added type checks to builtin object constructors and edit methods

9a87cfc7 · 75d4405e · 9a87cfc7 · 9a87cfc7 · 9a87cfc7 · 9a87cfc7
Commit 9a87cfc7 authored May 16, 2000 by
14 changed files
--- a/lib/python/OFS/DTMLDocument.py
+++ b/lib/python/OFS/DTMLDocument.py
@@ -84,7 +84,7 @@
 ##############################################################################
 """DTML Document objects."""
-__version__='$Revision: 1.33 $'[11:-2]
+__version__='$Revision: 1.34 $'[11:-2]
 from DocumentTemplate.DT_Util import InstanceDict, TemplateDict
 from ZPublisher.Converters import type_converters
 from Globals import HTML, HTMLFile, MessageDialog
@@ -131,7 +131,7 @@ class DTMLDocument(PropertyManager, DTMLMethod):
        self._validateProxy(REQUEST)
        if self._size_changes.has_key(SUBMIT):
            return self._er(data,title,SUBMIT,dtpref_cols,dtpref_rows,REQUEST)
-        self.title=title
+        self.title=str(title)
        if type(data) is not type(''): data=data.read()
        self.munge(data)
        if REQUEST:
@@ -198,6 +198,8 @@ def addDTMLDocument(self, id, title='', file='', REQUEST=None, submit=None):
    """
    if type(file) is not type(''): file=file.read()
    if not file: file=default_dd_html
+    id=str(id)
+    title=str(title)
    ob=DTMLDocument(file, __name__=id)
    ob.title=title
    id=self._setObject(id, ob)

--- a/lib/python/OFS/DTMLMethod.py
+++ b/lib/python/OFS/DTMLMethod.py
@@ -84,7 +84,7 @@
 ##############################################################################
 """DTML Method objects."""
-__version__='$Revision: 1.43 $'[11:-2]
+__version__='$Revision: 1.44 $'[11:-2]
 from Globals import HTML, HTMLFile, MessageDialog
 from string import join,split,strip,rfind,atoi,lower
@@ -221,7 +221,7 @@ class DTMLMethod(cDocument, HTML, Acquisition.Implicit, RoleManager,
        if self._size_changes.has_key(SUBMIT):
            return self._er(data,title,SUBMIT,dtpref_cols,dtpref_rows,REQUEST)
-        self.title=title
+        self.title=str(title)
        if type(data) is not type(''): data=data.read()
        self.munge(data)
        if REQUEST:
@@ -340,6 +340,8 @@ def addDTMLMethod(self, id, title='', file='', REQUEST=None, submit=None):
    """
    if type(file) is not type(''): file=file.read()
    if not file: file=default_dm_html
+    id=str(id)
+    title=str(title)
    ob=DTMLMethod(file, __name__=id)
    ob.title=title
    id=self._setObject(id, ob)

--- a/lib/python/OFS/Folder.py
+++ b/lib/python/OFS/Folder.py
@@ -87,9 +87,9 @@
 Folders are the basic container objects and are analogous to directories.
-$Id: Folder.py,v 1.87 2000/05/11 18:54:14 jim Exp $"""
+$Id: Folder.py,v 1.88 2000/05/16 19:34:43 brian Exp $"""
-__version__='$Revision: 1.87 $'[11:-2]
+__version__='$Revision: 1.88 $'[11:-2]
 import Globals, SimpleItem, ObjectManager, PropertyManager
 import AccessControl.Role, webdav.Collection, FindSupport
@@ -111,8 +111,8 @@ def manage_addFolder(self, id, title='',
    in the new folder.
    """
    ob=Folder()
-    ob.id=id
+    ob.id=str(id)
-    ob.title=title
+    ob.title=str(title)
    self._setObject(id, ob)
    ob=self._getOb(id)

