Merged from 38738 on 2.8 branch:

The '@' character is now allowed in object ids (RFC 1738 allows it). Expanded tests for _checkId.

Merged from 38738 on 2.8 branch:
The '@' character is now allowed in object ids (RFC 1738 allows it). Expanded tests for _checkId.
a0b80c75 · Florent Guillaume · f3fbd2cb · a0b80c75 · a0b80c75 · a0b80c75
Commit a0b80c75 authored Oct 04, 2005 by Florent Guillaume
Showing with 38 additions and 1 deletion

doc/CHANGES.txt doc/CHANGES.txt +2 -0

lib/python/OFS/ObjectManager.py lib/python/OFS/ObjectManager.py +1 -1

lib/python/OFS/tests/testObjectManager.py lib/python/OFS/tests/testObjectManager.py +35 -0

No files found.
--- a/doc/CHANGES.txt
+++ b/doc/CHANGES.txt
@@ -40,6 +40,8 @@ Zope Changes
  after Zope 2.8.1
+      - The '@' character is now allowed in object ids (RFC 1738 allows it).
    Bugs Fixed
      - Collector #1863: Prevent possibly sensitive information to leak via

--- a/lib/python/OFS/ObjectManager.py
+++ b/lib/python/OFS/ObjectManager.py
@@ -52,7 +52,7 @@ customImporters={
    XMLExportImport.magic: XMLExportImport.importXML,
    }
-bad_id=re.compile(r'[^a-zA-Z0-9-_~,.$\(\)# ]').search #TS
+bad_id=re.compile(r'[^a-zA-Z0-9-_~,.$\(\)# @]').search
 def checkValidId(self, id, allow_dup=0):
    # If allow_dup is false, an error will be raised if an object

--- a/lib/python/OFS/tests/testObjectManager.py
+++ b/lib/python/OFS/tests/testObjectManager.py
@@ -312,6 +312,41 @@ class ObjectManagerTests( unittest.TestCase ):
        self.assertRaises(DeleteFailed, om1._delObject, 'om2')
+    def test_setObject_checkId_ok(self):
+        om = self._makeOne()
+        si = SimpleItem('1')
+        om._setObject('AB-dash_under0123', si)
+        si = SimpleItem('2')
+        om._setObject('ho.bak~', si)
+        si = SimpleItem('3')
+        om._setObject('dot.comma,dollar$(hi)hash# space', si)
+        si = SimpleItem('4')
+        om._setObject('b@r', si)
+        si = SimpleItem('5')
+        om._setObject('..haha', si)
+        si = SimpleItem('6')
+        om._setObject('.bashrc', si)
+    def test_setObject_checkId_bad(self):
+        from zExceptions import BadRequest
+        om = self._makeOne()
+        si = SimpleItem('111')
+        om._setObject('111', si)
+        si = SimpleItem('2')
+        self.assertRaises(BadRequest, om._setObject, 123, si)
+        self.assertRaises(BadRequest, om._setObject, 'a\x01b', si)
+        self.assertRaises(BadRequest, om._setObject, 'a\\b', si)
+        self.assertRaises(BadRequest, om._setObject, 'a:b', si)
+        self.assertRaises(BadRequest, om._setObject, 'a;b', si)
+        self.assertRaises(BadRequest, om._setObject, '.', si)
+        self.assertRaises(BadRequest, om._setObject, '..', si)
+        self.assertRaises(BadRequest, om._setObject, '_foo', si)
+        self.assertRaises(BadRequest, om._setObject, 'aq_me', si)
+        self.assertRaises(BadRequest, om._setObject, 'bah__', si)
+        self.assertRaises(BadRequest, om._setObject, '111', si)
+        self.assertRaises(BadRequest, om._setObject, 'REQUEST', si)
+        self.assertRaises(BadRequest, om._setObject, '/', si)
 def test_suite():
    suite = unittest.TestSuite()
    suite.addTest( unittest.makeSuite( ObjectManagerTests ) )