Skip to main content

Manage link integrity in Plone.

Project description

Overview

This package tries to integrate PLIP 125, link integrity checking, into Plone. It is making use of the zope3 event system in order to modify Plone itself as little as possible.

Status

The code handles one of the two use cases of PLIP 125, deleting an item. Whenever an object that is referred to by another one via an <a> or <img> tag is going to be deleted, Plone’s regular flow of actions is “interrupted” and a confirmation form is presented to the user. If they then decide to indeed delete the object, the original request will be replayed and this time followed through, thereby breaching link integrity of the site.

This process is implemented independently of how the object is deleted (as long as OFS.ObjectManager’s _delObject is used ultimatively) and what request is used to do it. A more detailed — albeit slightly outdated — explanation of how this works can be found in NOTES.txt.

The second use case of PLIP 125, which provides better handling of moved items, is implemented by plone.app.redirector.

Using plone.app.linkintegrity in a WSGI application using repoze.zope2

If you are deploying Plone using repoze.zope2 in a WSGI pipeline, then the stock LinkIntegrity won’t work. To make it work, you need the following:

  • repoze.zope2 1.0.2 or later

  • ZODB 3.8.2 or later

These two will ensure that the “views on exceptions” functionality, which plone.app.linkintegrity uses, is available.

Next, make sure that the repoze.retry#retry middleware is used, and that it will handle stock Retry exceptions. With repoze.retry 0.9.3 or later, that is the default. With earlier versions, you can configure it explicitly. For example:

[app:zope2]
paste.app_factory = repoze.obob.publisher:make_obob
repoze.obob.get_root = repoze.zope2.z2bob:get_root
repoze.obob.initializer = repoze.zope2.z2bob:initialize
repoze.obob.helper_factory = repoze.zope2.z2bob:Zope2ObobHelper
zope.conf = /Users/optilude/Development/Plone/Code/Build/uber/plone3.x-repoze/parts/instance-debug/etc/zope.conf

[filter:retry]
use = egg:repoze.retry#retry
retryable = ZODB.POSException:ConflictError ZPublisher.Publish:Retry

[filter:errorlog]
use = egg:repoze.errorlog#errorlog
path = /__error_log__
keep = 50
ignore =
    paste.httpexceptions:HTTPUnauthorized
    paste.httpexceptions:HTTPNotFound
    paste.httpexceptions:HTTPFound

[pipeline:main]
pipeline =
    retry
    egg:repoze.tm#tm
    egg:repoze.vhm#vhm_xheaders
    errorlog
    zope2

[server:main]
use = egg:Paste#http
host = 127.0.0.1
port = 8080
threadpool_workers = 1
threadpool_spawn_if_under = 1

Changelog

(name of developer listed in brackets)

1.1 Released August 31, 2009

  • Make compatible with repoze.zope2. See README.txt for notes on how to deploy. [optilude]

  • Don’t use id() to record confirmed items. It can change on request boundaries. Use an encoded _p_oid instead. [optilude]

  • Also regard traversal adapters when trying to resolve links into their corresponding objects. [witsch]

  • Fix some tests to make sure that text values are treated as text/html in Zope 2.12, whose zope.contenttype is stricter when guessing the mimetype. [davisagli]

  • Don’t install the exception hook in Zope 2.12 where it is no longer needed and breaks exception handling. [davisagli]

1.0.12 Released June 3, 2009

  • Compare UIDs instead of objects during cleanup of breach information in order to avoid expensive hashing in “… in …” expressions. This makes removing linked objects much faster. [regebro]

1.0.11 Released November 15, 2008

1.0.10 Released July 7, 2008

  • Fixed the recognizing of links to files (or any object) with a space in the id. Fixes #8167. [maurits]

  • Updated tests to work with LinguaPlone by unmarking the creation flag on new objects. [maurits]

1.0.9 Released May 8, 2008

  • Use acquisition API to support the “philikon-aq” branch. [witsch]

  • Fix a problem with updating link integrity references during a request which trying to delete multiple other objects. [witsch]

1.0.8 Released April 21, 2008

1.0.7 Released March 27, 2008

  • Fixed accidental removal of references not related to link integrity. [dunny]

1.0.6 Released March 8, 2008

  • Added missing namespace declaration to avoid the warning about it. [wiggy]

1.0.5 Released February 13, 2008

1.0.4 Released January 3, 2008

  • Handle IObjectRemovedEvents with no attached request object. [witsch]

  • Updated tests to work with Plone 4.0. [hannosch]

  • Referencing items are now listed in alphabetical order [witsch]

1.0.3 Released December 5, 2007

  • Fixed setting up the test layer after GenericSetup update [witsch]

1.0.2 Released November 7, 2007

  • Fixed parser error when handling malformed HTML [witsch]

  • Fixed security issue due to using pickles (see CVE-2007-5741) [witsch]

1.0.1 Released September 10, 2007

  • Added view for updating link integrity information for all site content [witsch]

  • Made code in info.py more tolerant when encountering missing property sheets. [hannosch]

1.0 Released August 16, 2007

  • Minor bug fixes and enhancements [witsch]

1.0rc1.1 Released July 12, 2007

  • Bug and test fixes after upgrade to Zope 2.10.4 [witsch]

1.0rc1 Released July 8, 2007

  • Bugfixes & additional tests [witsch]

1.0b3 Released May 4, 2007

1.0b2 Released April 30, 2007

  • Integration of Plone’s “delete confirmation” page [witsch]

1.0b1 Released March 3, 2007

  • Fix tests in regard to changed folder_contents and unicode issues [witsch]

  • Updates to the monkey patch needed for five exceptions [wiggy]

1.0a2 Released February 7, 2007

  • Bugfixes & other minor enhancements [witsch]

  • Eggification and move into plone.app namespace [optilude]

  • Proof of concept & initial version [witsch]

  • Initial package structure. [zopeskel]

Release history Release notifications | RSS feed

This version

1.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

plone.app.linkintegrity-1.1.zip (76.2 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page