[Checkins] SVN: Zope/trunk/lib/python/ZPublisher/ Fix for #2288: do not quote + and @ characters when forming BaseRequest and HTTPRequest URL variables

Sun Mar 4 11:25:32 EST 2007

Log message for revision 72971:
  Fix for #2288: do not quote + and @ characters when forming BaseRequest and HTTPRequest URL variables

Changed:
  U   Zope/trunk/lib/python/ZPublisher/BaseRequest.py
  U   Zope/trunk/lib/python/ZPublisher/HTTPRequest.py
  U   Zope/trunk/lib/python/ZPublisher/tests/testBaseRequest.py

-=-
Modified: Zope/trunk/lib/python/ZPublisher/BaseRequest.py
===================================================================

--- Zope/trunk/lib/python/ZPublisher/BaseRequest.py	2007-03-04 16:15:18 UTC (rev 72970)
+++ Zope/trunk/lib/python/ZPublisher/BaseRequest.py	2007-03-04 16:25:31 UTC (rev 72971)
@@ -14,7 +14,7 @@
 
 $Id$
 """
-from urllib import quote
+from urllib import quote as urllib_quote
 import xmlrpc
 from zExceptions import Forbidden, Unauthorized, NotFound
 from Acquisition import aq_base
@@ -35,6 +35,10 @@
 
 UNSPECIFIED_ROLES=''
 
+def quote(text):
+    # quote url path segments, but leave + and @ intact
+    return urllib_quote(text, '/+@')
+
 try:
     from ExtensionClass import Base
     class RequestContainer(Base):

Modified: Zope/trunk/lib/python/ZPublisher/HTTPRequest.py
===================================================================
--- Zope/trunk/lib/python/ZPublisher/HTTPRequest.py	2007-03-04 16:15:18 UTC (rev 72970)
+++ Zope/trunk/lib/python/ZPublisher/HTTPRequest.py	2007-03-04 16:25:31 UTC (rev 72971)
@@ -15,10 +15,10 @@
 
 import re, sys, os, time, random, codecs, inspect
 from types import StringType, UnicodeType
-from BaseRequest import BaseRequest
+from BaseRequest import BaseRequest, quote
 from HTTPResponse import HTTPResponse
 from cgi import FieldStorage, escape
-from urllib import quote, unquote, splittype, splitport
+from urllib import unquote, splittype, splitport
 from copy import deepcopy
 from Converters import get_converter
 from TaintedString import TaintedString

Modified: Zope/trunk/lib/python/ZPublisher/tests/testBaseRequest.py
===================================================================
--- Zope/trunk/lib/python/ZPublisher/tests/testBaseRequest.py	2007-03-04 16:15:18 UTC (rev 72970)
+++ Zope/trunk/lib/python/ZPublisher/tests/testBaseRequest.py	2007-03-04 16:25:31 UTC (rev 72971)
@@ -385,7 +385,17 @@
         # using default view
         self.setDefaultViewName('methonly')
         self.assertRaises(NotFound, r.traverse, 'folder2/obj2')
+        
+    def test_quoting(self):
+        """View markers should not be quoted"""
+        r = self.makeBaseRequest()
+        r.traverse('folder/obj/@@meth')
+        self.assertEqual(r['URL'], '/folder/obj/@@meth')
 
+        r = self.makeBaseRequest()
+        r.traverse('folder/obj/++view++meth')
+        self.assertEqual(r['URL'], '/folder/obj/++view++meth')
+
 def test_suite():
     return TestSuite( ( makeSuite(TestBaseRequest),
                         makeSuite(TestBaseRequestZope3Views),

