{ "info": { "author": "Plone Foundation", "author_email": "plone-developers@lists.sourceforge.net", "bugtrack_url": null, "classifiers": [ "Framework :: Plone", "Programming Language :: Python", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7" ], "description": "plone4.csrffixes\n================\n\nThe package aims to backport the auto CSRF implementation from Plone 5\nto Plone 4.\n\nThe reason this is necessary is because there are a lot of CSRF problem\nwith the ZMI that Zope2 will never be able to fix.\n\nSee https://plone.org/security/hotfix/20151006\nfor more details.\n\n\nInstallation\n============\n\n\nPlone 4.3, 4.2, 4.1 and 4.0\n---------------------------\n\nadd `plone4.csrffixes` to eggs list::\n\n eggs =\n ...\n plone4.csrffixes\n ...\n\n\nadd a new version pin for plone.protect, plone.keyring and plone.locking::\n\n [versions]\n ...\n plone.keyring = 3.0.1\n plone.locking = 2.0.10\n plone.protect = 3.0.21\n ...\n\n\nPlone 4.0 and 4.1\n-----------------\n\nIf lxml is not already included in your site, this package has a dependency\non lxml and will pull it in when installed.\n\nWe recommend pinning to version 2.3.6 of lxml. If you use a version of lxml > 3,\nyou'll need to also install the ``cssselect`` package. Since version\n1.0.4 we require ``cssselect`` in our ``setup.py`` so it is\nautomatically installed.\n\n\nAdditional addon versions\n-------------------------\n\nTo prevent some write on read errors that might cause false\npositives with the auto csrf protection, these version pins have\nbeen reported to work upgrading to::\n\n Products.CMFQuickInstallerTool = 3.0.12\n Products.PlonePAS = 5.0.4\n\nFor more version hints, see https://github.com/plone/plone4.csrffixes/issues/12.\n\n\nRobot framework\n---------------\n\nplone4.csrffixes registers via z3c.autoinclude for Plone instances and is not\nloaded in tests.\n\nYou need to include plone4.csrffixes in your package configure.zcml for it to\nload in your tests::\n\n \n\n\nStill needed?\n-------------\n\nMost patches in this package have been ported to their original location.\nIf you use Plone 4.3.8 or later, then it is sufficient to add ``plone.protect 3.0.21`` or higher.\nWith those versions, you may not need ``plone4.csrffixes`` anymore.\n\nBut adding ``plone4.csrffixes`` may still help avoid a few confirmation pages, because it has this code which is extra:\n\n- It checks the referer. If the previous page is within the Plone Site, no cross site checks are done.\n\n- If the current page is a ZMI page (Zope Management Interface) all links are rewritten to have a CSRF token.\n\n- Several other links get the CSRF token appended, for example in the Actions dropdown (Copy, Delete, etcetera).\n\nThis extra code basically has no influence on the csrf checks.\nBut it allows some write-on-reads: situations where simply viewing a page, without submitting a form, already makes a change in the database.\nA write-on-read is not wanted, but on Plone 4 it cannot always be avoided.\nSome core code and also add-ons may do this.\n\nSo the advice is:\n\n1. Try Plone 4.3.8 or higher with ``plone.protect`` 3.0.21 or higher *without* ``plone4.csrffixes``.\n\n2. If that gives too many needless confirmation pages, then add ``plone4.csrffixes`` again.\n\n\nChangelog\n=========\n\n1.1.1 (2019-01-08)\n------------------\n\nBug fixes:\n\n- Updated documentation on versions and on the necessity of this package. [maurits]\n\n\n1.1 (2016-08-26)\n----------------\n\nNew features:\n\n- Depend on ``plone.protect 3.0.19`` or higher. This adds\n ``protect.js``, so we do not have to do this anymore. See issue\n https://github.com/plone/plone.protect/issues/42\n [maurits]\n\n- Factor out referrer/origin backstop into its own method so it can be\n customized on a subclassed transform.\n [lgraf]\n\nBug fixes:\n\n- Change extension of CHANGES and README from txt to rst.\n [gforcada]\n\n- include a setup.cfg and a .editorconfig file with code conventions:\n - settings for isort\n - plone styleguide settings\n [loechel]\n\n- apply code conventions [loechel]\n\n\n1.0.9 (2015-11-18)\n------------------\n\n- fix potential issues with tinymce patch\n [vangheem]\n\n- Add documentation for loading plone4.csrffixes for robot framework testing\n [lbrannon]\n\n\n1.0.8 (2015-10-30)\n------------------\n\n- Fix issue where redirects would contain an unparsable response\n [vangheem]\n\n- make plone lock operations safe\n [vangheem]\n\n- Check options before trying to work on them\n [ale-rt]\n\n- Use \"application/javascript\" media type instead of the obsolete \"text/javascript\".