Log message for revision 38739: Merged from 38738 on 2.8 branch: The '@' character is now allowed in object ids (RFC 1738 allows it). Expanded tests for _checkId.
Changed: U Zope/trunk/doc/CHANGES.txt U Zope/trunk/lib/python/OFS/ObjectManager.py U Zope/trunk/lib/python/OFS/tests/testObjectManager.py -=- Modified: Zope/trunk/doc/CHANGES.txt =================================================================== --- Zope/trunk/doc/CHANGES.txt 2005-10-04 11:02:52 UTC (rev 38738) +++ Zope/trunk/doc/CHANGES.txt 2005-10-04 11:16:21 UTC (rev 38739) @@ -40,6 +40,8 @@ after Zope 2.8.1 + - The '@' character is now allowed in object ids (RFC 1738 allows it). + Bugs Fixed - Collector #1863: Prevent possibly sensitive information to leak via Modified: Zope/trunk/lib/python/OFS/ObjectManager.py =================================================================== --- Zope/trunk/lib/python/OFS/ObjectManager.py 2005-10-04 11:02:52 UTC (rev 38738) +++ Zope/trunk/lib/python/OFS/ObjectManager.py 2005-10-04 11:16:21 UTC (rev 38739) @@ -52,7 +52,7 @@ XMLExportImport.magic: XMLExportImport.importXML, } -bad_id=re.compile(r'[^a-zA-Z0-9-_~,.$\(\)# ]').search #TS +bad_id=re.compile(r'[^a-zA-Z0-9-_~,.$\(\)# @]').search def checkValidId(self, id, allow_dup=0): # If allow_dup is false, an error will be raised if an object Modified: Zope/trunk/lib/python/OFS/tests/testObjectManager.py =================================================================== --- Zope/trunk/lib/python/OFS/tests/testObjectManager.py 2005-10-04 11:02:52 UTC (rev 38738) +++ Zope/trunk/lib/python/OFS/tests/testObjectManager.py 2005-10-04 11:16:21 UTC (rev 38739) @@ -312,6 +312,41 @@ self.assertRaises(DeleteFailed, om1._delObject, 'om2') + def test_setObject_checkId_ok(self): + om = self._makeOne() + si = SimpleItem('1') + om._setObject('AB-dash_under0123', si) + si = SimpleItem('2') + om._setObject('ho.bak~', si) + si = SimpleItem('3') + om._setObject('dot.comma,dollar$(hi)hash# space', si) + si = SimpleItem('4') + om._setObject('[EMAIL PROTECTED]', si) + si = SimpleItem('5') + om._setObject('..haha', si) + si = SimpleItem('6') + om._setObject('.bashrc', si) + + def test_setObject_checkId_bad(self): + from zExceptions import BadRequest + om = self._makeOne() + si = SimpleItem('111') + om._setObject('111', si) + si = SimpleItem('2') + self.assertRaises(BadRequest, om._setObject, 123, si) + self.assertRaises(BadRequest, om._setObject, 'a\x01b', si) + self.assertRaises(BadRequest, om._setObject, 'a\\b', si) + self.assertRaises(BadRequest, om._setObject, 'a:b', si) + self.assertRaises(BadRequest, om._setObject, 'a;b', si) + self.assertRaises(BadRequest, om._setObject, '.', si) + self.assertRaises(BadRequest, om._setObject, '..', si) + self.assertRaises(BadRequest, om._setObject, '_foo', si) + self.assertRaises(BadRequest, om._setObject, 'aq_me', si) + self.assertRaises(BadRequest, om._setObject, 'bah__', si) + self.assertRaises(BadRequest, om._setObject, '111', si) + self.assertRaises(BadRequest, om._setObject, 'REQUEST', si) + self.assertRaises(BadRequest, om._setObject, '/', si) + def test_suite(): suite = unittest.TestSuite() suite.addTest( unittest.makeSuite( ObjectManagerTests ) ) _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins