some boilerplate 26642 - separate the execution engines for zope.app.pagetemplate 26657 - add tests for trusted and untrusted path:modules/... expressions 26679 - separate python expression compilation to allow override 26688 - implemented restricted Python interpreter for TALES expressions 26689 - add dependency on zope.restrictedpython 26704 - implement untrusted traversal for page templates 26719 - add note about page template security changes
- Loading branch information
Showing
5 changed files
with
324 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.