\n [hvelarde]\n\n\n1.0.7 (unreleased)\n------------------\n\n- Skipped by mistake.\n\n\n1.0.6 (2015-10-12)\n------------------\n\n- add a trailing slash on the site referrer matching\n [vangheem]\n\n\n1.0.5 (2015-10-08)\n------------------\n\n- Handle TypeError caused by getToolByName on an\n invalid context\n [vangheem]\n\n\n1.0.4 (2015-10-07)\n------------------\n\n- add cssselect dependency for people who install lxml > 3\n by mistake on Plone 4.0 and 4.1\n [vangheem]\n\n1.0.3 (2015-10-07)\n------------------\n\n- prevent TypeError from occurring when checking commit of\n non-string keys on an OOBTree instance. Fixes #5\n [vangheem]\n\n- Check to see if tinymce ajax is already patched or not.\n This prevents JavaScript recursion error.\n [awello, cekk]\n\n\n1.0.2 (2015-10-06)\n------------------\n\n- use a better guess at if we should rewrite urls\n for zmi\n [vangheem]\n\n\n1.0.1 (2015-10-06)\n------------------\n\n- correctly check for origin header\n [vangheem]\n\n1.0.0 (2015-10-06)\n------------------\n\n- initial release", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://pypi.python.org/pypi/plone4.csrffixes", "keywords": "plone csrf", "license": "GPL version 2", "maintainer": "", "maintainer_email": "", "name": "plone4.csrffixes", "package_url": "https://pypi.org/project/plone4.csrffixes/", "platform": "", "project_url": "https://pypi.org/project/plone4.csrffixes/", "project_urls": { "Homepage": "http://pypi.python.org/pypi/plone4.csrffixes" }, "release_url": "https://pypi.org/project/plone4.csrffixes/1.1.1/", "requires_dist": null, "requires_python": "", "summary": "CSRF fixes for Plone 4", "version": "1.1.1" }, "last_serial": 4673129, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "3b880d1d67cc00667004e17403d72c38", "sha256": "653b2af6d939037cfb219f0bcae5395b2cd0325e760afa7588f5e5e22e2f5d98" }, "downloads": -1, "filename": "plone4.csrffixes-1.0.0.zip", "has_sig": false, "md5_digest": "3b880d1d67cc00667004e17403d72c38", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18276, "upload_time": "2015-10-06T15:08:17", "url": "https://files.pythonhosted.org/packages/db/64/ac48ced3538bf4e115eccce5c5ef46cac57fcb65eb5d7cb47f811dac5534/plone4.csrffixes-1.0.0.zip" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "7be32c2dcfc2c179701b0771593befed", "sha256": "8ed244a603d10ac0554d07818644c3414747985c5d2b580ae033c61fbbe0f6e2" }, "downloads": -1, "filename": "plone4.csrffixes-1.0.1.zip", "has_sig": false, "md5_digest": "7be32c2dcfc2c179701b0771593befed", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18376, "upload_time": "2015-10-06T18:24:18", "url": "https://files.pythonhosted.org/packages/b1/b1/b3965fba454df94b194a8bd2b2141542fc422457c7a202489991c7138da9/plone4.csrffixes-1.0.1.zip" } ], "1.0.2": [ { "comment_text": "", "digests": { "md5": "ac69f60c10a1e16959e3f055e33f98c4", "sha256": "57f204c41c1f900e58d65fbae9b1dde5f00ea6426664427f993371331c094b5d" }, "downloads": -1, "filename": "plone4.csrffixes-1.0.2.zip", "has_sig": false, "md5_digest": "ac69f60c10a1e16959e3f055e33f98c4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18539, "upload_time": "2015-10-06T20:46:44", "url": "https://files.pythonhosted.org/packages/f3/0c/4a42f2d970aa1cd81102f0a70ea3446a53e86863113c7cb57c675be3160c/plone4.csrffixes-1.0.2.zip" } ], "1.0.3": [ { "comment_text": "", "digests": { "md5": "a35f3210c51db156c146a2ead032db4a", "sha256": "278efcb03bdd997fa647c206d483621a6c76db5b0d8c7b4863ad509184f61794" }, "downloads": -1, "filename": "plone4.csrffixes-1.0.3.zip", "has_sig": false, "md5_digest": "a35f3210c51db156c146a2ead032db4a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19015, "upload_time": "2015-10-07T12:26:44", "url": "https://files.pythonhosted.org/packages/37/dc/c9602f888187f61a53c5ab91cd425aad243d35a65b0ff2144953bf565b11/plone4.csrffixes-1.0.3.zip" } ], "1.0.4": [ { "comment_text": "", "digests": { "md5": "ec7776adedb5b9583337d655d7230bca", "sha256": "d11e494c7bbbd635eb83486fd238d0c8498dbc5f5d2276995cc2935a64a6ffa5" }, "downloads": -1, "filename": "plone4.csrffixes-1.0.4.zip", "has_sig": false, "md5_digest": "ec7776adedb5b9583337d655d7230bca", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19168, "upload_time": "2015-10-07T16:31:50", "url": "https://files.pythonhosted.org/packages/33/49/43d75574f1d89adb651c905954f4b085df74389313d6818cd0013018c1bc/plone4.csrffixes-1.0.4.zip" } ], "1.0.5": [ { "comment_text": "", "digests": { "md5": "d2fa4e9b67f9a9ad6b8c9e49c200d932", "sha256": "a095902a26ecb8f4d9f45d3459c427d23f859af049c0b89fc249427743637eaf" }, "downloads": -1, "filename": "plone4.csrffixes-1.0.5.zip", "has_sig": false, "md5_digest": "d2fa4e9b67f9a9ad6b8c9e49c200d932", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19966, "upload_time": "2015-10-08T19:29:12", "url": "https://files.pythonhosted.org/packages/32/08/8fd2dcb5f2cd36cfb610f3835af9eed5bfb29dc5595a51e69dd2f9f5311b/plone4.csrffixes-1.0.5.zip" } ], "1.0.6": [ { "comment_text": "", "digests": { "md5": "23b79a08b6bf43664edb8dce0ff1dafb", "sha256": "6620678f1b1b0073e7bd0c54c87994045c788737b9d60c8c01595722a581a794" }, "downloads": -1, "filename": "plone4.csrffixes-1.0.6.zip", "has_sig": false, "md5_digest": "23b79a08b6bf43664edb8dce0ff1dafb", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20083, "upload_time": "2015-10-12T13:52:50", "url": "https://files.pythonhosted.org/packages/85/30/68a206a0b10b9eca1c82dccbd8590b5b2bb9ffedb195d7babaafc3a1ffb3/plone4.csrffixes-1.0.6.zip" } ], "1.0.8": [ { "comment_text": "", "digests": { "md5": "53eb760889a205d7639ff18bb0734c6b", "sha256": "dd5835314ee1dd91c1cb9ca1c371e8c391f841b1ddf941aa4044b6cccb33cf4c" }, "downloads": -1, "filename": "plone4.csrffixes-1.0.8.zip", "has_sig": false, "md5_digest": "53eb760889a205d7639ff18bb0734c6b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20670, "upload_time": "2015-10-30T14:53:01", "url": "https://files.pythonhosted.org/packages/9d/ce/89848bdd16917f4c9d4c614731abd4ceafe4b8694d497913b47daf1ed251/plone4.csrffixes-1.0.8.zip" } ], "1.0.9": [ { "comment_text": "", "digests": { "md5": "ebd620c180ac9a18111bde25951315ab", "sha256": "16aa4904d568086f556cec1c416976a61733bc91f7af5ecd0aff8dc1c5e773ff" }, "downloads": -1, "filename": "plone4.csrffixes-1.0.9.zip", "has_sig": false, "md5_digest": "ebd620c180ac9a18111bde25951315ab", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 21284, "upload_time": "2015-11-18T10:41:17", "url": "https://files.pythonhosted.org/packages/f0/3e/9399158bce7208725ddb53b99b812ea23c88685f7cef13b310458618639b/plone4.csrffixes-1.0.9.zip" } ], "1.1": [ { "comment_text": "", "digests": { "md5": "461bff2caf9ed0cdeb224e25e7c67398", "sha256": "9b92e9edd865d814dde40b5a08cda5bf537adbd0f0e44a051187bc20ca480998" }, "downloads": -1, "filename": "plone4.csrffixes-1.1.tar.gz", "has_sig": false, "md5_digest": "461bff2caf9ed0cdeb224e25e7c67398", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14242, "upload_time": "2016-08-26T15:55:23", "url": "https://files.pythonhosted.org/packages/8c/5e/7e01411ba3336a8e33aeff254351ab52671e1f083d2ed3c2fb75230b9e65/plone4.csrffixes-1.1.tar.gz" } ], "1.1.1": [ { "comment_text": "", "digests": { "md5": "0f8e2ecb3d4eb2951422b54d114a0c13", "sha256": "f6a37e2bf4f72c9c119765bc8729f614cc2c2b7d49c88435b5b48dbb5534a679" }, "downloads": -1, "filename": "plone4.csrffixes-1.1.1.tar.gz", "has_sig": false, "md5_digest": "0f8e2ecb3d4eb2951422b54d114a0c13", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16704, "upload_time": "2019-01-08T14:19:54", "url": "https://files.pythonhosted.org/packages/34/e3/e34811a4751ddc6027351e6faf709f57bd0e36cce56b290a6df677dba3b8/plone4.csrffixes-1.1.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "0f8e2ecb3d4eb2951422b54d114a0c13", "sha256": "f6a37e2bf4f72c9c119765bc8729f614cc2c2b7d49c88435b5b48dbb5534a679" }, "downloads": -1, "filename": "plone4.csrffixes-1.1.1.tar.gz", "has_sig": false, "md5_digest": "0f8e2ecb3d4eb2951422b54d114a0c13", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16704, "upload_time": "2019-01-08T14:19:54", "url": "https://files.pythonhosted.org/packages/34/e3/e34811a4751ddc6027351e6faf709f57bd0e36cce56b290a6df677dba3b8/plone4.csrffixes-1.1.1.tar.gz" } ] }