Let's move this to the developers list. Ok but I would simplify. How about
we make a whitelist instead of a blacklist? Also the fix as proposed can
create key conflicts. How about we simply make the
key = re.compile('\W+').sub('-',key)+'-'+hashlib.md5(key).hexdigest()
On Tuesday, 9 December 2014 06:10:17 UTC-6, Leonel Câmara wrote:
>
> The fix for this could be relatively straightforward you would replace
> invalid chars in the key. For instance in cache.py > CacheOnDisk >
> PersistentStorage you could have something like this in the __init__
>
> self.invalid_chars_regex = re.compile(r"""[\\ / \: \* \? "\< \> |]+""")
>
> Then you could add a method like this:
>
> def fix_key_name(self, key):
> def encode_invalid(m):
> s = m.group()
> import base64
> return base64.b16encode(s)
> return self.invalid_chars_regex.sub(encode_invalid, key)
>
> Then you would pass the key trough this in __getitem__, __setitem__, get,
> etc.
>
> key = self.fix_key_name(key)
>
>
> This sort of fixes the issue.
>
> The problem is that cache clear allows regex removals which will break
> with this, as in - they will not remove certain items with these special
> characters. Another problem is that you could very carefully craft
> different keys that would collide with these regex replaced keys although
> they were in fact different keys.
>
> I've attached a cache.py with these modifications that you can use while I
> (or any of you guys really) think of a better and definite solution.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
