From 07f03535faa1d1802665c96bbec3f0697037acb3 Mon Sep 17 00:00:00 2001
From: ale-rt <alessandro.pisa@gmail.com>
Date: Thu, 19 Apr 2018 00:03:29 +0200
Subject: [PATCH] [fc] Repository: plone.app.layout

Branch: refs/heads/2.3.x
Date: 2018-04-18T12:58:41-03:00
Author: hvelarde (hvelarde) <hector.velarde@gmail.com>
Commit: https://github.com/plone/plone.app.layout/commit/24f726d50d1320c3e04d335b45ee2345add76b9f

Do not use 'rel="tag"' attribute on the keywords viewlet

The referenced document is not a tag definition but a search result.

Refs. https://www.w3.org/TR/2011/WD-html5-20110113/links.html#link-type-tag

Files changed:
M CHANGES.rst
M plone/app/layout/viewlets/keywords.pt
Repository: plone.app.layout

Branch: refs/heads/2.3.x
Date: 2018-04-19T00:03:29+02:00
Author: Alessandro Pisa (ale-rt) <alessandro.pisa@gmail.com>
Commit: https://github.com/plone/plone.app.layout/commit/1ac5f6ff262cce2948006190e8046395f144565f

Merge pull request #148 from plone/hvelarde-tag-2.3

Do not use 'rel="tag"' attribute on the keywords viewlet

Files changed:
M CHANGES.rst
M plone/app/layout/viewlets/keywords.pt
---
 last_commit.txt | 182 +++++++++++++++++++-----------------------------
 1 file changed, 71 insertions(+), 111 deletions(-)

diff --git a/last_commit.txt b/last_commit.txt
index 0128f2bdf7..8906716979 100644
--- a/last_commit.txt
+++ b/last_commit.txt
@@ -1,134 +1,94 @@
-Repository: Products.CMFPlone
+Repository: plone.app.layout
 
 
-Branch: refs/heads/4.3.x
-Date: 2018-04-12T00:59:14+02:00
-Author: Joni Orponen (Rotonen) <joni.orponen@gmail.com>
-Commit: https://github.com/plone/Products.CMFPlone/commit/91dd1c395ab7f50ca6f6c0db678984278bcff9f0
+Branch: refs/heads/2.3.x
+Date: 2018-04-18T12:58:41-03:00
+Author: hvelarde (hvelarde) <hector.velarde@gmail.com>
+Commit: https://github.com/plone/plone.app.layout/commit/24f726d50d1320c3e04d335b45ee2345add76b9f
 
-Move the gtbn_funcglobals patch security test to functional tests.
+Do not use 'rel="tag"' attribute on the keywords viewlet
+
+The referenced document is not a tag definition but a search result.
+
+Refs. https://www.w3.org/TR/2011/WD-html5-20110113/links.html#link-type-tag
 
 Files changed:
-M Products/CMFPlone/tests/testSecurity.py
-M docs/CHANGES.rst
-
-diff --git a/Products/CMFPlone/tests/testSecurity.py b/Products/CMFPlone/tests/testSecurity.py
-index a411a18f1..44c57b2ad 100644
---- a/Products/CMFPlone/tests/testSecurity.py
-+++ b/Products/CMFPlone/tests/testSecurity.py
-@@ -12,15 +12,6 @@
- 
- class TestAttackVectorsUnit(unittest.TestCase):
- 
--    def test_gtbn_funcglobals(self):
--        from Products.CMFPlone.utils import getToolByName
--        try:
--            getToolByName(self.assertTrue,'func_globals')['__builtins__']
--        except TypeError:
--            pass
--        else:
--            self.fail('getToolByName should block access to non CMF tools')
--
-     def test_setHeader_drops_LF(self):
-         from ZPublisher.HTTPResponse import HTTPResponse
-         response = HTTPResponse()
-@@ -62,6 +53,15 @@ def test_get_request_var_or_attr_disallowed(self):
- 
- class TestAttackVectorsFunctional(ptc.FunctionalTestCase):
- 
-+    def test_gtbn_funcglobals(self):
-+        from Products.CMFPlone.utils import getToolByName
-+        try:
-+            getToolByName(self.assertTrue,'func_globals')['__builtins__']
-+        except TypeError:
-+            pass
-+        else:
-+            self.fail('getToolByName should block access to non CMF tools')
-+
-     def test_widget_traversal_1(self):
-         res = self.publish('/plone/@@discussion-settings/++widget++moderator_email')
-         self.assertEqual(302, res.status)
-diff --git a/docs/CHANGES.rst b/docs/CHANGES.rst
-index c38d14c5b..495b01e6a 100644
---- a/docs/CHANGES.rst
-+++ b/docs/CHANGES.rst
-@@ -19,7 +19,8 @@ New features:
+M CHANGES.rst
+M plone/app/layout/viewlets/keywords.pt
+
+diff --git a/CHANGES.rst b/CHANGES.rst
+index 2aa057c..efbbec6 100644
+--- a/CHANGES.rst
++++ b/CHANGES.rst
+@@ -14,7 +14,9 @@ New features:
  
  Bug fixes:
  
