]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 90d62ab) | patch
At Barry's suggestion, plug the security leak by using an empty
authorGuido van Rossum <guido@python.org>
Wed, 10 Dec 1997 22:59:55 +0000 (22:59 +0000)
committerGuido van Rossum <guido@python.org>
Wed, 10 Dec 1997 22:59:55 +0000 (22:59 +0000)
commitd0753e20b256057a6320e95e43974f053f4123f1
tree16b8823424a3726cbcd52b7f68f47318599c2631tree | snapshot
parent90d62ab0a175b8f3451ee74f29d5de83650e2292commit | diff
At Barry's suggestion, plug the security leak by using an empty
__builtins__ for all calls to eval().  This still allows someone to
write string.atof("[1]*1000000") (which Jim Fulton worries about) but
effectively disables access to system modules and functions.
Lib/string.py diff | blob | history
Lib/stringold.py diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.