[fc] Repository: plone.app.collection

Branch: refs/heads/master Date: 2016-08-30T18:32:46+03:00 Author: ichim-david (ichim-david) <ichim.david@gmail.com> Commit: plone/plone.app.collection@f9c2019 - Check with getattr if item isPrincipiaFolderish as Comment does Files changed: M CHANGES.rst M plone/app/collection/collection.py Repository: plone.app.collection Branch: refs/heads/master Date: 2016-08-30T20:53:29+02:00 Author: Gil Forcada Codinachs (gforcada) <gil.gnome@gmail.com> Commit: plone/plone.app.collection@ea6290b Merge pull request #36 from ichim-david/master Check with getattr if item isPrincipiaFolderish as Comment does Files changed: M CHANGES.rst M plone/app/collection/collection.py
plone · Aug 30, 2016 · c062a49 · c062a49
1 parent c4a8502
commit c062a49
Showing 1 changed file with 54 additions and 114 deletions.
diff --git a/last_commit.txt b/last_commit.txt
@@ -1,150 +1,90 @@
-Repository: plone.resource
+Repository: plone.app.collection
 
 
 Branch: refs/heads/master
-Date: 2016-08-30T19:23:57+02:00
-Author: Maurits van Rees (mauritsvanrees) <maurits@vanrees.org>
-Commit: https://github.com/plone/plone.resource/commit/8fe167fa6400d4d01072b82d70cc5a77560f8cb8
+Date: 2016-08-30T18:32:46+03:00
+Author: ichim-david (ichim-david) <ichim.david@gmail.com>
+Commit: https://github.com/plone/plone.app.collection/commit/f9c201957a1edc7349e346574bb485594c747196
 
-Applied 20160830 security hotfix.
+- Check with getattr if item isPrincipiaFolderish as Comment does
 
 Files changed:
 M CHANGES.rst
-M plone/resource/directory.py
-M plone/resource/tests/test_traversal.py
+M plone/app/collection/collection.py
 
 diff --git a/CHANGES.rst b/CHANGES.rst
-index 2d43f09..6d9bf29 100644
+index e4d00a5..8b0554f 100644
 --- a/CHANGES.rst
 +++ b/CHANGES.rst
-@@ -14,7 +14,7 @@ New features:
+@@ -14,7 +14,9 @@ New features:
 
  Bug fixes:
 
 -- *add item here*
-+- Applied 20160830 security hotfix.  [maurits]
-
-
- 1.0.6 (2016-08-10)
-diff --git a/plone/resource/directory.py b/plone/resource/directory.py
-index dbe4cad..5b9cf37 100644
---- a/plone/resource/directory.py
-+++ b/plone/resource/directory.py
-@@ -8,6 +8,7 @@
- from Products.BTreeFolder2.BTreeFolder2 import BTreeFolder2
- from Products.CMFCore.utils import getToolByName
- from StringIO import StringIO
-+from zExceptions import Forbidden
- from zExceptions import NotFound
- from zope.interface import implementer
- from zope.site.hooks import getSite
-@@ -211,7 +212,9 @@ def __repr__(self):
-
-     def _resolveSubpath(self, path):
-         parts = path.split('/')
--        filepath = os.path.join(self.directory, *parts)
-+        filepath = os.path.abspath(os.path.join(self.directory, *parts))
-+        if not filepath.startswith(self.directory):
-+            raise Forbidden('Invalid path resource')
-         return filepath
-
-     def publishTraverse(self, request, name):
-diff --git a/plone/resource/tests/test_traversal.py b/plone/resource/tests/test_traversal.py
-index 2157b66..bd63948 100644
---- a/plone/resource/tests/test_traversal.py
-+++ b/plone/resource/tests/test_traversal.py
-@@ -11,6 +11,7 @@
- from plone.resource.directory import PersistentResourceDirectory
- from plone.resource.directory import FilesystemResourceDirectory
- from plone.resource.file import FilesystemFile
-+from zExceptions import Forbidden
-
- base_path = os.path.dirname(__file__)
- test_dir_path = os.path.join(base_path, 'resources')
-@@ -91,3 +92,8 @@ def test_publish_unique_resource(self):
-
-         browser.open(self.app.absolute_url() + '/++demo++foo/++unique++bar/test.html')
-         self.assertEqual('asdf', browser.contents)
-+
-+    def test_forbidden_resource_path_traversal(self):
-+        resource_directory = FilesystemResourceDirectory(test_dir_path)
-+        self.assertRaises(Forbidden, resource_directory._resolveSubpath,
-+                          '../../../../setup.py')
++- Check with getattr if item isPrincipiaFolderish as Comment does
++  not have this attribute which would render an AttributeError
++  [ichim-david]
+
+
+ 1.2.1 (2016-08-15)
+diff --git a/plone/app/collection/collection.py b/plone/app/collection/collection.py
+index 15ad3c2..3d6a1fc 100644
+--- a/plone/app/collection/collection.py
++++ b/plone/app/collection/collection.py
+@@ -170,7 +170,7 @@ def getFoldersAndImages(self):
+
+         for item in results:
+             item_path = item.getPath()
+-            if item.isPrincipiaFolderish:
++            if getattr(item, 'isPrincipiaFolderish', []):
+                 query = {
+                     'portal_type': image_types,
+                     'path': item_path,
 
