Commit 4ba9038c authored by Tres Seaver's avatar Tres Seaver

Fix serious authentication vulnerability in stock configuration.

parent 1ff03705
...@@ -11,6 +11,8 @@ http://docs.zope.org/zope2/releases/. ...@@ -11,6 +11,8 @@ http://docs.zope.org/zope2/releases/.
Bugs Fixed Bugs Fixed
++++++++++ ++++++++++
- Fixed serious authentication vulnerability in stock configuration.
- Fixed a regression in webdav support that broke external editor feature. - Fixed a regression in webdav support that broke external editor feature.
- Restore ability to undo multiple transactions from the ZMI by using the - Restore ability to undo multiple transactions from the ZMI by using the
......
...@@ -17,7 +17,15 @@ import unittest ...@@ -17,7 +17,15 @@ import unittest
# TODO class Test_readUserAccessFile(unittest.TestCase) # TODO class Test_readUserAccessFile(unittest.TestCase)
# TODO class BasicUserFoldertests(unittest.TestCase) class BasicUserFolderTests(unittest.TestCase):
def _getTargetClass(self):
from OFS.userfolder import BasicUserFolder
return BasicUserFolder
def test_manage_users_security_initialized(self):
uf = self._getTargetClass()()
self.assertTrue(hasattr(uf, 'manage_users__roles__'))
class UserFolderTests(unittest.TestCase): class UserFolderTests(unittest.TestCase):
...@@ -171,6 +179,8 @@ class UserFolderTests(unittest.TestCase): ...@@ -171,6 +179,8 @@ class UserFolderTests(unittest.TestCase):
def test_suite(): def test_suite():
suite = unittest.TestSuite() suite = unittest.TestSuite((
suite.addTest(unittest.makeSuite(UserFolderTests)) unittest.makeSuite(BasicUserFolderTests),
unittest.makeSuite(UserFolderTests),
))
return suite return suite
...@@ -293,6 +293,8 @@ class BasicUserFolder(Navigation, Tabs, Item, RoleManager, ...@@ -293,6 +293,8 @@ class BasicUserFolder(Navigation, Tabs, Item, RoleManager,
message='Cannot change the id of a UserFolder', message='Cannot change the id of a UserFolder',
action='./manage_main')) action='./manage_main'))
InitializeClass(BasicUserFolder)
class UserFolder(accesscontrol_userfolder.UserFolder, BasicUserFolder): class UserFolder(accesscontrol_userfolder.UserFolder, BasicUserFolder):
"""Standard UserFolder object """Standard UserFolder object
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment