Records with File uploads and tainted values die
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Invalid
|
Low
|
Unassigned |
Bug Description
When uploading a file which is an element of a record
list
(<input type="file" name="element.
and something with tainted values happens than
it the HTTPRequest tries to
deepcopy the element with the file upload objects
which contains non-deep-copyable things (methods).
Traceback comes here:
* Module ZPublisher.Publish, line 150, in publish_module
* Module ZPublisher.Publish, line 114, in publish
* Module Zope.App.startup, line 199, in zpublisher_
* Module ZPublisher.Publish, line 63, in publish
* Module ZPublisher.
* Module copy, line 160, in deepcopy
* Module copy, line 182, in _deepcopy_list
* Module copy, line 160, in deepcopy
* Module copy, line 248, in _deepcopy_inst
* Module copy, line 160, in deepcopy
* Module copy, line 209, in _deepcopy_dict
* Module copy, line 160, in deepcopy
* Module copy, line 248, in _deepcopy_inst
* Module copy, line 160, in deepcopy
* Module copy, line 209, in _deepcopy_dict
* Module copy, line 156, in deepcopy
Error: un-deep-copyable object of type <type 'instance method'> (Also, an error occurred while attempting to render the standard error message.)
Changed in zope2: | |
status: | New → Triaged |
importance: | Medium → Low |
Any updates? What's current Zope's status about this?