Moritz Naumann wrote:
> I recommend that users and distributors of earlier ViewVC and ViewCVS
> versions should either backport the patch which disables the 'checkout
> view' or the one which makes it optional and deactivate it by default.
> A less simple but less restrictive patch would introduce a content type
> whitelisting approach.
Backporting this change will be overkill, I think. It includes
configuration bits for toggling enablement of various ViewVC views. For
most folks, though, this is one of those configure-once-and-never-look-back
items. So, it might be easier to just hard-code the disablement. You can
do this by tweaking the function view_checkout() (found in lib/viewvc.py or
lib/viewcvs.py, depending on which software you're running) to raise an
Exception. Psuedo-patch for ViewVC:
def view_checkout(request):
+ raise debug.ViewVCException('Checkout view is disabled',
+ '403 Forbidden')
or for ViewCVS:
def view_checkout(request):
+ raise debug.ViewCVSException('Checkout view is disabled',
+ '403 Forbidden')
--
C. Michael Pilato <cmpilato@xxxxxxxxxx>
CollabNet <> www.collab.net <> Distributed Development On Demand
Attachment:
signature.asc
Description: OpenPGP digital signature