cookie crumbler uses username:password base64 encoded and this relies
on extracting the username from the cookie to set the session, but
other authentication methods do not embed the username, but still share
the same scripts to set the authentication cookie (so that we have one
central point setting cookie with all the necessary attributes for
security).
The problem is that it's incorrect to try to decode an username with
cookies from other authentication methods, simply because they do not
contain the username. On python2 this was not causing visible error
because everything is str, but the decoding error on python3 revealed
this.

in Python 2, _aq_dynamic() returns None without try..except but it raises ValueError in Python 3.

(python 2)
> /SR/parts/erp5/product/ZSQLCatalog/Extensions/zsqlbrain.py(31)_aq_dynamic()
 31  ->   def _aq_dynamic(self, name):
 32         """Acquire an attribute from a real object.
 33         """
 34         if name.startswith('__') :
 35           return None
 36         return getattr(self.getObject(), name, None)
((Pdb)) getattr(self.getObject(), name, None)
*** ValueError: Unable to getObject from ZSQLBrain if ZSQL Method does not retrieve the `path` column from catalog table.
((Pdb)) r
--Return--
> /SR/parts/erp5/product/ZSQLCatalog/Extensions/zsqlbrain.py(36)_aq_dynamic()->None # <-- !!!
Co-authored-by: Jérome Perrin <jerome@nexedi.com>

- HTMLParseError no longer exist, on python3 parse_declaration throws
AttributeError

py2:
  https://github.com/python/cpython/blob/2.7/Lib/markupbase.py#L135-L140
  https://github.com/python/cpython/blob/2.7/Lib/HTMLParser.py#L124
py3:
  https://github.com/python/cpython/blob/3.12/Lib/_markupbase.py#L130-L134

- scrubHTML must pass `html` as unicode on python2 and str on python3,
adjust the check to cover both py2 / py3

On python2, attributes of new style classes (classes, not instances)
were not properly validated. On python3, attributes of classes were not.

In current versions, sorted is allowed in RestrictedPython.

Also, our implementation of sorted was not correct with generators,
it consumed the generator by iterating on it a first time to check the
values.

otherwise we will have an Exception in Python 3 while importing a Business Template,
if a new portal type and its documents exist in the same Business Template.

while importing a content file, like *.js...

(BusinessTemplate.py)
  try:
    setattr(obj, property_name, data)
  except BrokenModified:
    obj.__Broken_state__[property_name] = data # <-- !!!
    obj._p_changed = 1

obj.__Broken_state__ access here also raises BrokenModified.

while importing an XML file...

(ZODB/broken.py)
  def __new__(class_, *args):
    result = object.__new__(class_) # <-- !!!
    result.__dict__['__Broken_newargs__'] = args
    return result

we get an exception 'TypeError: object.__new__(Portal Type) is not safe, use Base.__new__()'
Co-authored-by: Kazuhiko SHIOZAKI <kazuhiko@nexedi.com>

  This prevents be confuse while editing the Connector.

  This allow user know what is he configuring or accessing

One problem with hexdigest is that it's longer and the column was
created as binary(16). We don't have a mechanism to run migrations on
this table, so we use UNHEX in SQL to have the equivalent as digest()
from hexdigest()
Co-authored-by: Jérome Perrin <jerome@nexedi.com>

SOAPpy.wstools import was working with python2 (and no longer with python3)
because SOAPpy __init__ imported wstools but this was right anyway...

this works with astroid 3.2.0 and pylint 3.2.0

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@nexedi.com>

This reverts 8a5f5b5b (ZMySQLDA: fix string_literal usage, 2023-03-14)
to apply this logic one step lower, because CMFActivity uses
db.string_literal directly.

erp5_officejs_support_request_ui_test: wait for gadget_erp5_page_support_request_fast_view_dialog to refresh the select field

on python2, we use have a [python patch][patch] to globally make
asyncore use poll, at that time we were using medusa and it was not
exposing an option to use something else than select.

[patch]: https://lab.nexedi.com/nexedi/slapos/-/blob/180f1553fa7774f05ae8e739dfef43fa2ae56c0a/component/python-2.7/asyncore_poll_insteadof_select.patch

also add the missing tests

page templates unicode resolver already takes care of coercing when
needed and this is directly compatible with python2 and python3
Co-authored-by: Kazuhiko SHIOZAKI <kazuhiko@nexedi.com>

This only works on python2

The test testCMFActivity.TestCMFActivity.test_onErrorCallback was
failing because some weak references were not dropped.
The reason was that _DequeueMessageException was declared as global
and it kept a traceback including the variables pointed by the weak
references, preventing their garbage collection.
This was fixed by using a class for the _DequeueMessageException
instead of a singleton, and creating a new instance on every raise.

This test assumed that activating a method with a string of length `n+x`
as argument would be serialized in `x` more bytes that activating the
same method with a string of length `n` as argument, which is only true
for protocol 0 for multiple reasons ( short strings and long strings
are serialized differently, "frames" are used with protocol 5) and
db.string_literal seems to introduce a difference.

Change the test to mock Message.dump to produce longer dumps instead of
relying on this assumption.

_resultForDoCleanups no longer exists on python3, getting the status
of a test in teardown is very different accross python versions ( see
https://stackoverflow.com/q/4414234 ) and just executing this code when
the test failed only has the problem that a test method may count as
two failures or errors, which is after all not a big problem.