[Zope] Re: minor bug CoreSessions - patch

Chris McDonough chrism@zope.com
Mon, 5 Nov 2001 13:33:45 -0500 

AFAIK, replacing & with & would make the resulting URL impossible
to use in an anchor tag; and that's the primary use for the encodeUrl
method.  Instead, you should probably use the html_quote facility.
For example:

  <form action="foo">
  <dtml-let url="session_id_mgr.encodeUrl(absolute_url())">
  <input type="hidden" name="encodedurl" value="<dtml-var url
html_quote>">
  </dtml-let>
  </form>

Thanks!

- C

----- Original Message -----
From: "Frank Tegtmeyer" <fte@lightwerk.com>
To: <zope@zope.org>
Cc: <chrism@digicool.com>
Sent: Monday, November 05, 2001 1:09 PM
Subject: minor bug CoreSessions - patch


> The encodeUrl method in CoreSessionTracking 0.9 generates URLs that
> are illegal for use in HTML (use of & instead of &amp;).
>
> Here is the fix:
>
> --- SessionIdManager.py.old     Mon Nov  5 19:04:10 2001
> +++ SessionIdManager.py Mon Nov  5 19:03:08 2001
> @@ -304,7 +304,7 @@
>              raise SessionIdManagerErr, 'There is no current session
token.'
>          key = self.getTokenKey()
>          if '?' in url:
> -            return '%s&%s=%s' % (url, key, token)
> +            return '%s&amp;%s=%s' % (url, key, token)
>          else:
>              return '%s?%s=%s' % (url, key, token)
>
> Regards, Frank
> --
> CTO Lightwerk GmbH  Email: fte@Lightwerk.com
> Phone: +49 2434 800781  Fax: +49 2434 800794
> An der Kull 11  *  41844 Wegberg  *  Germany
>