r556 - in zope-cmfplone/trunk: . debian

Fabio Tranchitella kobold at alioth.debian.org
Mon Dec 18 16:32:59 CET 2006 

Author: kobold
Date: 2006-12-18 16:32:59 +0100 (Mon, 18 Dec 2006)
New Revision: 556

Modified:
   zope-cmfplone/trunk/RegistrationTool.py
   zope-cmfplone/trunk/debian/changelog
Log:
Changes for new debian release.


Modified: zope-cmfplone/trunk/RegistrationTool.py
===================================================================
--- zope-cmfplone/trunk/RegistrationTool.py	2006-11-30 21:54:55 UTC (rev 555)
+++ zope-cmfplone/trunk/RegistrationTool.py	2006-12-18 15:32:59 UTC (rev 556)
@@ -11,6 +11,9 @@
 from Products.CMFPlone.PloneBaseTool import PloneBaseTool
 from Products.CMFPlone.PloneTool import EMAIL_RE
 
+from Products.PluggableAuthService.interfaces.authservice \
+        import IPluggableAuthService
+
 # - remove '1', 'l', and 'I' to avoid confusion
 # - remove '0', 'O', and 'Q' to avoid confusion
 # - remove vowels to avoid spelling words
@@ -92,6 +95,28 @@
             return 0
         return 1
 
+    def isMemberIdAllowed(self, id):
+        if len(id) < 1 or id == 'Anonymous User':
+            return 0
+        if not self._ALLOWED_MEMBER_ID_PATTERN.match( id ):
+            return 0
+
+        pas = getToolByName(self, 'acl_users')
+        if IPluggableAuthService.providedBy(pas):
+            results = pas.searchPrincipals(id=id)
+            if results:
+                return 0
+        else:
+            membership = getToolByName(self, 'portal_membership')
+            if membership.getMemberById(id) is not None:
+                return 0
+            groups = getToolByName(self, 'portal_groups')
+            if groups.getGroupById(id) is not None:
+                return 0
+
+        return 1
+
+
     security.declarePublic( 'testPropertiesValidity' )
     def testPropertiesValidity(self, props, member=None):
 

Modified: zope-cmfplone/trunk/debian/changelog
===================================================================
--- zope-cmfplone/trunk/debian/changelog	2006-11-30 21:54:55 UTC (rev 555)
+++ zope-cmfplone/trunk/debian/changelog	2006-12-18 15:32:59 UTC (rev 556)
@@ -1,3 +1,11 @@
+zope-cmfplone (2.5.1-3) unstable; urgency=high
+
+  * Security issue CVE 2006-4249, applied upstream patch:
+    http://plone.org/about/security/advisories/cve-2006-4249
+    (Closes: #401796)
+
+ -- Fabio Tranchitella <kobold at debian.org>  Mon, 18 Dec 2006 16:29:07 +0100
+
 zope-cmfplone (2.5.1-2) unstable; urgency=medium
 
   * Depend on zope-debhelper (>= 0.3.3) to fix a bashism in the generated

More information about the pkg-zope-commits mailing list