Commit c717ab10 authored by Tres Seaver's avatar Tres Seaver

Fix yet another resTructuredText glitch, and add tests (test backported from

2.9, which was not in fact vulnerable).
parent 4724c08d
...@@ -8,6 +8,9 @@ Zope Changes ...@@ -8,6 +8,9 @@ Zope Changes
Bugs fixed Bugs fixed
- Fix yet another resTructuredText glitch, and add tests (test
backported from 2.9, which was not in fact vulnerable).
- Collector #2157: Expose name of broken class in SystemError raised - Collector #2157: Expose name of broken class in SystemError raised
from '__getstate__' of a broken instance. from '__getstate__' of a broken instance.
......
...@@ -3,6 +3,12 @@ ...@@ -3,6 +3,12 @@
$Id$ $Id$
""" """
import unittest import unittest
import tempfile
csv_text = """bin:x:1:1:bin:/bin:/bin/bash
daemon:x:2:2:Daemon:/sbin:/bin/bash
"""
class TestZReST(unittest.TestCase): class TestZReST(unittest.TestCase):
...@@ -13,6 +19,11 @@ class TestZReST(unittest.TestCase): ...@@ -13,6 +19,11 @@ class TestZReST(unittest.TestCase):
def _makeOne(self, id='test', *args, **kw): def _makeOne(self, id='test', *args, **kw):
return self._getTargetClass()(id=id, *args, **kw) return self._getTargetClass()(id=id, *args, **kw)
def _csvfile(self):
fn = tempfile.mktemp()
open(fn, 'w').write(csv_text)
return fn
def test_empty(self): def test_empty(self):
empty = self._makeOne() empty = self._makeOne()
...@@ -59,6 +70,24 @@ class TestZReST(unittest.TestCase): ...@@ -59,6 +70,24 @@ class TestZReST(unittest.TestCase):
resty.source = '.. raw:: html\n :url: http://www.zope.org/' resty.source = '.. raw:: html\n :url: http://www.zope.org/'
self.assertRaises(NotImplementedError, resty.render) self.assertRaises(NotImplementedError, resty.render)
def test_csv_table_file_option_raise(self):
resty = self._makeOne()
csv_file = self._csvfile()
resty.source = '.. csv-table:: \n :file: %s' % csv_file
result = resty.render()
self.failUnless('daemon' not in result,
'csv-table/file directive is not disabled!')
def test_csv_table_url_option_raise(self):
resty = self._makeOne()
csv_file = self._csvfile()
resty.source = '.. csv-table:: \n :url: file://%s' % csv_file
result = resty.render()
self.failUnless('daemon' not in result,
'csv-table/url directive is not disabled!')
def test_suite(): def test_suite():
suite = unittest.TestSuite() suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(TestZReST)) suite.addTest(unittest.makeSuite(TestZReST))
......
...@@ -74,7 +74,7 @@ def render(src, ...@@ -74,7 +74,7 @@ def render(src,
if language_code: if language_code:
settings['language_code'] = language_code settings['language_code'] = language_code
settings['language_code'] = language_code settings['language_code'] = language_code
settings['file_insertion_enabled '] = 0 settings['file_insertion_enabled'] = 0
settings['raw_enabled'] = 0 settings['raw_enabled'] = 0
# starting level for <H> elements: # starting level for <H> elements:
settings['initial_header_level'] = initial_header_level + 1 settings['initial_header_level'] = initial_header_level + 1
......
...@@ -48,6 +48,18 @@ text ...@@ -48,6 +48,18 @@ text
source = '.. raw:: html\n :url: http://www.zope.org' source = '.. raw:: html\n :url: http://www.zope.org'
self.assertRaises(NotImplementedError, HTML, source) self.assertRaises(NotImplementedError, HTML, source)
def test_csv_table_file_option_raise(self):
source = '.. csv-table:: \n :file: inclusion.txt'
result = HTML(source)
self.failUnless('directive disabled' in result)
def test_csv_table_url_option_raise(self):
source = '.. csv-table:: \n :url: http://www.evil.org'
result = HTML(source)
self.failUnless('directive disabled' in result)
def test_suite(): def test_suite():
from unittest import TestSuite, makeSuite from unittest import TestSuite, makeSuite
return TestSuite((makeSuite(TestReST),)) return TestSuite((makeSuite(TestReST),))
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment