Do not use a referer to redirect. Instead, construct the original

URL from the context, the form id and the query string passed by hidden fields. This change requires you upgrading erp5_html_style to the latest. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@6964 20353a03-c40f-0410-a6d1-a30d3c3de9de

Do not use a referer to redirect. Instead, construct the original
URL from the context, the form id and the query string passed by hidden fields. This change requires you upgrading erp5_html_style to the latest. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@6964 20353a03-c40f-0410-a6d1-a30d3c3de9de
38b2e21b · Yoshinori Okuji · 2b7fc3f1 · 38b2e21b
Commit 38b2e21b authored Apr 27, 2006 by Yoshinori Okuji
Hide whitespace changes
Inline Side-by-side

Showing with 103 additions and 95 deletions

product/ERP5Form/SelectionTool.py product/ERP5Form/SelectionTool.py +103 -95

No files found.
--- a/product/ERP5Form/SelectionTool.py
+++ b/product/ERP5Form/SelectionTool.py
@@ -48,7 +48,7 @@ import md5
 import pickle
 import hmac
 import random
+import re
 import string
 from zLOG import LOG
 from Acquisition import Implicit, aq_base
@@ -86,7 +86,32 @@ class SelectionTool( UniqueObject, SimpleItem ):
    security.declareProtected( ERP5Permissions.ManagePortal
                             , 'manage_view_selections' )
    manage_view_selections = DTMLFile( 'SelectionTool_manageViewSelections', _dtmldir )
+    _query_string_reset_regexp = re.compile('\\breset(:int|)?=')
+    _query_string_report_depth_regexp = re.compile('\\breport_depth(:int|)?=')
+    def _redirectToOriginalForm(self, REQUEST=None, form_id=None, query_string=None,
+                                no_reset=False, no_report_depth=False):
+      """Redirect to the original form, using the information given as parameters.
+         If no_reset is True, replace reset parameters with noreset.
+         If no_report_depth is True, replace report_depth parameters with noreport_depth.
+      """
+      if REQUEST is None:
+        return
+      context = self.aq_parent
+      if form_id is None:
+        form_id = 'view'
+      url = context.absolute_url() + '/' + form_id
+      if query_string is not None:
+        if no_reset:
+          query_string = self._query_string_reset_regexp.sub('noreset\\1=',
+                                                             query_string)
+        if no_report_depth:
+          query_string = self._query_string_report_depth_regexp.sub('noreport_depth\\1=',
+                                                                    query_string)
+        url = url + '?' + query_string
+      return REQUEST.RESPONSE.redirect(url)
    security.declareProtected(ERP5Permissions.View, 'getSelectionNames')
    def getSelectionNames(self, context=None, REQUEST=None):
      if context is None: context = self
@@ -113,7 +138,7 @@ class SelectionTool( UniqueObject, SimpleItem ):
      """
      if not REQUEST:
        REQUEST = get_request()
      if not hasattr(self, 'selection_data'):
        self.selection_data = PersistentMapping()
      user_id = self.portal_membership.getAuthenticatedMember().getUserName()
@@ -238,7 +263,8 @@ class SelectionTool( UniqueObject, SimpleItem ):
      return []
    security.declareProtected(ERP5Permissions.View, 'checkAll')
-    def checkAll(self, selection_name, listbox_uid=[], REQUEST=None):
+    def checkAll(self, selection_name, listbox_uid=[], REQUEST=None,
+                 query_string=None, form_id=None):
      """
        Sets the selection params for a given selection_name
      """
@@ -253,15 +279,13 @@ class SelectionTool( UniqueObject, SimpleItem ):
          except ValueError:
            pass # this can happen in report
        self.setSelectionCheckedUidsFor(selection_name, selection_uid_dict.keys(), REQUEST=REQUEST)
-      request = REQUEST
+      if REQUEST is not None:
-      if request:
+        return self._redirectToOriginalForm(REQUEST=REQUEST, form_id=form_id,
-        referer = request['HTTP_REFERER']
+                                            query_string=query_string, no_reset=True)
-        referer = referer.replace('reset=', 'noreset=')
-        referer = referer.replace('reset:int=', 'noreset:int=')
-        return request.RESPONSE.redirect(referer)
    security.declareProtected(ERP5Permissions.View, 'uncheckAll')
-    def uncheckAll(self, selection_name, listbox_uid=[], REQUEST=None):
+    def uncheckAll(self, selection_name, listbox_uid=[], REQUEST=None,
+                   query_string=None, form_id=None):
      """
        Sets the selection params for a given selection_name
      """
@@ -276,12 +300,9 @@ class SelectionTool( UniqueObject, SimpleItem ):
          except ValueError:
            pass # This happens in report mode
        self.setSelectionCheckedUidsFor(selection_name, selection_uid_dict.keys(), REQUEST=REQUEST)
-      request = REQUEST
+      if REQUEST is not None:
-      if request:
+        return self._redirectToOriginalForm(REQUEST=REQUEST, form_id=form_id,
-        referer = request['HTTP_REFERER']
+                                            query_string=query_string, no_reset=True)
-        referer = referer.replace('reset=', 'noreset=')
-        referer = referer.replace('reset:int=', 'noreset:int=')
-        return request.RESPONSE.redirect(referer)
    security.declareProtected(ERP5Permissions.View, 'getSelectionListUrlFor')
    def getSelectionListUrlFor(self, selection_name, REQUEST=None):
@@ -322,7 +343,8 @@ class SelectionTool( UniqueObject, SimpleItem ):
        selection.edit(sort_on=sort_on)
    security.declareProtected(ERP5Permissions.View, 'setSelectionQuickSortOrder')
-    def setSelectionQuickSortOrder(self, selection_name, sort_on, REQUEST=None):
+    def setSelectionQuickSortOrder(self, selection_name, sort_on, REQUEST=None,
+                                   query_string=None, form_id=None):
      """
        Defines the sort order of the selection directly from the listbox
        In this method, sort_on is just a string that comes from url
@@ -347,11 +369,9 @@ class SelectionTool( UniqueObject, SimpleItem ):
          new_sort_on = [(sort_on,'ascending')]
        selection.edit(sort_on=new_sort_on)
-      request = REQUEST
+      if REQUEST is not None:
-      referer = request['HTTP_REFERER']
+        return self._redirectToOriginalForm(REQUEST=REQUEST, form_id=form_id,
-      referer = referer.replace('reset=', 'noreset=')
+                                            query_string=query_string, no_reset=True)
-      referer = referer.replace('reset:int=', 'noreset:int=')
-      return request.RESPONSE.redirect(referer)
    security.declareProtected(ERP5Permissions.View, 'getSelectionSortOrder')
    def getSelectionSortOrder(self, selection_name, REQUEST=None):
@@ -519,7 +539,7 @@ class SelectionTool( UniqueObject, SimpleItem ):
      return self.checkAll(selection_name, uids, REQUEST=REQUEST)
    security.declareProtected(ERP5Permissions.View, 'setPage')
-    def setPage(self, listbox_uid, uids=None, REQUEST=None):
+    def setPage(self, listbox_uid, query_string=None, uids=None, REQUEST=None):
      """
        Access the previous page of a list
      """
@@ -539,147 +559,139 @@ class SelectionTool( UniqueObject, SimpleItem ):
        selection.edit(params= selection.params)
      self.uncheckAll(selection_name, listbox_uid)
-      return self.checkAll(selection_name, uids, REQUEST=REQUEST)
+      return self.checkAll(selection_name, uids, REQUEST=REQUEST, query_string=query_string)
    security.declareProtected(ERP5Permissions.View, 'setZoom')
+    def setZoom(self, uids=None, REQUEST=None, form_id=None, query_string=None):
-    def setZoom(self, uids=None, REQUEST=None):
      """
      Set graphic zoom in PlanningBox
-      """  
+      """
      if uids is None: uids = []
-      request = REQUEST  
+      zoom=REQUEST.get('zoom')
-      zoom=request.get('zoom')
      selection_name=request.list_selection_name
      selection = self.getSelectionFor(selection_name, REQUEST=REQUEST)
      if selection is not None:
        params = selection.getParams()
        params['zoom'] = zoom
        selection.edit(params= params)
-      referer = request['HTTP_REFERER']
+      if REQUEST is not None:
-      referer = referer.replace('reset=', 'noreset=')
+        return self._redirectToOriginalForm(REQUEST=REQUEST, form_id=form_id,
-      referer = referer.replace('reset:int=', 'noreset:int=')
+                                            query_string=query_string)
-      return request.RESPONSE.redirect(referer) 
    security.declareProtected(ERP5Permissions.View, 'setDomainRoot')
-    def setDomainRoot(self, REQUEST):
+    def setDomainRoot(self, REQUEST, form_id=None, query_string=None):
      """
        Sets the root domain for the current selection
      """
-      request = REQUEST
+      selection_name = REQUEST.list_selection_name
-      #form_id = request.form_id
-      selection_name = request.list_selection_name
      selection = self.getSelectionFor(selection_name, REQUEST)
-      root_url = request.form.get('domain_root_url','portal_categories')
+      root_url = REQUEST.form.get('domain_root_url','portal_categories')
      selection.edit(domain_path=root_url, domain_list=())
-      return request.RESPONSE.redirect(request['HTTP_REFERER'])
+      if REQUEST is not None:
+        return self._redirectToOriginalForm(REQUEST=REQUEST, form_id=form_id,
+                                            query_string=query_string)
    security.declareProtected(ERP5Permissions.View, 'unfoldDomain')
-    def unfoldDomain(self, REQUEST):
+    def unfoldDomain(self, REQUEST, form_id=None, query_string=None):
      """
        Sets the root domain for the current selection
      """
-      request = REQUEST
+      selection_name = REQUEST.list_selection_name
-      #form_id = request.form_id
-      selection_name = request.list_selection_name
      selection = self.getSelectionFor(selection_name, REQUEST)
-      domain_url = request.form.get('domain_url',None)
+      domain_url = REQUEST.form.get('domain_url',None)
-      domain_depth = request.form.get('domain_depth',0)
+      domain_depth = REQUEST.form.get('domain_depth',0)
      domain_list = list(selection.getDomainList())
      domain_list = domain_list[0:min(domain_depth, len(domain_list))]
-      if type(domain_url) == type('a'):
+      if isinstance(domain_url, str):
        selection.edit(domain_list = domain_list + [domain_url])
-      return request.RESPONSE.redirect(request['HTTP_REFERER'])
+      if REQUEST is not None:
+        return self._redirectToOriginalForm(REQUEST=REQUEST, form_id=form_id,
+                                            query_string=query_string)
    security.declareProtected(ERP5Permissions.View, 'foldDomain')
-    def foldDomain(self, REQUEST):
+    def foldDomain(self, REQUEST, form_id=None, query_string=None):
      """
        Sets the root domain for the current selection
      """
-      request = REQUEST
+      selection_name = REQUEST.list_selection_name
-      #form_id = request.form_id
-      selection_name = request.list_selection_name
      selection = self.getSelectionFor(selection_name, REQUEST)
-      domain_url = request.form.get('domain_url',None)
+      domain_url = REQUEST.form.get('domain_url',None)
-      domain_depth = request.form.get('domain_depth',0)
+      domain_depth = REQUEST.form.get('domain_depth',0)
      domain_list = list(selection.getDomainList())
      domain_list = domain_list[0:min(domain_depth, len(domain_list))]
-      selection.edit(domain_list=filter(lambda x:x != domain_url, domain_list))
+      selection.edit(domain_list=[x for x in domain_list if x != domain_url])
-      return request.RESPONSE.redirect(request['HTTP_REFERER'])
+      if REQUEST is not None:
+        return self._redirectToOriginalForm(REQUEST=REQUEST, form_id=form_id,
+                                            query_string=query_string)
    security.declareProtected(ERP5Permissions.View, 'setReportRoot')
-    def setReportRoot(self, REQUEST):
+    def setReportRoot(self, REQUEST, form_id=None, query_string=None):
      """
        Sets the root domain for the current selection
      """
-      request = REQUEST
+      selection_name = REQUEST.list_selection_name
-      #form_id = request.form_id
-      selection_name = request.list_selection_name
      selection = self.getSelectionFor(selection_name, REQUEST)
-      root_url = request.form.get('report_root_url','portal_categories')
+      root_url = REQUEST.form.get('report_root_url','portal_categories')
      selection.edit(report_path=root_url, report_list=())
-      return request.RESPONSE.redirect(request['HTTP_REFERER'])
+      if REQUEST is not None:
+        return self._redirectToOriginalForm(REQUEST=REQUEST, form_id=form_id,
+                                            query_string=query_string)
    security.declareProtected(ERP5Permissions.View, 'unfoldReport')
-    def unfoldReport(self, REQUEST):
+    def unfoldReport(self, REQUEST, form_id=None, query_string=None):
      """
        Sets the root domain for the current selection
        report_list is a list of relative_url of category, domain, etc.
      """
-      request = REQUEST
+      selection_name = REQUEST.list_selection_name
-      #form_id = request.form_id
-      selection_name = request.list_selection_name
      selection = self.getSelectionFor(selection_name, REQUEST)
-      report_url = request.form.get('report_url',None)
+      report_url = REQUEST.form.get('report_url',None)
      if type(report_url) == type('a'):
        selection.edit(report_list=list(selection.getReportList()) + [report_url])
-      referer = request['HTTP_REFERER']
+      return self._redirectToOriginalForm(REQUEST=REQUEST, form_id=form_id,
-      referer = referer.replace('report_depth:int=', 'noreport_depth:int=')
+                                          query_string=query_string,
-      return request.RESPONSE.redirect(referer)
+                                          no_report_depth=True)
    security.declareProtected(ERP5Permissions.View, 'foldReport')
-    def foldReport(self, REQUEST):
+    def foldReport(self, REQUEST, form_id=None, query_string=None):
      """
        Sets the root domain for the current selection
      """
-      request = REQUEST
+      selection_name = REQUEST.list_selection_name
-      #form_id = request.form_id
-      selection_name = request.list_selection_name
      selection = self.getSelectionFor(selection_name, REQUEST)
-      report_url = request.form.get('report_url',None)
+      report_url = REQUEST.form.get('report_url',None)
      if type(report_url) == type('a'):
        report_list = selection.getReportList()
-        selection.edit(report_list=filter(lambda x:x != report_url, report_list))
+        selection.edit(report_list=[x for x in report_list if x != report_url])
-      referer = request['HTTP_REFERER']
+      return self._redirectToOriginalForm(REQUEST=REQUEST, form_id=form_id,
-      referer = referer.replace('report_depth:int=', 'noreport_depth:int=')
+                                          query_string=query_string,
-      return request.RESPONSE.redirect(referer)
+                                          no_report_depth=True)
    security.declareProtected(ERP5Permissions.View, 'getListboxDisplayMode')
    def getListboxDisplayMode(self, selection_name, REQUEST=None):
      if REQUEST is None:
        REQUEST = get_request()
      selection = self.getSelectionFor(selection_name, REQUEST)
      if getattr(selection, 'report_tree_mode', 0):
        return 'ReportTreeMode'
      elif getattr(selection, 'domain_tree_mode', 0):
        return 'DomainTreeMode'
      return 'FlatListMode'
    security.declareProtected(ERP5Permissions.View, 'setListboxDisplayMode')
    def setListboxDisplayMode(self, REQUEST, listbox_display_mode, 
-                              selection_name=None, redirect=0):
+                              selection_name=None, redirect=0,
+                              form_id=None, query_string=None):
      """
        Toogle display of the listbox
      """
@@ -723,7 +735,7 @@ class SelectionTool( UniqueObject, SimpleItem ):
        flat_list_mode = 0
        domain_tree_mode = 0
        report_tree_mode = 0      
      selection.edit(flat_list_mode=flat_list_mode,
                     domain_tree_mode=domain_tree_mode,
                     report_tree_mode=report_tree_mode)
@@ -733,12 +745,9 @@ class SelectionTool( UniqueObject, SimpleItem ):
      selection.edit(params = params)
      if redirect:
-        referer = request['HTTP_REFERER']
+        return self._redirectToOriginalForm(REQUEST=request, form_id=form_id,
-        referer = referer.replace('noreset=', 'reset=')
+                                            query_string=query_string,
-        referer = referer.replace('noreset:int=', 'reset:int=')
+                                            no_reset=True)
-        referer = referer.replace('reset=', 'noreset=')
-        referer = referer.replace('reset:int=', 'noreset:int=')
-        return request.RESPONSE.redirect(referer)
    security.declareProtected(ERP5Permissions.View, 'setFlatListMode')
    def setFlatListMode(self, REQUEST, selection_name=None):
@@ -996,7 +1005,6 @@ class SelectionTool( UniqueObject, SimpleItem ):
          property_get_related_uid_method_name = \
            "get%sUidList" % ''.join(['%s%s' % (x[0].upper(), x[1:]) \
                                      for x in base_category.split('_')])
          current_uid_list = getattr(o, property_get_related_uid_method_name)\
                               (portal_type=[x[0] for x in \
                                  field.get_value('portal_type')])
@@ -1083,7 +1091,7 @@ class SelectionTool( UniqueObject, SimpleItem ):
                return aq_base_name
            else:
              sub_index = None
            # generate dynamicaly needed forwarder methods
            def viewSearchRelatedDocumentDialogWrapper(self, form_id, 
                                                       REQUEST=None, **kw):