1. 27 Mar, 2018 2 commits
  2. 26 Sep, 2017 1 commit
  3. 07 Oct, 2016 1 commit
  4. 28 Jun, 2016 1 commit
  5. 23 Jun, 2016 1 commit
  6. 14 Jun, 2016 1 commit
  7. 13 Jun, 2016 2 commits
  8. 05 May, 2016 1 commit
  9. 29 Apr, 2016 1 commit
  10. 22 Apr, 2016 1 commit
  11. 12 Apr, 2016 1 commit
  12. 18 Mar, 2016 1 commit
  13. 17 Mar, 2016 2 commits
  14. 27 Jan, 2016 1 commit
  15. 12 Jan, 2016 1 commit
  16. 31 Dec, 2015 1 commit
  17. 08 Oct, 2015 1 commit
    • Fix memory leak and DoS in ERP5Site.log() and Base.log() · be2bf77b
      ERP5Site.log and Base.log are wrappers to the 'log' function from
      Product.ERP5Type.Log, but parameters were forwarded in a wrong way
      when called with a single argument:
      
        self.log(message) # Base method
      
      This was equivalent to:
      
        log(message, '')  # function from Product.ERP5Type.Log
      
      And the whole message was later part of subsystem in:
      
        logger = logging.getLogger(subsystem)
      
      But because loggers are never freed, it is important that 'subsystem' does not
      vary too often, to avoid a memory leak.
      
      The fix is to simply forwarding parameters with catchall arguments, instead of
      duplicating the signature from Product.ERP5Type.Log.
      
      Of course, it remains important to call these methods correctly, otherwise
      memory leaks can happen again. For this reason, catchall arguments also
      prevents ERP5Site.log and Base.log to be called by ZPublisher.
      
      Reported-by: Kirill Smelkov <kirr@nexedi.com>
      Reviewed-by: Kirill Smelkov <kirr@nexedi.com>
      Julien Muchembled committed
  18. 30 Sep, 2015 1 commit
    • ERP5Type.Base: Remove setDescription. · 45c1d70b
      Documents should inherit from XMLObject, which already overloads this
      setter. As a result, this method is normally not used.
      The problem is that it gets called when calling
        newTempBase(
          description='foo'
        )
      which fails with:
        AttributeError: _setDescription
      because _setProperty finds setDescription and tries to call it, instead
      of setting description as a local property..
      Vincent Pelletier committed
  19. 18 Sep, 2015 2 commits
  20. 17 Sep, 2015 1 commit
  21. 07 Apr, 2015 1 commit
  22. 08 Dec, 2014 1 commit
  23. 03 Nov, 2014 1 commit
  24. 16 Oct, 2014 2 commits
  25. 11 Sep, 2014 1 commit
  26. 04 Sep, 2014 1 commit
  27. 25 Aug, 2014 1 commit
  28. 28 Jul, 2014 1 commit
  29. 03 Jun, 2014 1 commit
  30. 07 May, 2014 1 commit
  31. 30 Apr, 2014 1 commit
  32. 17 Mar, 2014 2 commits
  33. 16 Mar, 2014 1 commit
  34. 19 Feb, 2014 1 commit