Fix for #2288: do not quote + and @ characters when forming BaseRequest and...

Fix for #2288: do not quote + and @ characters when forming BaseRequest and HTTPRequest URL variables

lib/python/ZPublisher/BaseRequest.py

@@ -14,7 +14,7 @@
 
 $Id$
 """
-from urllib import quote
+from urllib import quote as urllib_quote
 import xmlrpc
 from zExceptions import Forbidden, Unauthorized, NotFound
 from Acquisition import aq_base
@@ -35,6 +35,10 @@ from zope.traversing.namespace import nsParse, namespaceLookup
 
 UNSPECIFIED_ROLES=''
 
+def quote(text):
+    # quote url path segments, but leave + and @ intact
+    return urllib_quote(text, '/+@')
+
 try:
     from ExtensionClass import Base
     class RequestContainer(Base):

lib/python/ZPublisher/HTTPRequest.py

@@ -15,10 +15,10 @@ __version__='$Revision: 1.96 $'[11:-2]
 
 import re, sys, os, time, random, codecs, inspect
 from types import StringType, UnicodeType
-from BaseRequest import BaseRequest
+from BaseRequest import BaseRequest, quote
 from HTTPResponse import HTTPResponse
 from cgi import FieldStorage, escape
-from urllib import quote, unquote, splittype, splitport
+from urllib import unquote, splittype, splitport
 from copy import deepcopy
 from Converters import get_converter
 from TaintedString import TaintedString

lib/python/ZPublisher/tests/testBaseRequest.py

@@ -386,6 +386,16 @@ class TestBaseRequestZope3Views(TestCase):
         self.setDefaultViewName('methonly')
         self.assertRaises(NotFound, r.traverse, 'folder2/obj2')
         
+    def test_quoting(self):
+        """View markers should not be quoted"""
+        r = self.makeBaseRequest()
+        r.traverse('folder/obj/@@meth')
+        self.assertEqual(r['URL'], '/folder/obj/@@meth')
+
+        r = self.makeBaseRequest()
+        r.traverse('folder/obj/++view++meth')
+        self.assertEqual(r['URL'], '/folder/obj/++view++meth')
+
 def test_suite():
     return TestSuite( ( makeSuite(TestBaseRequest),
                         makeSuite(TestBaseRequestZope3Views),