Commit ef0e48c2 authored by Martijn Pieters's avatar Martijn Pieters

Fix for #2288: do not quote + and @ characters when forming BaseRequest and...

Fix for #2288: do not quote + and @ characters when forming BaseRequest and HTTPRequest URL variables
parent a67a0a8d
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
$Id$ $Id$
""" """
from urllib import quote from urllib import quote as urllib_quote
import xmlrpc import xmlrpc
from zExceptions import Forbidden, Unauthorized, NotFound from zExceptions import Forbidden, Unauthorized, NotFound
from Acquisition import aq_base from Acquisition import aq_base
...@@ -35,6 +35,10 @@ from zope.traversing.namespace import nsParse, namespaceLookup ...@@ -35,6 +35,10 @@ from zope.traversing.namespace import nsParse, namespaceLookup
UNSPECIFIED_ROLES='' UNSPECIFIED_ROLES=''
def quote(text):
# quote url path segments, but leave + and @ intact
return urllib_quote(text, '/+@')
try: try:
from ExtensionClass import Base from ExtensionClass import Base
class RequestContainer(Base): class RequestContainer(Base):
......
...@@ -15,10 +15,10 @@ __version__='$Revision: 1.96 $'[11:-2] ...@@ -15,10 +15,10 @@ __version__='$Revision: 1.96 $'[11:-2]
import re, sys, os, time, random, codecs, inspect import re, sys, os, time, random, codecs, inspect
from types import StringType, UnicodeType from types import StringType, UnicodeType
from BaseRequest import BaseRequest from BaseRequest import BaseRequest, quote
from HTTPResponse import HTTPResponse from HTTPResponse import HTTPResponse
from cgi import FieldStorage, escape from cgi import FieldStorage, escape
from urllib import quote, unquote, splittype, splitport from urllib import unquote, splittype, splitport
from copy import deepcopy from copy import deepcopy
from Converters import get_converter from Converters import get_converter
from TaintedString import TaintedString from TaintedString import TaintedString
......
...@@ -385,6 +385,16 @@ class TestBaseRequestZope3Views(TestCase): ...@@ -385,6 +385,16 @@ class TestBaseRequestZope3Views(TestCase):
# using default view # using default view
self.setDefaultViewName('methonly') self.setDefaultViewName('methonly')
self.assertRaises(NotFound, r.traverse, 'folder2/obj2') self.assertRaises(NotFound, r.traverse, 'folder2/obj2')
def test_quoting(self):
"""View markers should not be quoted"""
r = self.makeBaseRequest()
r.traverse('folder/obj/@@meth')
self.assertEqual(r['URL'], '/folder/obj/@@meth')
r = self.makeBaseRequest()
r.traverse('folder/obj/++view++meth')
self.assertEqual(r['URL'], '/folder/obj/++view++meth')
def test_suite(): def test_suite():
return TestSuite( ( makeSuite(TestBaseRequest), return TestSuite( ( makeSuite(TestBaseRequest),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment