Hi Philipp!

Philipp von Weitershausen wrote:
Dieter Maurer wrote:
Chris McDonough wrote at 2006-3-13 10:21 -0500:
... silly id restrictions ...
Here's my current monkeypatch to Zope to unrestrict a good number of

def patch_objectmanager_badid():
    """ Causes Zope to be less restrictive in the set of characters it
    accepts as valid within object identifiers.

    Added as acceptable: []*'!:@&#=+$

    import re
    acceptable = r'[^a-zA-Z0-9-_~,.$\(\)\[\]\*\'\!\:[EMAIL PROTECTED]&\#\=\+\$ 
    bad_id = re.compile(acceptable).search
    import OFS.ObjectManager
    OFS.ObjectManager.bad_id = bad_id

The projects that use this patch have been in use for several years;
they predate Five.  I of course don't mind continuing to do this, but
I'd hate to have to change it temporarily (to fix this bug which
actually isn't a bug for me because I don't use Five for these
projects) and then change it again when we do the pluggable thing.

Looks as if we had very similar project requirements...

Chris's and Dieter's requirements seem to even more confirm my proposal that we
should propertly factor this out to a name chooser adapter that everyone can
configure for themselves. Then this discussion what ObjectManager should do or
not do will become irrelevant because it won't do anything anymore :). This is
actually how Zope 3 containers work. They perform no name checks *at all*.
It's the application (in particular, the adding view) that does it.

Zope 2's ObjectManager class is not as abstract as Zope 3 containers are. It provides a lot of folder specific behavior. I guess it would be better to subclass ObjectManager from a generic container class than trying to move all non-generic code in subclasses of ObjectManager.

Yuppie's concern are Zope versions 2.8 and 2.9.

Depends on the proposed solution for Zope 2.10. If you want to make a distinction between ObjectManager and Folder I can live with it. But Zope 2 folders should (by default) perform the same name checks as Zope 3 folders. And they don't allow names starting with '@'.

I say that we'd just have to
live with the fact that objects can shadow views there. Applications like the
CMF can make sure that they don't on an application-level, as Chris suggests,
preferrably through a name chooser adapter.

I try to restate the problem:

- It is quite common that normal users are allowed to add objects in Zope applications.

- If views are shadowed by objects this can seriously break the app.

- Good software makes sure normal users can't break the app.

Zope 2's checkValidId makes sure this doesn't happen with Zope 2 folder methods, Zope 3's NameChooser makes sure this doesn't happen with Zope 3 folder views. Even the bad_id-patch described above doesn't allow to override folder methods.

Making the name chooser configurable doesn't release us from the need to provide a good default name chooser.

I still believe this should be fixed as I proposed, but given the resistance I give up my attempt to get this fixed. This is now http://www.zope.org/Collectors/Zope/2048 and I hope someone else will fix it.



Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to