Commit f2dd538e authored by 's avatar

- fixed checkValidId, disallowing IDs starting with '@'

parent 11146c9f
...@@ -89,6 +89,9 @@ def checkValidId(self, id, allow_dup=0): ...@@ -89,6 +89,9 @@ def checkValidId(self, id, allow_dup=0):
'The id "%s" is invalid because it begins with "aq_".' % id) 'The id "%s" is invalid because it begins with "aq_".' % id)
if id.endswith('__'): raise BadRequest, ( if id.endswith('__'): raise BadRequest, (
'The id "%s" is invalid because it ends with two underscores.' % id) 'The id "%s" is invalid because it ends with two underscores.' % id)
if id[0] == '@':
raise BadRequest('The id "%s" is invalid because it begins with '
'"@".' % id)
if not allow_dup: if not allow_dup:
obj = getattr(self, id, None) obj = getattr(self, id, None)
if obj is not None: if obj is not None:
......
...@@ -378,6 +378,7 @@ class ObjectManagerTests(PlacelessSetup, unittest.TestCase): ...@@ -378,6 +378,7 @@ class ObjectManagerTests(PlacelessSetup, unittest.TestCase):
self.assertRaises(BadRequest, om._setObject, '111', si) self.assertRaises(BadRequest, om._setObject, '111', si)
self.assertRaises(BadRequest, om._setObject, 'REQUEST', si) self.assertRaises(BadRequest, om._setObject, 'REQUEST', si)
self.assertRaises(BadRequest, om._setObject, '/', si) self.assertRaises(BadRequest, om._setObject, '/', si)
self.assertRaises(BadRequest, om._setObject, '@@view', si)
def test_list_imports(self): def test_list_imports(self):
om = self._makeOne() om = self._makeOne()
...@@ -389,6 +390,7 @@ class ObjectManagerTests(PlacelessSetup, unittest.TestCase): ...@@ -389,6 +390,7 @@ class ObjectManagerTests(PlacelessSetup, unittest.TestCase):
self.failUnless(filename.endswith('.zexp') or self.failUnless(filename.endswith('.zexp') or
filename.endswith('.xml')) filename.endswith('.xml'))
def test_suite(): def test_suite():
suite = unittest.TestSuite() suite = unittest.TestSuite()
suite.addTest( unittest.makeSuite( ObjectManagerTests ) ) suite.addTest( unittest.makeSuite( ObjectManagerTests ) )
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment