Message234446
Here's a patch which uses ast.literal_eval instead. This doesn't get code executed, since literal_eval will fail loudly for anything other than a literal. There are some issues to consider:
- let the current ast.literal_eval call bubble out with a lot of different exceptions
- normalize the exception to dbm.dumb.error.
I'm leaning towards the first, since it clearly shows that something bad happened in the module and it's a first indicator that someone tampered with the data file. |
|
Date |
User |
Action |
Args |
2015-01-21 22:07:01 | Claudiu.Popa | set | recipients:
+ Claudiu.Popa, lemburg, r.david.murray, Guido.van.Rossum, stephen.farris |
2015-01-21 22:07:01 | Claudiu.Popa | set | messageid: <1421878021.4.0.65917302318.issue22885@psf.upfronthosting.co.za> |
2015-01-21 22:07:01 | Claudiu.Popa | link | issue22885 messages |
2015-01-21 22:07:01 | Claudiu.Popa | create | |
|