 
-Repository: plone.resource
+Repository: plone.app.collection
 
 
 Branch: refs/heads/master
-Date: 2016-08-30T20:49:52+02:00
+Date: 2016-08-30T20:53:29+02:00
 Author: Gil Forcada Codinachs (gforcada) <gil.gnome@gmail.com>
-Commit: https://github.com/plone/plone.resource/commit/198f0423c082ee10ea4029f622327853420ff9c4
+Commit: https://github.com/plone/plone.app.collection/commit/ea6290bc2f9d32e92946051595a6d6e145c3e4a2
 
-Merge pull request #14 from plone/apply-hotfix-20168030
+Merge pull request #36 from ichim-david/master
 
-Applied 20160830 security hotfix.
+Check with getattr if item isPrincipiaFolderish as Comment does
 
 Files changed:
 M CHANGES.rst
-M plone/resource/directory.py
-M plone/resource/tests/test_traversal.py
+M plone/app/collection/collection.py
 
 diff --git a/CHANGES.rst b/CHANGES.rst
-index 2d43f09..6d9bf29 100644
+index e4d00a5..8b0554f 100644
 --- a/CHANGES.rst
 +++ b/CHANGES.rst
-@@ -14,7 +14,7 @@ New features:
+@@ -14,7 +14,9 @@ New features:
 
  Bug fixes:
 
 -- *add item here*
-+- Applied 20160830 security hotfix.  [maurits]
-
-
- 1.0.6 (2016-08-10)
-diff --git a/plone/resource/directory.py b/plone/resource/directory.py
-index dbe4cad..5b9cf37 100644
---- a/plone/resource/directory.py
-+++ b/plone/resource/directory.py
-@@ -8,6 +8,7 @@
- from Products.BTreeFolder2.BTreeFolder2 import BTreeFolder2
- from Products.CMFCore.utils import getToolByName
- from StringIO import StringIO
-+from zExceptions import Forbidden
- from zExceptions import NotFound
- from zope.interface import implementer
- from zope.site.hooks import getSite
-@@ -211,7 +212,9 @@ def __repr__(self):
-
-     def _resolveSubpath(self, path):
-         parts = path.split('/')
--        filepath = os.path.join(self.directory, *parts)
-+        filepath = os.path.abspath(os.path.join(self.directory, *parts))
-+        if not filepath.startswith(self.directory):
-+            raise Forbidden('Invalid path resource')
-         return filepath
-
-     def publishTraverse(self, request, name):
-diff --git a/plone/resource/tests/test_traversal.py b/plone/resource/tests/test_traversal.py
-index 2157b66..bd63948 100644
---- a/plone/resource/tests/test_traversal.py
-+++ b/plone/resource/tests/test_traversal.py
-@@ -11,6 +11,7 @@
- from plone.resource.directory import PersistentResourceDirectory
- from plone.resource.directory import FilesystemResourceDirectory
- from plone.resource.file import FilesystemFile
-+from zExceptions import Forbidden
-
- base_path = os.path.dirname(__file__)
- test_dir_path = os.path.join(base_path, 'resources')
-@@ -91,3 +92,8 @@ def test_publish_unique_resource(self):
-
-         browser.open(self.app.absolute_url() + '/++demo++foo/++unique++bar/test.html')
-         self.assertEqual('asdf', browser.contents)
-+
-+    def test_forbidden_resource_path_traversal(self):
-+        resource_directory = FilesystemResourceDirectory(test_dir_path)
-+        self.assertRaises(Forbidden, resource_directory._resolveSubpath,
-+                          '../../../../setup.py')
++- Check with getattr if item isPrincipiaFolderish as Comment does
++  not have this attribute which would render an AttributeError
++  [ichim-david]
+
+
+ 1.2.1 (2016-08-15)
+diff --git a/plone/app/collection/collection.py b/plone/app/collection/collection.py
+index 15ad3c2..3d6a1fc 100644
+--- a/plone/app/collection/collection.py
++++ b/plone/app/collection/collection.py
+@@ -170,7 +170,7 @@ def getFoldersAndImages(self):
+
+         for item in results:
+             item_path = item.getPath()
+-            if item.isPrincipiaFolderish:
++            if getattr(item, 'isPrincipiaFolderish', []):
+                 query = {
+                     'portal_type': image_types,
+                     'path': item_path,