zope 2.12.0b1 does not use standard_error_message
Bug #372632 reported by
Jürgen Herrmann
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Fix Released
|
Medium
|
Sidnei da Silva |
Bug Description
running zope 2.12.0b1:
standard_
Probably this also has security implications, because the hardcoded error message spits out a traceback and so possibly reveals code to the outside!
Changed in zope2: | |
milestone: | none → 2.12.5 |
Changed in zope2: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
i worked myself throught the ZPublisher code in the last hour or so. i found out that neither request nor response do have information about the traversed object. ZPublisher/ Publish. py, method publish_ module_ standard( ) calls response. exception( ) around lines 206-214. so probably we'd have to pass in information how to get to the standard_ error_message template there?