Edgewall Software

Ticket #151 (new defect)

Opened 13 months ago

Last modified 2 months ago

Undefined behavor of extended iteration

Reported by: aronacher Owned by: cmlenz
Priority: major Milestone: 0.5.2
Component: General Version: 0.4.4
Keywords: Cc:

Description (last modified by cmlenz) (diff)

Right now for foo.bar, blub['blah'] in something is undefined in genshi (it does nothing, especially no error) and for foo['a in b'] in bar breaks with a syntax error although it's valid python.

Because of my work on the sandboxed branch it's important that iterations do not modify existing objects because they could be persistent, thus shared among renderings. A quickfix would be changing the in split to a regex like this: 

r([A-Za-z_][A-Za-z0-9_]*(\s*,\s*[A-Za-z_][A-Za-z0-9_]*)*)\s+in

That would then automatically close the security problem of the sandbox branch too.

Attachments

Change History

Changed 13 months ago by cmlenz

  • description modified (diff)

(fixed formatting of description)

Changed 10 months ago by Armin Ronacher

Here a regexp that supports nested tuples. Hackish because it also matches some invalid constructs but a user gets a parsing error later anyways:

r'([(A-Za-z_][A-Za-z0-9_)]*(\s*,\s*[(A-Za-z_][A-Za-z0-9_)]*)*)\s+in'

Changed 4 months ago by cmlenz

  • priority changed from blocker to major
  • milestone changed from 0.5 to 0.5.1

Postponing.

Changed 3 months ago by cmlenz

  • milestone changed from 0.5.1 to 0.5.2

Changed 2 months ago by anonymous

sddsdsdddsddds

Add/Change #151 (Undefined behavor of extended iteration)

Author



Change Properties
<Author field>
Action
as new
as The resolution will be set. Next status will be 'closed'
to The owner will change from cmlenz. Next status will be 'new'
The owner will change from cmlenz to anonymous. Next status will be 'assigned'
 
Note: See TracTickets for help on using tickets.