[ZCM] [ZC] 1173/ 3 Reject "ids should allow all characters vaild in a URL"

Mon Jan 12 09:16:06 EST 2004

Issue #1173 Update (Reject) "ids should allow all characters vaild in a URL"
 Status Rejected, Zope/bug medium
To followup, visit:
  http://zope.org/Collectors/Zope/1173

==============================================================
= Reject - Entry #3 by Caseman on Jan 12, 2004 9:16 am

 Status: Pending => Rejected

You are assuming that naming an object "a%20simple%20test" will be interpreted to mean "a simple test". This is not the case. In order for this name to be passed on the URL, it would need to be escaped as "a%2520simple%2520test". I don't see any reason for such an object name to be allowed.

The error message is correct. The percent sign as a literal character is not legal in URLs (it must be escaped).
________________________________________
= Comment - Entry #2 by ajung on Jan 12, 2004 5:26 am

There is really no good reasons why URL-encoded Ids
should be allowed. Allowing new characters as Ids raised
several times problems that had to be fixed in other code.
Your problem appears to me that you should decode your names
*before* creating new objects. So I tend to reject this issue.
________________________________________
= Request - Entry #1 by janwilhelm on Jan 11, 2004 4:52 pm

Zope does not allow me to create an object with an id such as "a%20simple%20test". Ironically, it gives me the message::

  Error Type: Bad Request
  Error Value: The id "a%20simple%20test" contains characters illegal in URLs.

However, "a%20simple%20test" is perfectly valid as part of a URL. By using an oversimplified and too strict test in OFS/ObjectManager (regexp bad_id), Zope wastes the possibility of using url_quote to create valid, unique, readable ids from arbitrary strings using the standard method.

bad_id should be modified to only eliminate strings that are really illegal as part of an URL.

Thanks,

Jan

==============================================================