Commits · c6fcf3e8e1b8097bf22e188e2378050828085704 · Kirill Smelkov / Zope

10 May, 2017 1 commit

Explicitly require Manager role for `AltDatabaseManager`. · c6fcf3e8

Maurits van Rees authored May 10, 2017

If you use experimental.publishtraverse and try to call manage_pack,
it warns that the object (the manage_pack function) has no roles.
In strict mode it will fail.
This is an indication that the function *might* be available for anonymous users.
That is not the case here, but being strict seems good.

c6fcf3e8

20 Feb, 2017 3 commits
- Update maintainer docs [ci skip]. · d8693682
  Hanno Schlichting authored Feb 20, 2017
  
  d8693682
- vb [ci skip] · 9ea657c4
  Hanno Schlichting authored Feb 20, 2017
  
  9ea657c4
- Finalize changelog 2.13.26 release · 48f46ea2
  Hanno Schlichting authored Feb 20, 2017
  
  48f46ea2
15 Feb, 2017 1 commit

Test that `str.format` checks security for accessed attributes (#93) · bcbb2290

Maurits van Rees authored Feb 15, 2017

* Test that `str.format` checks the security for attributes that are accessed.

Part of PloneHotfix20170117.

This needs https://github.com/zopefoundation/AccessControl/pull/23
This was merged, but not released yet, so we add AccessControl to auto-checkout for now.

* AccessControl has a release, no need for auto-checkout anymore.

bcbb2290

18 Jan, 2017 2 commits

Fixed dummy runTest on functional test case. (#89) · ecfd7b1b

Maurits van Rees authored Jan 18, 2017

In functional doc tests you can apparently have a test case that has
no runTest method.  Until now the Testing package added a dummy
runTest method in that case, and set it to None.

But when this dummy runTest method gets called, you get an error:

  Error in test runTest (Testing.ZopeTestCase.ZopeTestCase.FunctionalTestCase)
  Traceback (most recent call last):
    File ".../lib/python2.7/unittest/case.py", line 329, in run
      testMethod()
  TypeError: 'NoneType' object is not callable

Simply importing Testing.ZopeTestCase.FunctionalTestCase in a new test
file may be enough to trigger this.

So this has something to do with the order in which tests are found.

I fixed it by making the dummy runTest method callable.

ecfd7b1b

Merge pull request #86 from zopefoundation/apply-plonehotfix-20170717-213 · 554c81bc
Tres Seaver authored Jan 17, 2017
```
Apply plonehotfix 20170717 [2.13]
```
554c81bc

17 Jan, 2017 2 commits
- Fixed reflective XSS in findResult. · e130ee11
  Maurits van Rees authored Jan 17, 2017
```
This applies PloneHotfix20170117.
```
  e130ee11
- Nuke trailing white space in findResult.dtml · 4223f551
  Maurits van Rees authored Jan 17, 2017
  
  4223f551
13 Jan, 2017 7 commits
- svb · c668b3ef
  Hanno Schlichting authored Jan 13, 2017
  
  c668b3ef
- Finalize changelog 2.13.25 release. · 26b7d34e
  Hanno Schlichting authored Jan 13, 2017
  
  26b7d34e
- Spelling [ci skip]. · 9739c0fd
  Hanno Schlichting authored Jan 13, 2017
  
  9739c0fd
- Run all tests on travis and cache eggs/pip. · b11a3037
  Hanno Schlichting authored Jan 13, 2017
  
  b11a3037
- Restrict more tooling dependencies to old versions. · 4483381a
  Hanno Schlichting authored Jan 13, 2017
  
  4483381a
- Add a dependency on the empty ZServer project. · ce5d0149
  Hanno Schlichting authored Jan 13, 2017
  
  ce5d0149
- Whitespace and additional git ignores. · 6e1a695b
  Hanno Schlichting authored Jan 13, 2017
  
  6e1a695b
27 Dec, 2016 2 commits
- Merge pull request #81 from zopefoundation/patch-interface-213 · 11908446
  Maurits van Rees authored Dec 27, 2016
```
Patch zope.interface to remove docstrings and avoid publishing.
```
  11908446
- Patch zope.interface to remove docstrings and avoid publishing. · 4ffa049b
  Maurits van Rees authored Dec 05, 2016
```
From Products.PloneHotfix20161129.
Signed-off-by: Maurits van Rees <maurits@vanrees.org>
```
  4ffa049b
21 Dec, 2016 3 commits
- Merge pull request #83 from zopefoundation/hotfix-copy-213 · fd844dca
  Tres Seaver authored Dec 21, 2016
```
Don't copy items the user is not allowed to view. [2.13]
```
  fd844dca
- Include the target folder when warning about partial copy. · d336b029
  Maurits van Rees authored Dec 21, 2016
  
  d336b029
- Log a warning when making a partial copy. · 8c85cda9
  Maurits van Rees authored Dec 21, 2016
  
  8c85cda9
08 Dec, 2016 1 commit
- Don't copy items the user is not allowed to view. · f58a2968
  Maurits van Rees authored Dec 08, 2016
```
From Products.PloneHotfix20161129.
```
  f58a2968
15 Sep, 2016 2 commits
- Merge pull request #72 from EcrinDe/2.13 · 1057219b
  Tres Seaver authored Sep 15, 2016
```
Add support for optional 'SameSite' cookie attribute
```
  1057219b
- Update CHANGES.rst and add explenation on SameSite cookie · 1c656163
  Cédric Le Ninivin authored Sep 15, 2016
  
  1c656163
14 Sep, 2016 1 commit

Add support for optional 'SameSite' cookie attribute · c3550a55

Cédric Le Ninivin authored Sep 12, 2016

As described in the definition document by the ietf:
https://tools.ietf.org/html/draft-west-first-party-cookies-07

"The 'SameSite' attribute allows servers to assert that a cookie
ought not to be sent along with cross-site requests. This assertion
allows user agents to mitigate the risk of cross-origin information
leakage, and provides some protection against cross-site request
forgery attacks."

c3550a55

09 Sep, 2016 1 commit
- Merge pull request #70 from zopefoundation/revert-contains-optimization-on-213 · 99a37fec
  Hanno Schlichting authored Sep 09, 2016
```
Revert "Optimize 'OFS.ObjectManager.__contains__' method"
```
  99a37fec
08 Sep, 2016 1 commit

Revert "Optimize 'OFS.ObjectManager.__contains__' method" · 0ab78eae

Maurits van Rees authored Sep 08, 2016

It causes problems with ZCatalog indexes.
See https://github.com/zopefoundation/Zope/issues/69

This reverts commit 753683e3.

0ab78eae

07 Sep, 2016 3 commits
- Merge pull request #67 from zopefoundation/apply-plone-hotfix-20160830-213 · a8139d86
  Hanno Schlichting authored Sep 07, 2016
```
Quote variables in manage_tabs and manage_container to avoid XSS [2.13]
```
  a8139d86
- Quote variables in manage_tabs and manage_container to avoid XSS. · 39d6f9fb
  Maurits van Rees authored Sep 07, 2016
```
From Products.PloneHotfix20160830.
```
  39d6f9fb
- Nuked trailing white space from manage_tabs.dtml. · e0a09da0
  Maurits van Rees authored Sep 07, 2016
  
  e0a09da0
02 Aug, 2016 1 commit
- Add a dependency on the empty `Products.TemporaryFolder` project. · 1159dfd8
  Hanno Schlichting authored Aug 02, 2016
  
  1159dfd8
01 Aug, 2016 1 commit

Add a dependency on the empty `Products.Sessions` project. · 8af7aba9

Hanno Schlichting authored Aug 01, 2016

The 3.0 release of the project contains no code. It allows projects
to declare a dependency on it for forward compatibility with Zope 4.

8af7aba9

17 Jul, 2016 3 commits
- Merge pull request #63 from zopefoundation/apply-hotfix-20160419-rebased · 547be401
  Hanno Schlichting authored Jul 17, 2016
```
Apply hotfix 20160419 rebased
```
  547be401
- Removed more docstrings. · cc6c0ee9
  Maurits van Rees authored Apr 20, 2016
  
  cc6c0ee9
- Removed docstrings from some methods to avoid publishing them. · bef2d017
  Maurits van Rees authored Apr 20, 2016
```
From Products.PloneHotfix20160419.
```
  bef2d017
29 Jun, 2016 2 commits
- Merge pull request #62 from zopefoundation/patch2 · 0b382a60
  Tres Seaver authored Jun 29, 2016
```
Optimize "OFS.ObjectManager.__contains__" method (backport)
```
  0b382a60
- Optimize 'OFS.ObjectManager.__contains__' method · 753683e3
  Malthe Borch authored Jun 29, 2016
```
Backported from master.
```
  753683e3
04 Mar, 2016 2 commits
- Merge pull request #52 from zopefoundation/fixes/changelog-rendering · 561a1f4c
  Maurits van Rees authored Mar 04, 2016
```
fix ReST rendering problem in changelog
```
  561a1f4c
- fix ReST rendering problem in changelog · 0c80c7a8
  Jens W. Klein authored Mar 04, 2016
  
  0c80c7a8
29 Feb, 2016 1 commit
- svb · 845683f7
  Tres Seaver authored Feb 29, 2016
```
[ci skip]
```
  845683f7