On Mon, 2003-06-23 at 09:20, Jamie Heilman wrote: > I'll submit a fixed Examples.zexp but I need to know how its normally > prepared, ownership, etc. Is there anything special I should do?
No. Just go ahead and make the changes. It would be instructive for others reading the examples to add a comment or two explaining the rationale behind the extra checking code. The file upload vulnerability was fixed in version 1.3 of Examples.zexp, though. The reason it's still turning up in 2.6.x versions is probably due to upgrades. Therefore I suppose additionally there should be a patch which examines the ZODB on startup and prints a warning if an old Examples folder is present. seb _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )