zms-publishing · cmeier76 · Oct 14, 2025 · Oct 14, 2025 · Oct 14, 2025 · Oct 15, 2025
diff --git a/Products/zms/_confmanager.py b/Products/zms/_confmanager.py
@@ -545,6 +545,7 @@ def getConfPropertiesDefaults(self):
         {'key':'ZMS.input.file.maxlength','title':'File.upload maxlength','desc':'ZMS can limit the maximum upload-file size to the given value (in Bytes).','datatype':'string'},
         {'key':'ZMS.input.image.maxlength','title':'Image.upload maxlength','desc':'ZMS can limit the maximum upload-image size to the given value (in Bytes).','datatype':'string'},
         {'key':'ZMS.log.root','title':'ZMS.log.root','desc':'Use ZMSLog at absolute root node instead of current portal master','datatype':'boolean'},
+        {'key':'ZMS.keywords.prevent','title':'ZMS.keywords.prevent','desc':'Prevent usage of these keywords on standard.dt_exec or standard.get_env','datatype':'string','default':''},
         {'key':'ZMSGraphic.superres','title':'Image superres-attribute','desc':'Super-resolution attribute for ZMS standard image-objects.','datatype':'boolean','default':0},
         {'key':'ZCatalog.TextIndexType','title':'Search with TextIndex-type','desc':'Use specified TextIndex-type (default: ZCTextIndex)','datatype':'string','default':'ZCTextIndex'},
         {'key':'ZMSIndexZCatalog.ObjectImported.reindex','title':'Reindex ZMSIndex on content import','desc':'Please be aware that activating implicit ZMSIndex-resync on content import can block bigger sites for a while','datatype':'boolean','default':0},

diff --git a/Products/zms/standard.py b/Products/zms/standard.py
@@ -2327,10 +2327,13 @@ def dt_exec(context, v, o={}):
   """
   if type(v) is str:
     if v.startswith('##') and v.find('return ') > 0:
+      check_prevented_keywords(context, value=v, can_ignore=True)
       v = dt_py(context, v, o)
     elif v.find('<tal:') >= 0:
+      check_prevented_keywords(context, value=v, can_ignore=True)
       v = dt_tal(context, v, dict(o))
     elif v.find('<dtml-') >= 0:
+      check_prevented_keywords(context, value=v, can_ignore=True)
       v = dt_html(context, v, context.REQUEST)
   return v
 
@@ -2627,6 +2630,25 @@ def is_conf_enabled(context, setting):
   return pybool(conf_property)
 
 
+security.declarePublic('get_env')
+def get_env(key, context=None, default=None):
+    if context is not None:
+        check_prevented_keywords(context, value=key, can_ignore=False)
+        return os.getenv(key, default)
+    return default
+
+
+def check_prevented_keywords(context, value, can_ignore):
+    prop = context.getConfProperty('ZMS.keywords.prevent')
+    if isinstance(prop, str):
+        for keyword in prop.split():
+            if keyword in value:
+                raise zExceptions.MethodNotAllowed(f'Usage of "{keyword}" is forbidden.')
+    else:
+        if not can_ignore:
+            raise zExceptions.MethodNotAllowed(f'Conf property "ZMS.keywords.prevent" not set.')
+
+
 class initutil(object):
   """Define the initialize() util."""