 -- *add item here*
-+- Unflakied a unit test.
-+  [Rotonen]
- 
- 
- 4.3.17 (2018-03-07)
++- Do not use ``rel="tag"`` attribute on the keywords viewlet as the referenced document is not a tag definition but a search result;
++  use ``rel="nofollow"`` instead to avoid search crawlers hammering our sites backend.
++  [hvelarde]
+ 
+ 
+ 2.3.17 (2017-01-17)
+diff --git a/plone/app/layout/viewlets/keywords.pt b/plone/app/layout/viewlets/keywords.pt
+index afee913..75dc959 100644
+--- a/plone/app/layout/viewlets/keywords.pt
++++ b/plone/app/layout/viewlets/keywords.pt
+@@ -8,7 +8,7 @@
+   <span tal:repeat="category categories">
+     <a href=""
+        class="link-category"
+-       rel="tag"
++       rel="nofollow"
+        tal:content="category"
+        tal:define="quotedCat python:url_quote(category)"
+        tal:attributes="href string:${context/@@plone_portal_state/navigation_root_url}/@@search?Subject%3Alist=${quotedCat}">
 
 
-Repository: Products.CMFPlone
+Repository: plone.app.layout
 
 
-Branch: refs/heads/4.3.x
-Date: 2018-04-12T12:49:14+02:00
-Author: Maurits van Rees (mauritsvanrees) <maurits@vanrees.org>
-Commit: https://github.com/plone/Products.CMFPlone/commit/a9caf4e3bc0a6ab176b8538bbfe318019eeb6bfb
+Branch: refs/heads/2.3.x
+Date: 2018-04-19T00:03:29+02:00
+Author: Alessandro Pisa (ale-rt) <alessandro.pisa@gmail.com>
+Commit: https://github.com/plone/plone.app.layout/commit/1ac5f6ff262cce2948006190e8046395f144565f
 
-Merge pull request #2382 from plone/roto-move-test-4.3.x
+Merge pull request #148 from plone/hvelarde-tag-2.3
 
-Move the gtbn_funcglobals patch security test to functional tests
+Do not use 'rel="tag"' attribute on the keywords viewlet
 
 Files changed:
-M Products/CMFPlone/tests/testSecurity.py
-M docs/CHANGES.rst
-
-diff --git a/Products/CMFPlone/tests/testSecurity.py b/Products/CMFPlone/tests/testSecurity.py
-index a411a18f1..44c57b2ad 100644
---- a/Products/CMFPlone/tests/testSecurity.py
-+++ b/Products/CMFPlone/tests/testSecurity.py
-@@ -12,15 +12,6 @@
- 
- class TestAttackVectorsUnit(unittest.TestCase):
- 
--    def test_gtbn_funcglobals(self):
--        from Products.CMFPlone.utils import getToolByName
--        try:
--            getToolByName(self.assertTrue,'func_globals')['__builtins__']
--        except TypeError:
--            pass
--        else:
--            self.fail('getToolByName should block access to non CMF tools')
--
-     def test_setHeader_drops_LF(self):
-         from ZPublisher.HTTPResponse import HTTPResponse
-         response = HTTPResponse()
-@@ -62,6 +53,15 @@ def test_get_request_var_or_attr_disallowed(self):
- 
- class TestAttackVectorsFunctional(ptc.FunctionalTestCase):
- 
-+    def test_gtbn_funcglobals(self):
-+        from Products.CMFPlone.utils import getToolByName
-+        try:
-+            getToolByName(self.assertTrue,'func_globals')['__builtins__']
-+        except TypeError:
-+            pass
-+        else:
-+            self.fail('getToolByName should block access to non CMF tools')
-+
-     def test_widget_traversal_1(self):
-         res = self.publish('/plone/@@discussion-settings/++widget++moderator_email')
-         self.assertEqual(302, res.status)
-diff --git a/docs/CHANGES.rst b/docs/CHANGES.rst
-index c38d14c5b..495b01e6a 100644
---- a/docs/CHANGES.rst
-+++ b/docs/CHANGES.rst
-@@ -19,7 +19,8 @@ New features:
+M CHANGES.rst
+M plone/app/layout/viewlets/keywords.pt
+
+diff --git a/CHANGES.rst b/CHANGES.rst
+index 2aa057c..efbbec6 100644
+--- a/CHANGES.rst
++++ b/CHANGES.rst
+@@ -14,7 +14,9 @@ New features:
  
  Bug fixes:
  
 -- *add item here*
-+- Unflakied a unit test.
-+  [Rotonen]
- 
- 
- 4.3.17 (2018-03-07)
++- Do not use ``rel="tag"`` attribute on the keywords viewlet as the referenced document is not a tag definition but a search result;
++  use ``rel="nofollow"`` instead to avoid search crawlers hammering our sites backend.
++  [hvelarde]
+ 
+ 
+ 2.3.17 (2017-01-17)
+diff --git a/plone/app/layout/viewlets/keywords.pt b/plone/app/layout/viewlets/keywords.pt
+index afee913..75dc959 100644
+--- a/plone/app/layout/viewlets/keywords.pt
++++ b/plone/app/layout/viewlets/keywords.pt
+@@ -8,7 +8,7 @@
+   <span tal:repeat="category categories">
+     <a href=""
+        class="link-category"
+-       rel="tag"
++       rel="nofollow"
+        tal:content="category"
+        tal:define="quotedCat python:url_quote(category)"
+        tal:attributes="href string:${context/@@plone_portal_state/navigation_root_url}/@@search?Subject%3Alist=${quotedCat}">