ZCatalog is missing security declarations on methods
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Zope 2 |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
The following methods of Products.
This first set also lacks docstrings, so should be protected from being publishable once issue #713253 is resolved:
Products.
Products.
Products.
Products.
Products.
Products.
But this set has docstrings, and may provide access to data that should not be public:
Products.
Products.
Products.
Products.
Products.
Products.
In particular, getIndexDataForUID and getMetadataForUID make it possible to get all catalog data for an item if only its path is known.
| Matthew Wilkes (matthew-matthewwilkes) wrote | #1 |
| Hanno Schlichting (hannosch) wrote | #2 |
| Changed in zope2: | |
| milestone: | none → 2.12.16 |
| status: | New → Fix Committed |
| Changed in zope2: | |
| status: | Fix Committed → Fix Released |
| visibility: | private → public |
Thanks for reporting this David, I just remembered it from our chat and was about to do it myself. I'm going to build this into rc2 for the Plone hotfix due later today, ftr.