Commit a5e591cc authored by 's avatar

- fixed checkValidId, disallowing IDs starting with '@'

parent e7adbdd2
......@@ -18,6 +18,9 @@ Zope Changes
Bugs fixed
- OFS ObjectManager: Fixed 'checkValidId'.
Names starting with '@' are reserved for views and not allowed in IDs.
- Collector #2039: 'ZPublisher.HTTPRequest.HTTPRequest._authUserPW'
choked on passwords which contained colons.
......
......@@ -72,6 +72,9 @@ def checkValidId(self, id, allow_dup=0):
'The id "%s" is invalid because it begins with "aq_".' % id)
if id.endswith('__'): raise BadRequest, (
'The id "%s" is invalid because it ends with two underscores.' % id)
if id[0] == '@':
raise BadRequest('The id "%s" is invalid because it begins with '
'"@".' % id)
if not allow_dup:
obj = getattr(self, id, None)
if obj is not None:
......
......@@ -354,6 +354,8 @@ class ObjectManagerTests( unittest.TestCase ):
self.assertRaises(BadRequest, om._setObject, '111', si)
self.assertRaises(BadRequest, om._setObject, 'REQUEST', si)
self.assertRaises(BadRequest, om._setObject, '/', si)
self.assertRaises(BadRequest, om._setObject, '@@view', si)
def test_suite():
suite = unittest.TestSuite()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment