- 05 Aug, 2002 5 commits
-
-
Jeremy Hylton authored
-
Jeremy Hylton authored
Also, reformat doc strings, remove an unused global variable, and remove one whitespace character. (I've already used the whitespace in a different module.)
-
Martijn Pieters authored
-
Martijn Pieters authored
As extra is no longer mandatory, grab the correct lexicon ID for the error message and in the process escape it so no HTML can be sneaked in.
-
Shane Hathaway authored
each loop, making cDocumentTemplate html_quote only the first dtml-var, if at all. This may expose more bugs in the dtml-var tainting. I'm not to blame. ;-)
-
- 01 Aug, 2002 8 commits
-
-
Barry Warsaw authored
more <wink>, and cause gcc to give spurious warnings.
-
Martijn Pieters authored
-
Martijn Pieters authored
-
Martijn Pieters authored
-
Martijn Pieters authored
ZOPE_DTML_REQUEST_AUTOQUOTE to one of 'no', '0', or 'disabled' and no tainting will take place.
-
Shane Hathaway authored
-
Martijn Pieters authored
- Make DTML automatically html quote data indirectly taken from REQUEST which contain a '<'. Make sure (almost) all string operation preserve the taint on this data. - Fix exceptions that use REQUEST data; quote the data. - Don't let form and cookie values mask the REQUEST computed values such as URL0 and BASE1.
-
Barry Warsaw authored
-
- 31 Jul, 2002 3 commits
-
-
Shane Hathaway authored
rather than the result set when the result set is much larger than the sort index. Added a test and cleaned up the test framework.
-
Shane Hathaway authored
-
Jim Fulton authored
catalogs no-longer come with pre-existing indexes. Also removed an unused method.
-
- 30 Jul, 2002 8 commits
-
-
Shane Hathaway authored
the length of the concatenated sequence is not the same as the length of r, since r contains sequences of different sizes. Let LazyCat compute the length.
-
Shane Hathaway authored
-
Martijn Pieters authored
-
Shane Hathaway authored
and sort results from multiple catalogs (or multiple queries) efficiently.
-
Shane Hathaway authored
-
Martijn Pieters authored
-
seb authored
-
seb authored
users the Manager proxy role when uploading files - a potential vulnerability on production servers.
-
- 29 Jul, 2002 6 commits
-
-
Shane Hathaway authored
-
Martijn Pieters authored
-
Jim Fulton authored
API documentation.
-
Jim Fulton authored
path. This was added primarily for the purpose of determining if an object was catalogged.
-
Jim Fulton authored
never imported. The doc strings should still be converted to standard format.
-
Jim Fulton authored
ClassSecurityInfo except that access to unprotected subobjects is denied. Use this class to provide more explicit, and, thus more secure, protection for methods.
-
- 25 Jul, 2002 1 commit
-
-
Jeremy Hylton authored
Silence warnings. Add :name to PyArg_ParseTuple() call.
-
- 23 Jul, 2002 4 commits
-
-
Martijn Pieters authored
XXX: Still missing tests for the new unicode marshall code.
-
Martijn Pieters authored
-
matt@zope.com authored
-
Florent Guillaume authored
Note that we'll fail on filenames with spaces or quotes in them.
-
- 22 Jul, 2002 4 commits
-
-
matt@zope.com authored
-
matt@zope.com authored
program to overwrite a section of the global offset table! Changing this to unsigned char fixes the problem.
-
Martijn Pieters authored
-
Albertas Agejevas authored
-
- 21 Jul, 2002 1 commit
-
-
Martijn Pieters authored
- Clear up a comment - Rename 'keys, values' to 'key, value' - Fix potential bug: If the default for a given form entry is a list, but the form provided only one value (and didn't indicate it should be a list with :list), appending the defaults would fail. - Fix bug: If the default is a list of primitive items (not records), none of them would be added to the form field due to the use of the wrong (potentially non-existing) variable name. - Use isinstance(var, lt) instead of type(var) == type([]).
-