Hi! Philipp von Weitershausen wrote:
Chris McDonough wrote:
and should be fixed in Zope 2.8, 2.9 and trunk. We'd be changing Zope 2's behaviour (not fixing a Five bug), I would therefore vote for making this change on the Zope 2 trunk only. I'd be apt to not further restrict the set of identifiers an OFS content object can begin with as long as we can get away with it. If a user happens to enter one that starts with a "view character", I suspect a developer could just choose to not allow this in at the application level if he cared (e.g. if he were using Five). It might be reasonable to add this to CMF instead of Zope, but IMO, it's a bad idea to put theis particular restriction in either place, as it will almost certainly break somebody.
Yup. That's why we should do this change on the trunk IF at all.
I doubt this will break a significant amount of code. The restriction was removed 5 months ago and AFAICS it was removed to allow email addresses as IDs. That use case will not be broken if we disallow again IDs starting with '@'.
Note that even in Zope 3 the suggested behaviour is only the default and can be changed. Custom name chooser adapters may decide whether names are good or not based on whatever rule. Therefore, if we introduce this restriction, it should be pluggable like in Zope 3.
If we ignore for a moment the fact that for the last 5 months the hole was open reserving '@' for views doesn't introduce any new restriction in Zope 2. '@' was always disallowed. Removing that restriction for the first character was a mistake. I just want to revert that part of the change until we have a pluggable solution.
Here's what we could do: We factor the name validation part in ObjectManager (which is _checkId) out to a namechooser adapter. Five already has one in Five.browser.adding.
This is obviously the Right Thing to do in the long term. But doesn't help us resolving the bug in Zope 2.8 and 2.9.
Then, we can also provide an optional namechooser adapter that enforces the additional restrictions. People could decide to use this for their folder implementation, e.g. the CMF might want to do it for their folders.
We already have @@manage_interfaces and Zope 2 containers will have more Zope 3 style views in the future. So I think the default in OFS should be the same as the default in Zope 3. Cheers, Yuppie