--- a/lib/python/OFS/Image.py
+++ b/lib/python/OFS/Image.py
@@ -84,7 +84,7 @@
 ##############################################################################
 """Image object"""
-__version__='$Revision: 1.102 $'[11:-2]
+__version__='$Revision: 1.103 $'[11:-2]
 import Globals, string, struct, content_types
 from OFS.content_types import guess_content_type
@@ -108,6 +108,11 @@ def manage_addFile(self,id,file='',title='',precondition='', content_type='',
    Creates a new File object 'id' with the contents of 'file'"""
+    id=str(id)
+    title=str(title)
+    content_type=str(content_type)
+    precondition=str(precondition)
    id, title = cookId(id, title, file)
    self=self.this()
@@ -243,9 +248,9 @@ class File(Persistent,Implicit,PropertyManager,
        """
        Changes the title and content type attributes of the File or Image.
        """
-        self.title=title
+        self.title=str(title)
-        self.content_type=content_type
+        self.content_type=str(content_type)
-        if precondition: self.precondition=precondition
+        if precondition: self.precondition=str(precondition)
        elif self.precondition: del self.precondition
        if REQUEST:
            message="Your changes have been saved"
@@ -393,6 +398,12 @@ def manage_addImage(self, id, file, title='', precondition='', content_type='',
    Creates a new Image object 'id' with the contents of 'file'.
    """
+    id=str(id)
+    title=str(title)
+    content_type=str(content_type)
+    precondition=str(precondition)
    id, title = cookId(id, title, file)
    self=self.this()

--- a/lib/python/OFS/ObjectManager.py
+++ b/lib/python/OFS/ObjectManager.py
@@ -84,9 +84,9 @@
 ##############################################################################
 __doc__="""Object Manager
-$Id: ObjectManager.py,v 1.90 2000/05/12 01:23:49 tseaver Exp $"""
+$Id: ObjectManager.py,v 1.91 2000/05/16 19:34:43 brian Exp $"""
-__version__='$Revision: 1.90 $'[11:-2]
+__version__='$Revision: 1.91 $'[11:-2]
 import App.Management, Acquisition, Globals, CopySupport, Products
 import os, App.FactoryDispatcher, ts_regex, Products
@@ -204,8 +204,8 @@ class ObjectManager(
        # If allow_dup is false, an error will be raised if an object
        # with the given id already exists. If allow_dup is true,
        # only check that the id string contains no illegal chars.
-        if not id:
+        if not id or (type(id) != type('')):
-            raise 'Bad Request', 'No id was specified'
+            raise 'Bad Request', 'Empty or invalid specified'
        if bad_id(id) != -1:
            raise 'Bad Request', (
            'The id %s contains characters illegal in URLs.' % id)

--- a/lib/python/Products/ExternalMethod/ExternalMethod.py
+++ b/lib/python/Products/ExternalMethod/ExternalMethod.py
@@ -88,7 +88,7 @@
 This product provides support for external methods, which allow
 domain-specific customization of web environments.
 """
-__version__='$Revision: 1.37 $'[11:-2]
+__version__='$Revision: 1.38 $'[11:-2]
 from Globals import Persistent, HTMLFile, MessageDialog, HTML
 import OFS.SimpleItem, Acquisition
 from string import split, join, find, lower
@@ -122,6 +122,11 @@ def manage_addExternalMethod(self, id, title, module, function, REQUEST=None):
        failes, then the file 'Extensions/ACMEWidgets.foo.py' will be
        used.
    """
+    id=str(id)
+    title=str(title)
+    module=str(module)
+    function=str(function)
    i=ExternalMethod(id,title,module,function)
    self._setObject(id,i)
    return self.manage_main(self,REQUEST)
@@ -184,6 +189,10 @@ class ExternalMethod(OFS.SimpleItem.Item, Persistent, Acquisition.Explicit,
        the effects of changes, but can lead to problems of functions
        rely on shared global data.
        """
+        title=str(title)
+        module=str(module)
+        function=str(function)
        self.title=title
        if module[-3:]=='.py': module=module[:-3]
        elif module[-4:]=='.py': module=module[:-4]

