disabled the reST .. include directive

cf4279c7 · Andreas Jung · 59a2fae2 · cf4279c7 · cf4279c7
Commit cf4279c7 authored Oct 09, 2005 by Andreas Jung
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

lib/python/Products/ZReST/ZReST.py lib/python/Products/ZReST/ZReST.py +3 -0

lib/python/reStructuredText/__init__.py lib/python/reStructuredText/__init__.py +1 -0

No files found.
--- a/lib/python/Products/ZReST/ZReST.py
+++ b/lib/python/Products/ZReST/ZReST.py
@@ -192,6 +192,9 @@ class ZReST(Item, PropertyManager, Historical, Implicit, Persistent):
        # set the reporting level to something sane
        pub.settings.report_level = int(self.report_level)
+        # disallow use of the .. include directive for security reasons
+        pub.settings.file_insertion_enabled = 0
        # don't break if we get errors
        pub.settings.halt_level = 6

--- a/lib/python/reStructuredText/__init__.py
+++ b/lib/python/reStructuredText/__init__.py
@@ -74,6 +74,7 @@ def render(src,
    if language_code:
        settings['language_code'] = language_code
    settings['language_code'] = language_code
+    settings['file_insertion_enabled '] = 0
    # starting level for <H> elements:
    settings['initial_header_level'] = initial_header_level + 1
    # set the reporting level to something sane: