Ah, cool. That'll save me a fair bit of time in the future :)
Nick
Krys wrote:
> Hi there,
>
> it seems to me that your eval("someinstance.object." + userinput) is
> functionally equivalent to getattr(someinstance.object, userinput),
> which would be safer and yet still flexible.
>
> The using a dictionary (as mentioned below), or your attrdict is doing
> essentially the same thing.
>
> Also, FWIW, TurboGears already has an attrdict-lke object called a
> Bunch. Using it would save you some code and having to maintain the
> attrdict. It's in turbogears.util, I believe.
>
> Anyway, hope this helps.
> Krys
>
> On Mar 20, 5:35 pm, Nick Murdoch <[EMAIL PROTECTED]> wrote:
>> I came across a circumstance today where it'd have been really useful to
>> do eval("someinstance.object." + userinput) but, well, for a start that
>> looks UGLY. I ended up just reimplementing the object as a subclass of dict.
>>
>> class attrdict(dict):
>> def __getattr__(self, name):
>> return self[name]
>> def __setattr__(self, name, val):
>> self[name] = val
>>
>> Saves having to rewrite all your previous code with object.something
>> rather than object['something']. :)
>>
>> Rick wrote:
>>> I can't think of anything at all you can do here -- one word will just
>>> do a lookup in the locals(), and failing that, the globals() dict and
>>> return you the object. There is no method of which I'm aware to
>>> subvert that process. (But just to be sure, why not just do
>>> locals().get(name, globals().get(name))? It's also safe, doesn't
>>> incur the re overhead, and doesn't tempt you to later allow the user
>>> to do other stuff.)
>>> On Mar 20, 4:16 pm, iain duncan <[EMAIL PROTECTED]> wrote:
>>>> I know one has to be *very careful* using eval with anything that comes
>>>> from a url submission. It would however, but out a lot of conditionals.
>>>> Can anyone tell me if it is safe to eval a string provided I previously
>>>> do a positive match against it with an re containing alphabetical
>>>> characters only? Is there anyway for python to do damage evaling one
>>>> word?
>>>> Thanks
>>>> Iain
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
