6224812692

Committed 18 Sep 2023 03:28PM UTC coverage: 81.131% (+0.008%) from 81.123%

Build # 6224812692

Build Type

push

github

Committed by

mauritsvanrees

Commit Message

Allow only some image types to be displayed inline.

Force download for others, especially SVG images.  By default we use a list of allowed types.
You can switch a to a list of denied types by setting OS environment variable
``OFS_IMAGE_USE_DENYLIST=1``.  This change only affects direct URL access.
``<img src="image.svg" />`` works the same as before.

See security advisory:
https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v

Run Details

4332 of 7070 branches covered (0.0%)

Branch coverage included in aggregate %.

35 of 35 new or added lines in 2 files covered. (100.0%)

27197 of 31792 relevant lines covered (85.55%)

0.86 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/webdav/hookable_PUT.py

1	# Implement the "hookable PUT" hook.
2	import re	×
3
4	import OFS.DTMLMethod	×
5
6
7	TEXT_PATTERN = re.compile(r'^text/.*$')	×
8
9
10	def PUT_factory(self, name, typ, body):	×
11	"""
12	"""
13	if TEXT_PATTERN.match(typ):	×
14	return OFS.DTMLMethod.DTMLMethod('', __name__=name)	×
15	return None	×

zopefoundation / Zope / 6224812692

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous