- reStructuredText/ZReST: setting raw_enabled to 0 for security

reasons

- reStructuredText/ZReST: setting raw_enabled to 0 for security
reasons
70fcae74 · Andreas Jung · 8e67e9ae · 70fcae74 · 70fcae74 · 70fcae74
Commit 70fcae74 authored Jul 05, 2006 by Andreas Jung
Showing with 7 additions and 0 deletions

doc/CHANGES.txt doc/CHANGES.txt +3 -0

lib/python/Products/ZReST/ZReST.py lib/python/Products/ZReST/ZReST.py +3 -0

lib/python/reStructuredText/__init__.py lib/python/reStructuredText/__init__.py +1 -0

No files found.
--- a/doc/CHANGES.txt
+++ b/doc/CHANGES.txt
@@ -18,6 +18,9 @@ Zope Changes

   Bugs fixed

+      - reStructuredText/ZReST: setting raw_enabled to 0 for security
+        reasons
+
      - Collector #2113:  'zopectl test' often masked Ctrl-C.

      - OFS Application: Updated deprecation warnings.

--- a/lib/python/Products/ZReST/ZReST.py
+++ b/lib/python/Products/ZReST/ZReST.py
@@ -210,6 +210,9 @@ class ZReST(Item, PropertyManager, Historical, Implicit, Persistent):
            # disallow use of the .. include directive for security reasons
            pub.settings.file_insertion_enabled = 0

+            # disallow insertion of raw data through for security reasons
+            pub.settings.raw_enabled = 0
+
            # don't break if we get errors
            pub.settings.halt_level = 6


--- a/lib/python/reStructuredText/__init__.py
+++ b/lib/python/reStructuredText/__init__.py
@@ -72,6 +72,7 @@ def render(src,
    settings['output_encoding'] = output_encoding
    settings['stylesheet'] = stylesheet
    settings['file_insertion_enabled'] = 0
+    settings['raw_enabled'] = 0
    if language_code:
        settings['language_code'] = language_code
    settings['language_code'] = language_code