`eval(the_string, globals = {"__builtins__":None}, locals = {})`
should do it. This removes access from all functions. Add any
functions that are needed by adding them to the "locals" dictionary.As stated in: http://stackoverflow.com/questions/661084/security-of-pythons-eval-on-untrusted-strings and http://lybniz2.sourceforge.net/safeeval.html On Sep 9, 11:50 pm, Mikie <thephantom6...@hotmail.com> wrote: > I need to be able to input a string like this --- > L1="[3,10,15,23,25,30,3,[5]*3]" > Need the repeated values for the 5. If I don't have repeated values > your code works. > I have done some error traping for "eval". Users can not put > something like "rm". > > On Sep 8, 2:38 pm, Robert Bradshaw <rober...@math.washington.edu> > wrote: > > > On Sep 8, 2009, at 11:28 AM, Mikie wrote: > > > > Here is the function > > > ------------------------------- > > > def BasicStats1a(exp1): > > > v = exp1 > > > v1 = eval(v);Count_=len(v1) > > > sort_v1=sorted(v1) > > > M1 =stats.mode(v1); v3=eval(str(M1[0])); v4=eval(str(M1[1])) > > > R1 = stats.mean(v1);R2 = stats.median(v1) > > > R3 = stats.std(v1) > > > var_=R3**2 > > > return R1,R2,R3,Count_,sort_v1,var_,v3,v4 > > > ------------------------------------------------------------ > > > You can see the eval's. Is there a security problem with sage_eval? > > > Yes. > > > > The string comes from a form. > > > You should look up string processing in Python, I think that would > > help a lot in much of what you're trying to do here. For example, > > > sage: s = "1,2,3,4,100" > > sage: [ZZ(x) for x in s.split(',')] > > [1, 2, 3, 4, 100] > > > This is fast, safe, and more clear than the above. > > > - Robert --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-support@googlegroups.com To unsubscribe from this group, send email to sage-support-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-support URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
