Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Gabriel Monnerat
erp5
Commits
3b2430b6
Commit
3b2430b6
authored
Oct 25, 2013
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
explicitly check if PUT() is called with PUT request method.
parent
f84e2f62
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
30 additions
and
7 deletions
+30
-7
product/ERP5/Document/Coordinate.py
product/ERP5/Document/Coordinate.py
+5
-3
product/ERP5/Document/File.py
product/ERP5/Document/File.py
+0
-4
product/ERP5Form/Form.py
product/ERP5Form/Form.py
+3
-0
product/ERP5Type/WebDAVSupport.py
product/ERP5Type/WebDAVSupport.py
+5
-0
product/ERP5Type/mixin/component.py
product/ERP5Type/mixin/component.py
+3
-0
product/ERP5Type/patches/OFSImage.py
product/ERP5Type/patches/OFSImage.py
+11
-0
product/Localizer/MessageCatalog.py
product/Localizer/MessageCatalog.py
+3
-0
No files found.
product/ERP5/Document/Coordinate.py
View file @
3b2430b6
...
...
@@ -28,6 +28,7 @@
import
zope.interface
from
AccessControl
import
ClassSecurityInfo
from
zExceptions
import
Forbidden
from
Products.ERP5Type
import
Permissions
,
PropertySheet
,
interfaces
from
Products.ERP5Type.Base
import
Base
...
...
@@ -220,9 +221,10 @@ class Coordinate(Base):
"""
Handle HTTP / WebDAV / FTP PUT requests.
"""
if
not
NoWL
:
self
.
dav__init
(
REQUEST
,
RESPONSE
)
self
.
dav__simpleifhandler
(
REQUEST
,
RESPONSE
,
refresh
=
1
)
self
.
dav__init
(
REQUEST
,
RESPONSE
)
self
.
dav__simpleifhandler
(
REQUEST
,
RESPONSE
,
refresh
=
1
)
if
REQUEST
.
environ
[
'REQUEST_METHOD'
]
!=
'PUT'
:
raise
Forbidden
,
'REQUEST_METHOD should be PUT.'
body
=
REQUEST
.
get
(
'BODY'
,
''
)
try
:
self
.
_writeFromPUT
(
body
)
...
...
product/ERP5/Document/File.py
View file @
3b2430b6
...
...
@@ -201,10 +201,6 @@ class File(Document, CMFFile):
else
:
return
str
(
data
)
security
.
declareProtected
(
Permissions
.
ModifyPortalContent
,
'PUT'
)
def
PUT
(
self
,
REQUEST
,
RESPONSE
):
CMFFile
.
PUT
(
self
,
REQUEST
,
RESPONSE
)
# DAV Support
PUT
=
CMFFile
.
PUT
security
.
declareProtected
(
Permissions
.
FTPAccess
,
'manage_FTPstat'
,
...
...
product/ERP5Form/Form.py
View file @
3b2430b6
...
...
@@ -45,6 +45,7 @@ from ZODB.POSException import ConflictError
from
zExceptions
import
Redirect
from
Acquisition
import
aq_base
from
Products.PageTemplates.Expressions
import
SecureModuleImporter
from
zExceptions
import
Forbidden
from
Products.ERP5Type.PsycoWrapper
import
psyco
from
Products.ERP5Type.Base
import
Base
...
...
@@ -772,6 +773,8 @@ class ERP5Form(Base, ZMIForm, ZopePageTemplate):
"""Handle HTTP PUT requests."""
self
.
dav__init
(
REQUEST
,
RESPONSE
)
self
.
dav__simpleifhandler
(
REQUEST
,
RESPONSE
,
refresh
=
1
)
if
REQUEST
.
environ
[
'REQUEST_METHOD'
]
!=
'PUT'
:
raise
Forbidden
,
'REQUEST_METHOD should be PUT.'
body
=
REQUEST
.
get
(
'BODY'
,
''
)
# Empty the form (XMLToForm is unable to empty things before reopening)
for
k
in
self
.
get_field_ids
():
...
...
product/ERP5Type/WebDAVSupport.py
View file @
3b2430b6
...
...
@@ -26,6 +26,7 @@ from Products.CMFDefault.utils import html_headcheck
from
Products.CMFDefault.utils
import
bodyfinder
from
Products.CMFDefault.utils
import
SimpleHTMLParser
as
CMFSimpleHTMLParser
from
zLOG
import
LOG
from
zExceptions
import
Forbidden
security
=
ModuleSecurityInfo
(
'Products.ERP5Type.WebDAVSupport'
)
...
