Commit 4ba9038c authored by Tres Seaver's avatar Tres Seaver

Fix serious authentication vulnerability in stock configuration.

parent 1ff03705
......@@ -11,6 +11,8 @@ http://docs.zope.org/zope2/releases/.
Bugs Fixed
++++++++++
- Fixed serious authentication vulnerability in stock configuration.
- Fixed a regression in webdav support that broke external editor feature.
- Restore ability to undo multiple transactions from the ZMI by using the
......
......@@ -17,7 +17,15 @@ import unittest
# TODO class Test_readUserAccessFile(unittest.TestCase)
# TODO class BasicUserFoldertests(unittest.TestCase)
class BasicUserFolderTests(unittest.TestCase):
def _getTargetClass(self):
from OFS.userfolder import BasicUserFolder
return BasicUserFolder
def test_manage_users_security_initialized(self):
uf = self._getTargetClass()()
self.assertTrue(hasattr(uf, 'manage_users__roles__'))
class UserFolderTests(unittest.TestCase):
......@@ -171,6 +179,8 @@ class UserFolderTests(unittest.TestCase):
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(UserFolderTests))
suite = unittest.TestSuite((
unittest.makeSuite(BasicUserFolderTests),
unittest.makeSuite(UserFolderTests),
))
return suite
......@@ -293,6 +293,8 @@ class BasicUserFolder(Navigation, Tabs, Item, RoleManager,
message='Cannot change the id of a UserFolder',
action='./manage_main'))
InitializeClass(BasicUserFolder)
class UserFolder(accesscontrol_userfolder.UserFolder, BasicUserFolder):
"""Standard UserFolder object
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment