zope4: Remove very old PloneHotfix20121106.

product/PloneHotfix20121106/README.txt

-Plone hotfix, 2012-11-06
-========================
-
-This hotfix fixes multiple vulnerabilities in Plone,
-including arbitrary code execution and privilege escalation.
-
-This hotfix should be applied to the following versions of Plone:
-
-# Plone 4.3 <= 4.3a2
-* Plone 4.2 <= 4.2.2
-* Any older version of Plone including 2.1, 2.5, 3.0, 3.1, 3.2, 3.3, 4.0, and 4.1
-
-The hotfix is officially supported by the Plone security team on the
-following versions of Plone in accordance with the Plone
-`version support policy`_: 3.3.6, 4.1.6, and 4.2.2. 
-However it has also received some testing on older versions of Plone.
-The fixes included here will be incorporated into subsequent releases of Plone,
-so Plone 4.2.3, 4.3b1 and greater should not require this hotfix.
-
-
-Installation
-============
-
-Installation instructions can be found at
-http://plone.org/products/plone-hotfix/releases/20121106
-
-
-Q&A
-===
-
-Q: How can I confirm that the hotfix is installed correctly and my site is protected?
-  A: On startup, the hotfix will log a number of messages to the Zope event log
-  that look like this::
-
-    2012-11-05 21:15:26 INFO Products.PloneHotfix20121106 Applied registerConfiglet patch
-
-  The exact list of patches attempted depends on the version of Plone.
-  If a patch is attempted but fails, it will be logged as a warning that says
-  "Could not apply". This may indicate that you have a non-standard Plone
-  installation.
-
-Q: How can I report problems installing the patch?
-  A: Contact the Plone security team at security@plone.org, or visit the
-  #plone channel on freenode IRC.
-
-Q: How can I report other potential security vulnerabilities?
-  A: Please email the security team at security@plone.org rather than discussing
-  potential security issues publicly.
-
-
-.. _`version support policy`: http://plone.org/support/version-support-policy

product/PloneHotfix20121106/__init__.py

-import logging
-logger = logging.getLogger(__name__)
-
-hotfixes = (
-    'setHeader',
-    'allow_module',
-    'get_request_var_or_attr',
-    'safe_html', # XXX: must be merged into our PortalTransforms product
-    'ftp',
-    'atat',
-    )
-
-# Apply the fixes
-for hotfix in hotfixes:
-    try:
-        __import__('%s.%s' % (__name__, hotfix))
-        logger.info('Applied %s patch', hotfix)
-    except Exception:
-        logger.warn('Could not apply %s', hotfix)
-logger.info('Hotfix installed')

product/PloneHotfix20121106/allow_module.py

-import AccessControl
-
-
-AccessControl.allow_module.__roles__ = ()

product/PloneHotfix20121106/atat.py

-try:
-    from zope.traversing import namespace
-except ImportError:
-    from zope.app.traversing import namespace
-try:
-    from zope.traversing.interfaces import TraversalError
-except ImportError:
-    from zope.exceptions import NotFoundError as TraversalError
-
-old_traverse = namespace.view.traverse
-def traverse(self, name, ignored):
-	if not name:
-		raise TraversalError(self.context, name)
-	return old_traverse(self, name, ignored)
-namespace.view.traverse = traverse

product/PloneHotfix20121106/ftp.py

-from AccessControl import getSecurityManager
-from zExceptions import Unauthorized
-from OFS.ObjectManager import ObjectManager
-
-ObjectManager.__old_manage_FTPlist = ObjectManager.manage_FTPlist
-def manage_FTPlist(self, REQUEST):
-    """Returns a directory listing consisting of a tuple of
-    (id,stat) tuples, marshaled to a string. Note, the listing it
-    should include '..' if there is a Folder above the current
-    one.
-
-    In the case of non-foldoid objects it should return a single
-    tuple (id,stat) representing itself."""
-
-    if not getSecurityManager().checkPermission('Access contents information', self):
-        raise Unauthorized('Not allowed to access contents.')
-
-    return self.__old_manage_FTPlist(REQUEST)
-
-ObjectManager.manage_FTPlist = manage_FTPlist

product/PloneHotfix20121106/get_request_var_or_attr.py

-from App import Undo
-Undo.UndoSupport.get_request_var_or_attr__roles__ = ()

product/PloneHotfix20121106/setHeader.py

-import re
-from ZPublisher import HTTPResponse
-
-_CRLF = re.compile(r'[\r\n]')
-HTTPResponse._CRLF = _CRLF
-
-
-if getattr(HTTPResponse, '_scrubHeader', None) is None:
-    def _scrubHeader(name, value):
-        return ''.join(_CRLF.split(str(name))), ''.join(_CRLF.split(str(value)))
-
-    HTTPResponse.HTTPResponse.__old_setHeader = HTTPResponse.HTTPResponse.setHeader
-
-    def setHeader(self, name, value, *args, **kwargs):
-        name, value = _scrubHeader(name, value)
-        return self.__old_setHeader(name, value, *args, **kwargs)
-    HTTPResponse.HTTPResponse.setHeader = setHeader