Mercurial > p > roundup > code

annotate roundup/cgi/PageTemplates/__init__.py @ 8356:63390dcfcfe9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug: fix template use of structure with untrusted data Looks like an xSS bug with an early version of the template that was fixed in the code but never in the deployed tracker. It has been a while since this particular construct has been in the classic template which is the base for the tracker. This has been fixed on the deployed tracker as well. reported by 4bug of ChaMd5 Security Team H1 Group
author John Rouillard <rouilj@ieee.org>
date Tue, 08 Jul 2025 10:23:09 -0400
parents 6e3e4f24c753
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1049
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
1 ##############################################################################
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
2 #
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
3 # Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
2349
b43efe461b3e update PageTemplates to latest Zope codebase
Richard Jones <richard@users.sourceforge.net>
parents: 2005
diff changeset
4 #
1049
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
5 # This software is subject to the provisions of the Zope Public License,
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
6 # Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
7 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
8 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 # FOR A PARTICULAR PURPOSE
2349
b43efe461b3e update PageTemplates to latest Zope codebase
Richard Jones <richard@users.sourceforge.net>
parents: 2005
diff changeset
11 #
1049
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12 ##############################################################################
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
13 __doc__='''Package wrapper for Page Templates
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
14
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
15 This wrapper allows the Page Template modules to be segregated in a
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16 separate package.
4570
6e3e4f24c753 Remove keyword expansions from CVS. All regression tests passed afterwards.
Eric S. Raymond <esr@thyrsus.com>
parents: 2349
diff changeset
17 '''
1049
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
18 __version__='$$'[11:-2]
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
19
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
20
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
21 # Placeholder for Zope Product data
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
22 misc_ = {}
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
23
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
24 def initialize(context):
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
25 # Import lazily, and defer initialization to the module
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
26 import ZopePageTemplate
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
27 ZopePageTemplate.initialize(context)
Roundup Issue Tracker: http://roundup-tracker.org/