On Oct 23, 2009, at 3:00 PM, Yuen Ho Wong wrote:
> Yuen Ho Wong <wyue...@gmail.com> added the comment:
> Ok I wasn't sure what security hole you were referring to, now I
> understand better.
> Here's a pseudo code solution:
> if isinstance(who_userid, int):
> who_userid = "int(" + who_userid + ")"
> elif isinstance(who_userid, float):
> who_userid = "float(" + who_userid + ")"
> elif isinstance(who_userid, str):
> raise ValueError
> When you parse the cookie, just do eval(). When the type is a str,
> check the global charset var
> for an appropriate charset to decode to. Is this an accceptable
You aren't serious are you? I hope not 8^)
Repoze-dev mailing list