[z3-five] Security bug in browser menus?
Lennart Regebro
regebro at gmail.com
Mon Jul 11 13:29:44 CEST 2005
On 7/10/05, Philipp von Weitershausen <philipp at weitershausen.de> wrote:
> Hi,
>
> I think I have found a bug regarding menu items in Five. Basically,
> unless the menu item isn't protected with zope.Public, it will never
> show up. I can verify this in a test
I just checked and I can't reproduce this with Five 1.0.1.
I'm using menus of course, and have done it for quite a while, but all
has been unprotected (Zope2.public in fact) but last week I refactored
the security machinery of the calendar, so now I can start using
proper protection for pages and menues, and it works for me...
> (http://codespeak.net/svn/z3/Five/trunk/browser/tests/test_menu.py) and
> it looks like CMFonFive's tests back up my theory. What I would like to
> know is if you guys have experienced the same.
I guess I'll check out trunk and test this later today.
--
Lennart Regebro, Nuxeo http://www.nuxeo.com/
CPS Content Management http://www.cps-project.org/
More information about the z3-five
mailing list