Commit e983a2a1 authored by Martijn Pieters's avatar Martijn Pieters

Merge fix for #2288: do not quote + and @ characters when forming BaseRequest...

Merge fix for #2288: do not quote + and @ characters when forming BaseRequest and HTTPRequest URL variables
parent 4c0da92e
...@@ -8,6 +8,9 @@ Zope Changes ...@@ -8,6 +8,9 @@ Zope Changes
Bugs fixed Bugs fixed
- Collector #2288: @ and + should not be quoted when forming
request URLs in BaseRequest and HTTPRequest
- Undeprecated 'zLOG', which will remain a backward-compatibility - Undeprecated 'zLOG', which will remain a backward-compatibility
shim for the Python logging module. shim for the Python logging module.
......
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
$Id$ $Id$
""" """
from urllib import quote from urllib import quote as urllib_quote
import xmlrpc import xmlrpc
from zExceptions import Forbidden, Unauthorized, NotFound from zExceptions import Forbidden, Unauthorized, NotFound
from Acquisition import aq_base from Acquisition import aq_base
...@@ -35,6 +35,10 @@ from zope.traversing.namespace import nsParse, namespaceLookup ...@@ -35,6 +35,10 @@ from zope.traversing.namespace import nsParse, namespaceLookup
UNSPECIFIED_ROLES='' UNSPECIFIED_ROLES=''
def quote(text):
# quote url path segments, but leave + and @ intact
return urllib_quote(text, '/+@')
try: try:
from ExtensionClass import Base from ExtensionClass import Base
class RequestContainer(Base): class RequestContainer(Base):
......
...@@ -15,10 +15,10 @@ __version__='$Revision: 1.96 $'[11:-2] ...@@ -15,10 +15,10 @@ __version__='$Revision: 1.96 $'[11:-2]
import re, sys, os, time, random, codecs, inspect import re, sys, os, time, random, codecs, inspect
from types import StringType, UnicodeType from types import StringType, UnicodeType
from BaseRequest import BaseRequest from BaseRequest import BaseRequest, quote
from HTTPResponse import HTTPResponse from HTTPResponse import HTTPResponse
from cgi import FieldStorage, escape from cgi import FieldStorage, escape
from urllib import quote, unquote, splittype, splitport from urllib import unquote, splittype, splitport
from copy import deepcopy from copy import deepcopy
from Converters import get_converter from Converters import get_converter
from TaintedString import TaintedString from TaintedString import TaintedString
......
...@@ -386,6 +386,16 @@ class TestBaseRequestZope3Views(TestCase): ...@@ -386,6 +386,16 @@ class TestBaseRequestZope3Views(TestCase):
self.setDefaultViewName('methonly') self.setDefaultViewName('methonly')
self.assertRaises(NotFound, r.traverse, 'folder2/obj2') self.assertRaises(NotFound, r.traverse, 'folder2/obj2')
def test_quoting(self):
"""View markers should not be quoted"""
r = self.makeBaseRequest()
r.traverse('folder/obj/@@meth')
self.assertEqual(r['URL'], '/folder/obj/@@meth')
r = self.makeBaseRequest()
r.traverse('folder/obj/++view++meth')
self.assertEqual(r['URL'], '/folder/obj/++view++meth')
def test_suite(): def test_suite():
return TestSuite( ( makeSuite(TestBaseRequest), return TestSuite( ( makeSuite(TestBaseRequest),
makeSuite(TestBaseRequestZope3Views), makeSuite(TestBaseRequestZope3Views),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment