Message280122
Christian, I think our patches are quite similar in function. They only allow limited tokens.
> I consider it a superior solution and a fix for more generic attacks
Mine now still allows **. But it can be easily fixed.
But both our patches still translate a C expression to Python and still suffer from nested ternary operator and different semantics between C and Python, e.g. (2==2==2 as Serhiy notes). :-( I plan to try a simple parser. |
|
Date |
User |
Action |
Args |
2016-11-05 19:21:44 | xiang.zhang | set | recipients:
+ xiang.zhang, loewis, christian.heimes, serhiy.storchaka, Carl Ekerot |
2016-11-05 19:21:44 | xiang.zhang | set | messageid: <1478373704.93.0.465961593963.issue28563@psf.upfronthosting.co.za> |
2016-11-05 19:21:44 | xiang.zhang | link | issue28563 messages |
2016-11-05 19:21:44 | xiang.zhang | create | |
|