Message 111449 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ronaldoussoren
Recipients	antlong, belopolsky, eric.araujo, eric.smith, jkloth, loewis, mark.dickinson, ronaldoussoren, vstinner
Date	2010-07-24.10:41:10
SpamBayes Score	0.004647368
Marked as misclassified	No
Message-id	<1279968073.12.0.466559754465.issue9335@psf.upfronthosting.co.za>
In-reply-to

Content
I agree with Martin that the security problem would be in the application, not python itself. Testing with isalpha is generally not the right thing to do anyway, it is much better to restrict input to a know-good set of data, such as by using regular expressions. For multi-byte encodings like UTF-8 you cannot rely on per-byte calls to isalpha anyway. The situation is even worse for an encoding like Shift-JIS where you need context to know if a byte is part of a multi-byte value.

I agree with Martin that the security problem would be in the application, not python itself.

Testing with isalpha is generally not the right thing to do anyway, it is much better to restrict input to a know-good set of data, such as by using regular expressions.  For multi-byte encodings like UTF-8 you cannot rely on per-byte calls to isalpha anyway.  The situation is even worse for an encoding like Shift-JIS where you need context to know if a byte is part of a multi-byte value.

History
Date	User	Action	Args
2010-07-24 10:41:13	ronaldoussoren	set	recipients: + ronaldoussoren, loewis, mark.dickinson, belopolsky, vstinner, eric.smith, jkloth, eric.araujo, antlong
2010-07-24 10:41:13	ronaldoussoren	set	messageid: <1279968073.12.0.466559754465.issue9335@psf.upfronthosting.co.za>
2010-07-24 10:41:11	ronaldoussoren	link	issue9335 messages
2010-07-24 10:41:10	ronaldoussoren	create