I came across a circumstance today where it'd have been really useful to
do eval("someinstance.object." + userinput) but, well, for a start that
looks UGLY. I ended up just reimplementing the object as a subclass of dict.
class attrdict(dict):
def __getattr__(self, name):
return self[name]
def __setattr__(self, name, val):
self[name] = val
Saves having to rewrite all your previous code with object.something
rather than object['something']. :)
Rick wrote:
> I can't think of anything at all you can do here -- one word will just
> do a lookup in the locals(), and failing that, the globals() dict and
> return you the object. There is no method of which I'm aware to
> subvert that process. (But just to be sure, why not just do
> locals().get(name, globals().get(name))? It's also safe, doesn't
> incur the re overhead, and doesn't tempt you to later allow the user
> to do other stuff.)
>
> On Mar 20, 4:16 pm, iain duncan <[EMAIL PROTECTED]> wrote:
>> I know one has to be *very careful* using eval with anything that comes
>> from a url submission. It would however, but out a lot of conditionals.
>> Can anyone tell me if it is safe to eval a string provided I previously
>> do a positive match against it with an re containing alphabetical
>> characters only? Is there anyway for python to do damage evaling one
>> word?
>>
>> Thanks
>> Iain
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
