OFS.ObjectManager should be more flexible with allowable ids

OFS.ObjectManager.checkValidId uses a regular expression to check for bad ids:

    bad_id=re.compile(r'[^a-zA-Z0-9-_~,.$\(\)# @]').search

However this is inconsistent with the URL specification [http://rfc.net/rfc1738.html] which defines:

httpurl = "http://" hostport [ "/" hpath [ "?" search ]]
hpath = hsegment *[ "/" hsegment ]
hsegment = *[ uchar | ";" | ":" | "@" | "&" | "=" ]
safe = "$" | "-" | "_" | "." | "+"
extra = "!" | "*" | "'" | "(" | ")" | ","
escape = "%" hex hex
unreserved = alpha | digit | safe | extra
uchar = unreserved | escape

So logically any character is valid in an hsegment as long as it is properly escaped. However, the CGI specification [http://hoohoo.ncsa.uiuc.edu/cgi/env.html] states that it is the responsibility of the server to url unquote the PATH_INFO before it is passed on (In Zope this unquoting is performed by ZServer.HTTPServer.get_environment). Thus a hex encoded '/' character is decoded before the path is translated by the publisher and so cannot be in a valid id.

Assuming that the only ascii ids limitation remains, then the regex could be changed to:

    # match any control character and '/'
    bad_id=re.compile(r'[^ -.0-~]').search

Though I'd be happy to just have '&' added so that more file names are valid ids ;-)

Laurence Rowe (elro)