--- a/lib/python/Products/OFSP/Version.py
+++ b/lib/python/Products/OFSP/Version.py
@@ -84,7 +84,7 @@
 ##############################################################################
 """Version object"""
-__version__='$Revision: 1.38 $'[11:-2]
+__version__='$Revision: 1.39 $'[11:-2]
 import Globals, time
 from AccessControl.Role import RoleManager
@@ -100,7 +100,8 @@ manage_addVersionForm=Globals.HTMLFile('versionAdd', globals())
 def manage_addVersion(self, id, title, REQUEST=None):
    """ """
+    id=str(id)
+    title=str(title)
    self=self.this()
    self._setObject(id, Version(id,title,REQUEST))
    if REQUEST is not None:

--- a/lib/python/Products/ZCatalog/Vocabulary.py
+++ b/lib/python/Products/ZCatalog/Vocabulary.py
@@ -98,6 +98,10 @@ manage_addVocabularyForm=HTMLFile('addVocabulary',globals())
 def manage_addVocabulary(self, id, title, globbing=None, REQUEST=None):
    """Add a Vocabulary object
    """
+    id=str(id)
+    title=str(title)
+    if globbing: globbing=1
    c=Vocabulary(id, title, globbing)
    self._setObject(id, c)
    if REQUEST is not None:

--- a/lib/python/Products/ZCatalog/ZCatalog.py
+++ b/lib/python/Products/ZCatalog/ZCatalog.py
@@ -109,6 +109,11 @@ manage_addZCatalogForm=HTMLFile('addZCatalog',globals())
 def manage_addZCatalog(self, id, title, vocab='', vocab_id='', REQUEST=None):
    """Add a ZCatalog object
    """
+    id=str(id)
+    title=str(title)
+    vocab=str(vocab)
+    vocab_id=str(vocab_id)
    c=ZCatalog(id, title, vocab, vocab_id, self)
    self._setObject(id, c)
    if REQUEST is not None:
@@ -231,6 +236,8 @@ class ZCatalog(Folder, Persistent, Implicit):
    def manage_edit(self, RESPONSE, URL1, threshold=1000, REQUEST=None):
        """ edit the catalog """
+        if type(threshold) is not type(1):
+            threshold=string.atoi(threshold)
        self.threshold = threshold
        RESPONSE.redirect(URL1 + '/manage_main?manage_tabs_message=Catalog%20Changed')

--- a/lib/python/Products/ZGadflyDA/DA.py
+++ b/lib/python/Products/ZGadflyDA/DA.py
@@ -85,8 +85,8 @@
 database_type='Gadfly'
 __doc__='''%s Database Connection
-$Id: DA.py,v 1.10 2000/05/04 13:32:06 shane Exp $''' % database_type
+$Id: DA.py,v 1.11 2000/05/16 19:34:44 brian Exp $''' % database_type
-__version__='$Revision: 1.10 $'[11:-2]
+__version__='$Revision: 1.11 $'[11:-2]
 from db import DB, manage_DataSources
 import sys, DABase, Globals
@@ -102,6 +102,9 @@ addConnectionForm=Globals.HTMLFile('connectionAdd',globals())
 def manage_addZGadflyConnection(
    self, id, title, connection, check=None, REQUEST=None):
    """Add a DB connection to a folder"""
+    # Note - type checking is taken care of by _setObject 
+    # and the Connection object constructor.
    self._setObject(id, Connection(
        id, title, connection, check))
    if REQUEST is not None: return self.manage_main(self,REQUEST)

--- a/lib/python/Products/ZSQLMethods/SQL.py
+++ b/lib/python/Products/ZSQLMethods/SQL.py
@@ -85,8 +85,8 @@
 __doc__='''SQL Methods
-$Id: SQL.py,v 1.12 1999/11/03 14:43:20 brian Exp $'''
+$Id: SQL.py,v 1.13 2000/05/16 19:34:44 brian Exp $'''
-__version__='$Revision: 1.12 $'[11:-2]
+__version__='$Revision: 1.13 $'[11:-2]
 import Shared.DC.ZRDB.DA
 from Globals import HTMLFile
@@ -134,6 +134,8 @@ def manage_addZSQLMethod(self, id, title,
    The 'template' argument is a string containing the source for the
    SQL Template.
    """
+    # Note - type checking is handled by _setObject and constructor.
    self._setObject(id, SQL(id, title, connection_id, arguments, template))
    if REQUEST is not None:
        u=REQUEST['URL1']

--- a/lib/python/Products/ZopeTutorial/TutorialTopic.py
+++ b/lib/python/Products/ZopeTutorial/TutorialTopic.py
@@ -167,6 +167,7 @@ def addTutorial(self, id, REQUEST=None, RESPONSE=None):
    """
    Install tutorial examples.
    """
+    id=str(id)
    ob=OFS.Folder.Folder()
    ob.id=id
    ob.title='Zope Tutorial Examples'

--- a/lib/python/Shared/DC/ZRDB/Connection.py
+++ b/lib/python/Shared/DC/ZRDB/Connection.py
@@ -84,8 +84,8 @@
 ##############################################################################
 __doc__='''Generic Database Connection Support
-$Id: Connection.py,v 1.23 2000/05/11 18:54:16 jim Exp $'''
+$Id: Connection.py,v 1.24 2000/05/16 19:34:45 brian Exp $'''
-__version__='$Revision: 1.23 $'[11:-2]
+__version__='$Revision: 1.24 $'[11:-2]
 import Globals, OFS.SimpleItem, AccessControl.Role, Acquisition, sys
 from DateTime import DateTime
@@ -127,7 +127,7 @@ class Connection(
    connection_string=''
    def __init__(self, id, title, connection_string, check=None):
-        self.id=id
+        self.id=str(id)
        self.edit(title, connection_string, check)
    def __setstate__(self, state):
@@ -163,6 +163,8 @@ class Connection(
    def manage_edit(self, title, connection_string, check=None, REQUEST=None):
        """Change connection
        """
+        title=str(title)
+        connection_string=str(connection_string)
        self.edit(title, connection_string, check)
        if REQUEST is not None:
            return MessageDialog(

--- a/lib/python/Shared/DC/ZRDB/DA.py
+++ b/lib/python/Shared/DC/ZRDB/DA.py
@@ -85,8 +85,8 @@
 __doc__='''Generic Database adapter
-$Id: DA.py,v 1.83 2000/05/12 15:06:23 brian Exp $'''
+$Id: DA.py,v 1.84 2000/05/16 19:34:45 brian Exp $'''
-__version__='$Revision: 1.83 $'[11:-2]
+__version__='$Revision: 1.84 $'[11:-2]
 import OFS.SimpleItem, Aqueduct, RDB
 import DocumentTemplate, marshal, md5, base64, Acquisition, os
@@ -174,7 +174,7 @@ class DA(
    def __init__(self, id, title, connection_id, arguments, template):
-        self.id=id
+        self.id=str(id)
        self.manage_edit(title, connection_id, arguments, template)
    manage_advancedForm=HTMLFile('advanced', globals())
@@ -231,10 +231,12 @@ class DA(
            return self._er(title,connection_id,arguments,template,
                            SUBMIT,sql_pref__cols,sql_pref__rows,REQUEST)
-        self.title=title
+        self.title=str(title)
-        self.connection_id=connection_id
+        self.connection_id=str(connection_id)
+        arguments=str(arguments)
        self.arguments_src=arguments
        self._arg=parse(arguments)
+        template=str(template)
        self.src=template
        self.template=t=self.template_class(template)
        t.cook()
@@ -279,6 +281,16 @@ class DA(
        used.
        """
+        # paranoid type checking
+        if type(max_rows) is not type(1):
+            max_rows=atoi(max_rows)
+        if type(max_cache) is not type(1):
+            max_cache=atoi(max_cache)
+        if type(cache_time) is not type(1):
+            cache_time=atoi(cache_time)            
+        class_name=str(class_name)
+        class_file=str(class_file)
        self.max_rows_ = max_rows
        self.max_cache_, self.cache_time_ = max_cache, cache_time
        self._v_cache={}, Bucket()