Fix 'skip html quote' check to correctly look in strings with a zero …

…char

src/DocumentTemplate/cDocumentTemplate.c

@@ -665,6 +665,7 @@ render_blocks_(PyObject *blocks, PyObject *rendered,
 	       PyObject *md, PyObject *mda)
 {
   PyObject *block, *t, *args;
+  size_t n;
   int l, i, k=0, append;
   int skip_html_quote;
 
@@ -725,10 +726,11 @@ render_blocks_(PyObject *blocks, PyObject *rendered,
                 {
                   if (PyString_Check(t))
                     {
-                      if (strchr(PyString_AS_STRING(t), '&') ||
-                          strchr(PyString_AS_STRING(t), '<') ||
-                          strchr(PyString_AS_STRING(t), '>') ||
-                          strchr(PyString_AS_STRING(t), '"')     )
+                      n = (size_t) PyString_GET_SIZE(t);
+                      if (memchr(PyString_AS_STRING(t), '&', n) ||
+                          memchr(PyString_AS_STRING(t), '<', n) ||
+                          memchr(PyString_AS_STRING(t), '>', n) ||
+                          memchr(PyString_AS_STRING(t), '"', n))
                         {
                           /* string includes html problem characters, so
                              we cant skip the quoting process */

src/DocumentTemplate/tests/testDTML.py

@@ -14,6 +14,7 @@
 """
 
 import unittest
+from DocumentTemplate.html_quote import html_quote
 
 
 class DTMLTests(unittest.TestCase):
@@ -221,6 +222,15 @@ def testNull(self):
         res = html(spam=42) + html(spam=None)
         assert res == expected, res
 
+    def testSkipQuote(self):
+        methods = "html_quote",
+        a = '\0he>llo'
+        for method in methods:
+            html = self.doc_class('<dtml-var a %s>' % method)
+            expected = html_quote(a)
+            res = html(a=a)
+            self.assertEqual(res, expected)
+
     def testUrlUnquote(self):
         html1 = self.doc_class(
             """