From 504ce33f9c28d3305aaa071b63c4908b65fda89b Mon Sep 17 00:00:00 2001
From: Georgios Dagkakis <georgios.dagkakis@nexedi.com>
Date: Mon, 26 Dec 2016 11:29:39 +0100
Subject: [PATCH 1/3] PythonScript: patch so that it raises if a space exists
 in given id

---
 product/ERP5Type/patches/PythonScript.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/product/ERP5Type/patches/PythonScript.py b/product/ERP5Type/patches/PythonScript.py
index c252e40f520..61f6bdc4834 100644
--- a/product/ERP5Type/patches/PythonScript.py
+++ b/product/ERP5Type/patches/PythonScript.py
@@ -22,6 +22,7 @@ from OFS.misc_ import p_
 from App.ImageFile import ImageFile
 from Acquisition import aq_base, aq_parent
 from zExceptions import Forbidden
+from Shared.DC.Scripts.Script import defaultBindings
 
 ### Guards
 
@@ -151,6 +152,15 @@ class _(PatchClass(PythonScript)):
 
   security = ClassSecurityInfo()
 
+  def __init__(self, id):
+      # START PATCH: do not allow spaces in id
+      if ' ' in id:
+          raise ValueError('PythonScript id cannot contain spaces!')
+      # END PATCH: do not allow spaces in id
+      self.id = id
+      self.ZBindings_edit(defaultBindings)
+      self._makeFunction()
+
   # Add proxy role icon in ZMI
 
   def om_icons(self):
-- 
2.30.9


From 3b0feea57cc4a3f77dab0cb1493d6dc49a413f06 Mon Sep 17 00:00:00 2001
From: Georgios Dagkakis <georgios.dagkakis@nexedi.com>
Date: Mon, 26 Dec 2016 11:30:32 +0100
Subject: [PATCH 2/3] External Method: patch so that it raises if a space
 exists in given id

---
 product/ERP5Type/patches/ExternalMethod.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/product/ERP5Type/patches/ExternalMethod.py b/product/ERP5Type/patches/ExternalMethod.py
index 2dd1a2731c3..3c9ffe0a714 100644
--- a/product/ERP5Type/patches/ExternalMethod.py
+++ b/product/ERP5Type/patches/ExternalMethod.py
@@ -23,6 +23,14 @@ class _(PatchClass(ExternalMethod)):
 
     reloadIfChanged = getFuncDefaults = getFuncCode = filepath = None
 
+    def __init__(self, id, title, module, function):
+        # START PATCH: do not allow spaces in id
+        if ' ' in id:
+            raise ValueError('External Method id cannot contain spaces!')
+        # END PATCH: do not allow spaces in id
+        self.id=id
+        self.manage_edit(title, module, function)
+
     @property
     def func_defaults(self):
         return self._getFunction()[1]
-- 
2.30.9


From 0dafa0a17a6589aba7ee36beea1fb50ca2a1a4aa Mon Sep 17 00:00:00 2001
From: Georgios Dagkakis <georgios.dagkakis@nexedi.com>
Date: Mon, 26 Dec 2016 11:31:40 +0100
Subject: [PATCH 3/3] testBusinessTemplate: add two tests to check that having
 a space in id raises for

PythonScript and External Method
---
 product/ERP5/tests/testBusinessTemplate.py | 49 ++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/product/ERP5/tests/testBusinessTemplate.py b/product/ERP5/tests/testBusinessTemplate.py
index 0db023bc263..0fe910cbb2b 100644
--- a/product/ERP5/tests/testBusinessTemplate.py
+++ b/product/ERP5/tests/testBusinessTemplate.py
@@ -61,6 +61,7 @@ Transform_manage_beforeDelete = Transform.manage_beforeDelete
 from Products.ERP5.Document.Organisation import Organisation
 from Products.ERP5Type.Accessor.Constant import PropertyGetter as ConstantGetter
 from ZODB.broken import Broken
+from Products.ExternalMethod.ExternalMethod import manage_addExternalMethod
 
 instance_home = os.environ['INSTANCE_HOME']
 
@@ -6384,6 +6385,54 @@ class TestBusinessTemplate(BusinessTemplateMixin):
     """
     self.test_168_CheckPortalTypeAndPathInSameBusinessTemplate(change_broken_object=True)
 
+  def test_170_check_python_script_with_space_in_id_is_not_allowed(self):
+    """
+    Check that adding a PythonScript with space in id raises
+    """
+    python_script_id = 'ERP5Site_dummyScriptWithSpaceInId '
+    skin_folder_id = 'custom'
+    if getattr(self.portal.portal_skins, skin_folder_id, None) is None:
+      self.portal.portal_skins.manage_addProduct['OFSP'].\
+        manage_addFolder(skin_folder_id)
+    skin_folder = self.portal.portal_skins[skin_folder_id]
+    self.assertRaises(
+      ValueError,
+      skin_folder.manage_addProduct['PythonScripts'].manage_addPythonScript,
+        id=python_script_id
+      )
+
+  def test_171_check_external_method_with_space_in_id_is_not_allowed(self):
+    """
+    Check that adding an External Method with space in id raises
+    """
+    document_id = 'document' + '.erp5.' + 'FooReference'
+    component = self.portal.portal_components.newContent(
+      id=document_id,
+      version='erp5',
+      title='FooReference',
+      reference='FooReference',
+      text_content='''def testFoo():
+  return 'foo'
+''',
+      portal_type='Extension Component',
+    )
+    component.validate()
+    self.tic()
+    external_method_id = 'ERP5Site_dummyExternalMethodWithSpaceInId '
+    skin_folder_id = 'custom'
+    if getattr(self.portal.portal_skins, skin_folder_id, None) is None:
+      self.portal.portal_skins.manage_addProduct['OFSP'].\
+        manage_addFolder(skin_folder_id)
+    skin_folder = self.portal.portal_skins[skin_folder_id]
+    self.assertRaises(
+      ValueError,
+      skin_folder.manage_addProduct['ExternalMethod'].manage_addExternalMethod,
+        id=external_method_id,
+        title='',
+        module='FooReference',
+        function='testFoo',
+      )
+
   def test_type_provider(self):
     self.portal.newContent(id='dummy_type_provider', portal_type="Types Tool")
     type_provider = self.portal.dummy_type_provider
-- 
2.30.9