ZCatalog is missing security declarations on methods
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The following methods of Products.
This first set also lacks docstrings, so should be protected from being publishable once issue #713253 is resolved:
Products.
Products.
Products.
Products.
Products.
Products.
But this set has docstrings, and may provide access to data that should not be public:
Products.
Products.
Products.
Products.
Products.
Products.
In particular, getIndexDataForUID and getMetadataForUID make it possible to get all catalog data for an item if only its path is known.
Changed in zope2: | |
status: | Fix Committed → Fix Released |
visibility: | private → public |
Thanks for reporting this David, I just remembered it from our chat and was about to do it myself. I'm going to build this into rc2 for the Plone hotfix due later today, ftr.