Hi!

Philipp von Weitershausen wrote:
Chris McDonough wrote:
and should be fixed in Zope 2.8, 2.9 and trunk.
We'd be changing Zope 2's behaviour (not fixing a Five bug), I would
therefore vote for making this change on the Zope 2 trunk only.
I'd be apt to not further restrict the set of identifiers an OFS content
object can begin with as long as we can get away with it.  If a user
happens to enter one that starts with a "view character", I suspect a
developer could just choose to not allow this in at the application level
if he cared (e.g. if he were using Five).  It might be reasonable to add
this to CMF instead of Zope, but  IMO, it's a bad idea to put theis
particular restriction in either place, as it will almost certainly break
somebody.

Yup. That's why we should do this change on the trunk IF at all.

I doubt this will break a significant amount of code. The restriction was removed 5 months ago and AFAICS it was removed to allow email addresses as IDs. That use case will not be broken if we disallow again IDs starting with '@'.

Note that even in Zope 3 the suggested behaviour is only the default and can be
changed. Custom name chooser adapters may decide whether names are good or not
based on whatever rule. Therefore, if we introduce this restriction, it should
be pluggable like in Zope 3.

If we ignore for a moment the fact that for the last 5 months the hole was open reserving '@' for views doesn't introduce any new restriction in Zope 2. '@' was always disallowed.

Removing that restriction for the first character was a mistake. I just want to revert that part of the change until we have a pluggable solution.

Here's what we could do: We factor the name validation part in ObjectManager
(which is _checkId) out to a namechooser adapter. Five already has one in
Five.browser.adding.

This is obviously the Right Thing to do in the long term. But doesn't help us resolving the bug in Zope 2.8 and 2.9.

Then, we can also provide an optional namechooser adapter
that enforces the additional restrictions. People could decide to use this for
their folder implementation, e.g. the CMF might want to do it for their
folders.

We already have @@manage_interfaces and Zope 2 containers will have more Zope 3 style views in the future. So I think the default in OFS should be the same as the default in Zope 3.


Cheers,

        Yuppie

_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to