Zope CMF buildout

Products.GenericSetup 1.4.5: "manage_importAllSteps" unprotected

Bug #850665 reported by Dieter Maurer
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zope CMF buildout
Fix Released
Undecided
Tres Seaver

Bug Description

In "Products.GenericSetup 1.4.5" "manage_importAllSteps" seems to lack a security declaration: the code looks like:

    security.declareProtected(ManagePortal, 'manage_importSelectedSteps')
    def manage_importAllSteps(self, context_id=None):

... apparently a copy and paste error.

Revision history for this message
Tres Seaver (tseaver) wrote :

Thanks for the report. I have confirmed that the method cannot be
called either via URL or from untrusted code without appropriate permissions.

I am therefore clearing the "security vulnerability" flag on the issue.

Changed in zope-cmf:
assignee: nobody → Tres Seaver (tseaver)
status: New → Confirmed
security vulnerability: yes → no
visibility: private → public
Revision history for this message
Tres Seaver (tseaver) wrote :

Fix committed to the trunk for 1.6.4.

Changed in zope-cmf:
status: Confirmed → Fix Committed
Tres Seaver (tseaver)
Changed in zope-cmf:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.