1. 15 Jan, 2004 15 commits
    • Tres Seaver's avatar
      · dd724d52
      Tres Seaver authored
        - Wire up security policy selection machinery to ZConfig (note that the
          'C' policy is currently borked, but should be fixed very soon).
      dd724d52
    • Tres Seaver's avatar
      · 2a8a5e38
      Tres Seaver authored
        - Don't allow Unicode strings to be passed to response.write() (merged
          from 2.6 / 2.7 audit).
      2a8a5e38
    • Tres Seaver's avatar
      · d0ebdc24
      Tres Seaver authored
        - HTTPResponse.py:  CGI escapes (merged from 2.6 / 2.7 audit).
      
        - xmlrpc.py:  Exclude "private" attributes when marshalling an instance
          as an XML-RPC dict (merged from 2.6 / 2.7 audit).
      d0ebdc24
    • Tres Seaver's avatar
      · e8367f7c
      Tres Seaver authored
        - SimpleTree.py:  CGI escapes (merged from 2.6 / 2.7 audit).
      
        - Tree.py:  prevent DoS agains tree state cookie decompression (merged
          from 2.6 / 2.7 audit).
      e8367f7c
    • Tres Seaver's avatar
      · 02fd1908
      Tres Seaver authored
        - Prevent DoS attack against decompression of tree state cookie (merged
          from 2.6 / 2.7 audit).
      02fd1908
    • Tres Seaver's avatar
      · 19ec785f
      Tres Seaver authored
        - Bindings.py:  verify access to 'context' and 'container' names before
          returning (merged from 2.6 / 2.7 audit).
      
        - dtml/scriptTry.dtml:  CGI escapes (merged from 2.6 / 2.7 audit).
      19ec785f
    • Tres Seaver's avatar
      - Merge CGI escapes from 2.6 / 2.7 audit. · b9e11ef3
      Tres Seaver authored
      b9e11ef3
    • Tres Seaver's avatar
      24953cfa
    • Tres Seaver's avatar
      · 9987c387
      Tres Seaver authored
        - CGI escape merge (from 2.6 / 2.7 audit).
      
        - Store 'lines' and 'tokens' properties as tuples, not lists (merge from
          2.6 / 2.7 audit).
      9987c387
    • Tres Seaver's avatar
      · 0a6d5840
      Tres Seaver authored
      
        - Add security assertions for FindSupport (merge from 2.6 / 2.7 audit).
      0a6d5840
    • Tres Seaver's avatar
      · a3c1daef
      Tres Seaver authored
        - Disentangle permission settings for related classes (merge from 2.6
          / 2.7 audit).
      a3c1daef
    • Tres Seaver's avatar
      - More CGI escape merge. · 9c067031
      Tres Seaver authored
      9c067031
    • Tres Seaver's avatar
      · e131d462
      Tres Seaver authored
        - Merge CGI-escape templating changes from 2.6 / 2.7 audit work.
      e131d462
    • Tres Seaver's avatar
      · 342fcf0a
      Tres Seaver authored
      
        - Use 'test.py' as the driver for 'make test', rather than
          'utilities/testrunner.py'.
      342fcf0a
    • Evan Simpson's avatar
      Collector #1074: Change Scripts' __name__ to None, added unit tests for the... · cfd16e84
      Evan Simpson authored
      Collector #1074: Change Scripts' __name__ to None, added unit tests for the effect of __name__ on class definitions and imports.
      cfd16e84
  2. 14 Jan, 2004 4 commits
  3. 13 Jan, 2004 3 commits
  4. 11 Jan, 2004 1 commit
  5. 08 Jan, 2004 4 commits
  6. 07 Jan, 2004 2 commits
  7. 06 Jan, 2004 4 commits
  8. 05 Jan, 2004 4 commits
  9. 02 Jan, 2004 3 commits