...
@@ -117,6 +118,8 @@ class TextContent:
""" Handle HTTP (and presumably FTP?) PUT requests """
self
.
dav__init
(
REQUEST
,
RESPONSE
)
self
.
dav__simpleifhandler
(
REQUEST
,
RESPONSE
,
refresh
=
1
)
if
REQUEST
.
environ
[
'REQUEST_METHOD'
]
!=
'PUT'
:
raise
Forbidden
,
'REQUEST_METHOD should be PUT.'
body
=
REQUEST
.
get
(
'BODY'
,
''
)
try
:
...
...
@@ -208,6 +211,8 @@ def PUT(self, REQUEST, RESPONSE):
return
NullResource_PUT
(
self
,
REQUEST
,
RESPONSE
)
self
.
dav__init
(
REQUEST
,
RESPONSE
)
if
REQUEST
.
environ
[
'REQUEST_METHOD'
]
!=
'PUT'
:
raise
Forbidden
,
'REQUEST_METHOD should be PUT.'
name
=
self
.
__name__
parent
=
self
.
__parent__
...
...
product/ERP5Type/mixin/component.py
View file @
3b2430b6
...
...
@@ -38,6 +38,7 @@ from Products.ERP5Type import Permissions
from
Products.ERP5Type.Base
import
Base
from
Products.ERP5Type.Accessor.Constant
import
PropertyGetter
as
ConstantGetter
from
Products.ERP5Type.ConsistencyMessage
import
ConsistencyMessage
from
zExceptions
import
Forbidden
from
zLOG
import
LOG
,
INFO
...
...
@@ -290,6 +291,8 @@ class ComponentMixin(PropertyRecordableMixin, Base):
"""
self
.
dav__init
(
REQUEST
,
RESPONSE
)
self
.
dav__simpleifhandler
(
REQUEST
,
RESPONSE
,
refresh
=
1
)
if
REQUEST
.
environ
[
'REQUEST_METHOD'
]
!=
'PUT'
:
raise
Forbidden
,
'REQUEST_METHOD should be PUT.'
text_content
=
REQUEST
.
get
(
'BODY'
)
if
text_content
is
None
:
...
...
product/ERP5Type/patches/OFSImage.py
View file @
3b2430b6
...
...
@@ -19,6 +19,7 @@
import
OFS.Image
import
struct
from
cStringIO
import
StringIO
from
zExceptions
import
Forbidden
def
getImageInfo_with_svg_fix
(
data
):
data
=
str
(
data
)
...
...
@@ -83,3 +84,13 @@ def getImageInfo_with_svg_fix(data):
return
content_type
,
width
,
height
OFS
.
Image
.
getImageInfo
=
getImageInfo_with_svg_fix
PUT_orig
=
OFS
.
Image
.
File
.
PUT
def
PUT
(
self
,
REQUEST
,
RESPONSE
):
"""Handle HTTP PUT requests"""
if
REQUEST
.
environ
[
'REQUEST_METHOD'
]
!=
'PUT'
:
raise
Forbidden
,
'REQUEST_METHOD should be PUT.'
return
PUT_orig
(
self
,
REQUEST
,
RESPONSE
)
OFS
.
Image
.
File
.
PUT
=
PUT
product/Localizer/MessageCatalog.py
View file @
3b2430b6
...
...
@@ -46,6 +46,7 @@ from zope.i18n import interpolate
from
zope.i18n.interfaces
import
ITranslationDomain
from
zope.interface
import
implements
from
zLOG
import
LOG
,
INFO
from
zExceptions
import
Forbidden
# Import from Localizer
from
interfaces
import
IMessageCatalog
...
...
@@ -737,6 +738,8 @@ class POFile(SimpleItem):
security
.
declareProtected
(
'Manage messages'
,
'PUT'
)
def
PUT
(
self
,
REQUEST
,
RESPONSE
):
""" """
if
REQUEST
.
environ
[
'REQUEST_METHOD'
]
!=
'PUT'
:
raise
Forbidden
,
'REQUEST_METHOD should be PUT.'
body
=
REQUEST
[
'BODY'
]
self
.
po_import
(
self
.
id
,
body
)
RESPONSE
.
setStatus
(
204
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment