Better escaping for GET /v1/a?format=xml.

Commit 8f9b135 fixed a bug where an XML attribute could have arbitrary
characters jammed into it, resulting in a document with arbitrary
tags... and it did remove the ability to get an arbitrary XML document
out of the object server. However, it left a couple of ways to get a
malformed XML document, one example of which is an account named ".

This fixes up the remaining ways and ensures you always get a
well-formed XML document in the account-listing response. Also, it
adds a unit test for the escaping of the container name; this was
already working, just untested.

If you look in the discussion for bug 1183884, you'll see that the
review comments there are basically "seems good, but could use a unit
test". (The astute reader will note that I am one of the guilty
parties in that review.)

I found this bug while writing the missing unit test.

The moral of this story is left as an exercise for the reader.

Fixes bug 1183884 harder.

Change-Id: I84b24dd930ba1bb6c4f674f8d3996639dedbce15

swift/account/utils.py

@@ -96,7 +96,7 @@ def account_listing_response(account, req, response_content_type, broker=None,
         account_list = json.dumps(data)
     elif response_content_type.endswith('/xml'):
         output_list = ['<?xml version="1.0" encoding="UTF-8"?>',
-                       '<account name="%s">' % saxutils.escape(account)]
+                       '<account name=%s>' % saxutils.quoteattr(account)]
         for (name, object_count, bytes_used, is_subdir) in account_list:
             name = saxutils.escape(name)
             if is_subdir:

test/unit/account/test_server.py

@@ -632,6 +632,43 @@ def test_GET_with_containers_xml(self):
         self.assertEquals(node.firstChild.nodeValue, '4')
         self.assertEquals(resp.charset, 'utf-8')
 
+    def test_GET_xml_escapes_account_name(self):
+        req = Request.blank(
+            '/sda1/p/%22%27',   # "'
+            environ={'REQUEST_METHOD': 'PUT', 'HTTP_X_TIMESTAMP': '0'})
+        self.controller.PUT(req)
+
+        req = Request.blank(
+            '/sda1/p/%22%27?format=xml',
+            environ={'REQUEST_METHOD': 'GET', 'HTTP_X_TIMESTAMP': '1'})
+        resp = self.controller.GET(req)
+
+        dom = xml.dom.minidom.parseString(resp.body)
+        self.assertEquals(dom.firstChild.attributes['name'].value, '"\'')
+
+    def test_GET_xml_escapes_container_name(self):
+        req = Request.blank(
+            '/sda1/p/a',
+            environ={'REQUEST_METHOD': 'PUT', 'HTTP_X_TIMESTAMP': '0'})
+        self.controller.PUT(req)
+
+        req = Request.blank(
+            '/sda1/p/a/%22%3Cword',  # "<word
+            environ={'REQUEST_METHOD': 'PUT', 'HTTP_X_TIMESTAMP': '1',
+                     'HTTP_X_PUT_TIMESTAMP': '1', 'HTTP_X_OBJECT_COUNT': '0',
+                     'HTTP_X_DELETE_TIMESTAMP': '0', 'HTTP_X_BYTES_USED': '1'})
+        self.controller.PUT(req)
+
+        req = Request.blank(
+            '/sda1/p/a?format=xml',
+            environ={'REQUEST_METHOD': 'GET', 'HTTP_X_TIMESTAMP': '1'})
+        resp = self.controller.GET(req)
+        dom = xml.dom.minidom.parseString(resp.body)
+
+        self.assertEquals(
+            dom.firstChild.firstChild.nextSibling.firstChild.firstChild.data,
+            '"<word')
+
     def test_GET_limit_marker_plain(self):
         req = Request.blank('/sda1/p/a', environ={'REQUEST_METHOD': 'PUT',
             'HTTP_X_TIMESTAMP': '0'})