Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
fd844dca
Commit
fd844dca
authored
Dec 21, 2016
by
Tres Seaver
Committed by
GitHub
Dec 21, 2016
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #83 from zopefoundation/hotfix-copy-213
Don't copy items the user is not allowed to view. [2.13]
parents
1057219b
d336b029
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
70 additions
and
3 deletions
+70
-3
doc/CHANGES.rst
doc/CHANGES.rst
+3
-0
src/OFS/CopySupport.py
src/OFS/CopySupport.py
+39
-3
src/OFS/tests/testCopySupport.py
src/OFS/tests/testCopySupport.py
+28
-0
No files found.
doc/CHANGES.rst
View file @
fd844dca
...
@@ -8,6 +8,9 @@ http://docs.zope.org/zope2/
...
@@ -8,6 +8,9 @@ http://docs.zope.org/zope2/
2.13.25 (unreleased)
2.13.25 (unreleased)
--------------------
--------------------
- Don't copy items the user is not allowed to view.
From Products.PloneHotfix20161129. [maurits]
- Quote variables in manage_tabs and manage_container to avoid XSS.
- Quote variables in manage_tabs and manage_container to avoid XSS.
From Products.PloneHotfix20160830. [maurits]
From Products.PloneHotfix20160830. [maurits]
...
...
src/OFS/CopySupport.py
View file @
fd844dca
...
@@ -16,6 +16,7 @@
...
@@ -16,6 +16,7 @@
from
cgi
import
escape
from
cgi
import
escape
from
marshal
import
dumps
from
marshal
import
dumps
from
marshal
import
loads
from
marshal
import
loads
import
logging
import
re
import
re
import
sys
import
sys
import
tempfile
import
tempfile
...
@@ -61,8 +62,8 @@ class CopyError(Exception):
...
@@ -61,8 +62,8 @@ class CopyError(Exception):
pass
pass
copy_re
=
re
.
compile
(
'^copy([0-9]*)_of_(.*)'
)
copy_re
=
re
.
compile
(
'^copy([0-9]*)_of_(.*)'
)
logger
=
logging
.
getLogger
(
'OFS'
)
_marker
=
[]
_marker
=
[]
class
CopyContainer
(
Base
):
class
CopyContainer
(
Base
):
...
@@ -587,7 +588,42 @@ class CopySource(Base):
...
@@ -587,7 +588,42 @@ class CopySource(Base):
f
.
seek
(
0
)
f
.
seek
(
0
)
ob
=
container
.
_p_jar
.
importFile
(
f
)
ob
=
container
.
_p_jar
.
importFile
(
f
)
f
.
close
()
f
.
close
()
return
ob
# Cleanup the copy. It may contain private objects that the current
# user is not allowed to see.
sm
=
getSecurityManager
()
if
not
sm
.
checkPermission
(
'View'
,
self
):
# The user is not allowed to view the object that is currently
# being copied, so it makes no sense to check any of its sub
# objects. It probably means we are in a test.
return
ob
return
self
.
_cleanupCopy
(
ob
,
container
)
def
_cleanupCopy
(
self
,
cp
,
container
):
sm
=
getSecurityManager
()
ob
=
aq_base
(
self
)
if
hasattr
(
ob
,
'objectIds'
):
for
k
in
self
.
objectIds
():
v
=
self
.
_getOb
(
k
)
if
not
sm
.
checkPermission
(
'View'
,
v
):
# We do not use cp._delObject, because this would fire
# events that are needless for objects that are not even in
# an Acquisition chain yet.
logger
.
warn
(
'While copying %s to %s, removed %s from copy '
'because user is not allowed to view the original.'
,
'/'
.
join
(
self
.
getPhysicalPath
()),
'/'
.
join
(
container
.
getPhysicalPath
()),
'/'
.
join
(
v
.
getPhysicalPath
())
)
cp
.
_delOb
(
k
)
# We need to cleanup the internal objects list, even when
# in some implementations this is always an empty tuple.
cp
.
_objects
=
tuple
([
i
for
i
in
cp
.
_objects
if
i
[
'id'
]
!=
k
])
else
:
# recursively check
v
.
_cleanupCopy
(
cp
.
_getOb
(
k
),
container
)
return
cp
def
_postCopy
(
self
,
container
,
op
=
0
):
def
_postCopy
(
self
,
container
,
op
=
0
):
# Called after the copy is finished to accomodate special cases.
# Called after the copy is finished to accomodate special cases.
...
...
src/OFS/tests/testCopySupport.py
View file @
fd844dca
...
@@ -428,6 +428,34 @@ class TestCopySupportSecurity( CopySupportTestBase ):
...
@@ -428,6 +428,34 @@ class TestCopySupportSecurity( CopySupportTestBase ):
,
ce_regex
=
'Not Supported'
,
ce_regex
=
'Not Supported'
)
)
def
test_copy_cant_copy_invisible_items
(
self
):
# User can view folder1.
# User cannot view private file in folder1.
# When user copies folder1, the private file should not be copied,
# because the user would get the Owner role on the copy,
# and be able to view it anyway.
from
AccessControl.Permissions
import
add_folders
from
AccessControl.Permissions
import
view
folder1
,
folder2
=
self
.
_initFolders
()
manage_addFile
(
folder1
,
'private'
,
file
=
''
,
content_type
=
'text/plain'
)
manage_addFile
(
folder1
,
'public'
,
file
=
''
,
content_type
=
'text/plain'
)
folder1
.
private
.
manage_permission
(
view
,
roles
=
(),
acquire
=
0
)
folder2
.
manage_permission
(
add_folders
,
roles
=
(
'Anonymous'
,),
acquire
=
1
)
copy_info
=
folder2
.
manage_pasteObjects
(
self
.
app
.
manage_copyObjects
(
'folder1'
)
)
new_id
=
copy_info
[
0
][
'new_id'
]
new_folder
=
folder2
[
new_id
]
# The private item should not be in the copy.
self
.
assertTrue
(
'private'
not
in
new_folder
.
objectIds
())
# There is nothing wrong with copying the public item.
self
.
assertTrue
(
'public'
in
new_folder
.
objectIds
())
def
test_move_baseline
(
self
):
def
test_move_baseline
(
self
):
folder1
,
folder2
=
self
.
_initFolders
()
folder1
,
folder2
=
self
.
_initFolders
()
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment