- make the ZMI Find tab work for searching HTML tags

zopefoundation · Apr 2, 2019 · db9edbd · db9edbd
1 parent 35aa36e
commit db9edbd
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 1 deletion.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -11,6 +11,12 @@ https://github.com/zopefoundation/Zope/blob/4.0a6/CHANGES.rst
 4.0b11 (unreleased)
 -------------------
 
+Fixes
++++++
+
+- make the ZMI `Find` tab work for searching HTML tags
+  by adding support for `Tainted` strings in ``ZopeFind``
+
 Features
 ++++++++
 

diff --git a/src/OFS/FindSupport.py b/src/OFS/FindSupport.py
@@ -18,6 +18,7 @@
 from AccessControl.class_init import InitializeClass
 from AccessControl.Permission import getPermissionIdentifier
 from AccessControl.Permissions import view_management_screens
+from AccessControl.tainted import TaintedString
 from Acquisition import aq_base
 from Acquisition import aq_parent
 from App.special_dtml import DTMLFile
@@ -126,6 +127,11 @@ def ZopeFindAndApply(self, obj, obj_ids=None, obj_metatypes=None,
 
             bs = aq_base(ob)
             if obj_searchterm:
+                if isinstance(obj_searchterm, TaintedString):
+                    obj_searchterm = str(obj_searchterm)
+                    if six.PY3 and not isinstance(obj_searchterm, str):
+                        obj_searchterm = obj_searchterm.decode(
+                            default_encoding)
                 if hasattr(ob, 'PrincipiaSearchSource'):
                     pss = ob.PrincipiaSearchSource()
                     if six.PY3 and not isinstance(pss, str):

diff --git a/src/OFS/tests/testFindSupport.py b/src/OFS/tests/testFindSupport.py
@@ -55,8 +55,18 @@ def func(obj, p):
         self.assertEqual(self.base['2'].id, 'foo2')
         self.assertEqual(self.base['3'].id, '3')
 
+    def test_find_text(self):
+        # Make sure ZopeFind can handle normal text
+        findme = 'findme'
+        self.base['doc1'] = DummyItem('doc1', text=findme)
+        self.base['doc2'] = DummyItem('doc2', text=findme)
+
+        res = self.base.ZopeFind(self.base, obj_searchterm=findme)
+        self.assertEqual(len(res), 2)
+        self.assertEqual(set([x[0] for x in res]), set(['doc1', 'doc2']))
+
     @unittest.skipIf(six.PY2, 'Not applicable under Python 2')
-    def test_find_apply_text(self):
+    def test_find_text_nonascii(self):
         # Make sure ZopeFind can handle text and encoded text (binary) data
         unencoded = u'\xfcml\xe4\xfct'
         encoded = u'\xfcml\xe4\xfct'.encode('UTF-8')
@@ -66,3 +76,25 @@ def test_find_apply_text(self):
         res = self.base.ZopeFind(self.base, obj_searchterm=unencoded)
         self.assertEqual(len(res), 2)
         self.assertEqual(set([x[0] for x in res]), set(['text', 'bytes']))
+
+    def test_find_text_tainted(self):
+        # Make sure ZopeFind can handle "Tainted" text for searches
+        # Tainted strings are created when the publisher sees what appears
+        # to be HTML code in the input, e.g. when you enter a HTML tag into
+        # the Find tab form in "containing"
+        from AccessControl.tainted import TaintedBytes
+        from AccessControl.tainted import TaintedString
+
+        findme = 'findme'
+        self.base['doc1'] = DummyItem('doc1', text=findme)
+        self.base['doc2'] = DummyItem('doc2', text=findme)
+
+        tainted_string = TaintedString(findme)
+        res = self.base.ZopeFind(self.base, obj_searchterm=tainted_string)
+        self.assertEqual(len(res), 2)
+        self.assertEqual(set([x[0] for x in res]), set(['doc1', 'doc2']))
+
+        tainted_bytes = TaintedBytes(six.b(findme))
+        res = self.base.ZopeFind(self.base, obj_searchterm=tainted_bytes)
+        self.assertEqual(len(res), 2)
+        self.assertEqual(set([x[0] for x in res]), set(['doc1', 'doc2']))