Zope 2

unrestrictedTraverse fails if path contains //

Bug #143675 reported by Jérôme Perrin on 2006-04-05

2

Affects		Status	Importance	Assigned to	Milestone
	Zope 2	Invalid	Low	Unassigned

Bug Description

If unrestrictedTraverse is called with a string path containing "//", it raise an IndexError. Currently, it splits the path using '/', iterates on the list of path elements, and checks if path[0] == '_' which raises a IndexError if the path element is an empty string.

One solution can be to skip the path element if it's an empty string at that point.

--- /usr/lib/zope/lib/python/OFS/Traversable.py 2003-12-10 18:53:31.000000000 +0100
+++ /home/jerome/Traversable.py 2006-04-05 15:54:47.931177500 +0200
@@ -143,6 +143,9 @@
name=pop()
__traceback_info__ = path, name

+ if name == '':
+ continue
+
                 if name[0] == '_':
                     # Never allowed in a URL.
                     raise NotFound, name

Tags:

Revision history for this message

Florent Guillaume (efge) wrote on 2006-04-05:

#1

Empty path elements have never been legal.

I'd rather raise a proper NotFound if one is found.

Revision history for this message

ChrisW (chris-simplistix) wrote on 2006-04-05:

#2

Status: Pending => Rejected

I think an IndexError is just fine.

Revision history for this message

Florent Guillaume (efge) wrote on 2006-04-05:

#3

Status: Rejected => Pending

IndexError is not fine. Nobody expects it to be returned from (un)restrictedTraverse so nobody will catch it.

Revision history for this message

Jérôme Perrin (perrinjerome) wrote on 2006-04-05:

#4

// is valid in URLs and in ZPublisher.BaseRequest.traverse, so IMHO, it would be good to allow it in restrictedTraverse as well, for consistency.

Hanno Schlichting (hannosch) on 2010-07-20

Changed in zope2:
status:	New → Confirmed

Revision history for this message

Colin Watson (cjwatson) wrote on 2019-10-23:

#5

The zope2 project on Launchpad has been archived at the request of the Zope developers (see https://answers.launchpad.net/launchpad/+question/683589 and https://answers.launchpad.net/launchpad/+question/685285). If this bug is still relevant, please refile it at https://github.com/zopefoundation/zope2.

Changed in zope2:
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.