6224812692

Committed 18 Sep 2023 03:28PM UTC coverage: 81.131% (+0.008%) from 81.123%

Build # 6224812692

Build Type

push

github

Committed by

mauritsvanrees

Commit Message

Allow only some image types to be displayed inline.

Force download for others, especially SVG images.  By default we use a list of allowed types.
You can switch a to a list of denied types by setting OS environment variable
``OFS_IMAGE_USE_DENYLIST=1``.  This change only affects direct URL access.
``<img src="image.svg" />`` works the same as before.

See security advisory:
https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v

Run Details

4332 of 7070 branches covered (0.0%)

Branch coverage included in aggregate %.

35 of 35 new or added lines in 2 files covered. (100.0%)

27197 of 31792 relevant lines covered (85.55%)

0.86 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/Testing/ZODButil.py

import os
from glob import glob

import ZODB
from ZODB.FileStorage import FileStorage


def makeDB():
    s = FileStorage('fs_tmp__%s' % os.getpid())
    return ZODB.DB(s)


def cleanDB():
    for fn in glob('fs_tmp__*'):
        os.remove(fn)

1	import os	×
2	from glob import glob	×
3
4	import ZODB	×
5	from ZODB.FileStorage import FileStorage	×
6
7
8	def makeDB():	×
9	s = FileStorage('fs_tmp__%s' % os.getpid())	×
10	return ZODB.DB(s)	×
11
12
13	def cleanDB():	×
14	for fn in glob('fs_tmp__*'):	×
15	os.remove(fn)	×

zopefoundation / Zope / 6224812692

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous