- 15 Jan, 2004 14 commits
-
-
Tres Seaver authored
- Don't allow Unicode strings to be passed to response.write() (merged from 2.6 / 2.7 audit).
-
Tres Seaver authored
- HTTPResponse.py: CGI escapes (merged from 2.6 / 2.7 audit). - xmlrpc.py: Exclude "private" attributes when marshalling an instance as an XML-RPC dict (merged from 2.6 / 2.7 audit).
-
Tres Seaver authored
- SimpleTree.py: CGI escapes (merged from 2.6 / 2.7 audit). - Tree.py: prevent DoS agains tree state cookie decompression (merged from 2.6 / 2.7 audit).
-
Tres Seaver authored
- Prevent DoS attack against decompression of tree state cookie (merged from 2.6 / 2.7 audit).
-
Tres Seaver authored
- Bindings.py: verify access to 'context' and 'container' names before returning (merged from 2.6 / 2.7 audit). - dtml/scriptTry.dtml: CGI escapes (merged from 2.6 / 2.7 audit).
-
Tres Seaver authored
-
Tres Seaver authored
-
Tres Seaver authored
- CGI escape merge (from 2.6 / 2.7 audit). - Store 'lines' and 'tokens' properties as tuples, not lists (merge from 2.6 / 2.7 audit).
-
Tres Seaver authored
- Add security assertions for FindSupport (merge from 2.6 / 2.7 audit).
-
Tres Seaver authored
- Disentangle permission settings for related classes (merge from 2.6 / 2.7 audit).
-
Tres Seaver authored
-
Tres Seaver authored
- Merge CGI-escape templating changes from 2.6 / 2.7 audit work.
-
Tres Seaver authored
- Use 'test.py' as the driver for 'make test', rather than 'utilities/testrunner.py'.
-
Evan Simpson authored
Collector #1074: Change Scripts' __name__ to None, added unit tests for the effect of __name__ on class definitions and imports.
-
- 14 Jan, 2004 4 commits
-
-
Brian Lloyd authored
-
Brian Lloyd authored
-
Brian Lloyd authored
-
Andreas Jung authored
-
- 13 Jan, 2004 3 commits
-
-
Jeremy Hylton authored
Adds an option to spawn a process and capture its I/O. Just a checkpoint because it doesn't do anything with the captured I/O yet.
-
Jeremy Hylton authored
-
Jeremy Hylton authored
Refactor the main SvcDoRun() method to make it a little easier to read. Move the details of log messages to helper methods. Trim comments that explain obvious code. Make log messages read the same as zdaemon log messages.
-
- 11 Jan, 2004 1 commit
-
-
Chris McDonough authored
Don't throw misleading warnings about duplicate products on product path unless there actually are duplicate products on product path.� Also, add unit tests for product initialization.
-
- 08 Jan, 2004 4 commits
-
-
Andreas Jung authored
- Range searches with KeywordIndexes did not work with record-style query parameters
-
Andreas Jung authored
-
Andreas Jung authored
- 07 Jan, 2004 2 commits
-
-
Fred Drake authored
-
Andreas Jung authored
- Using "_usage" parameters in a ZCatalog query is deprecated and logged as DeprecationWarning.
-
- 06 Jan, 2004 4 commits
-
-
Fred Drake authored
-
Fred Drake authored
ZConfig.components.logger, adding only what's special about the zLOG version of the factory
-
Fred Drake authored
-
Andreas Jung authored
logged as DeprecationWarning.
-
- 05 Jan, 2004 4 commits
-
-
Fred Drake authored
ZConfig.logger.log type, since it does
-
Fred Drake authored
the logging package; this avoids lots of code duplication
-
Fred Drake authored
-
Fred Drake authored
-
- 02 Jan, 2004 4 commits
-
-
Fred Drake authored
-
Fred Drake authored
-
Fred Drake authored
-
Fred Drake authored
-