Edgewall Software

Ticket #151 (new defect)

Opened 22 months ago

Last modified 4 months ago

Undefined behavor of extended iteration

Reported by: aronacher Owned by: cmlenz
Priority: major Milestone: 0.6
Component: General Version: 0.4.4
Keywords: Cc:

Description (last modified by cmlenz) (diff)

Right now for foo.bar, blub['blah'] in something is undefined in genshi (it does nothing, especially no error) and for foo['a in b'] in bar breaks with a syntax error although it's valid python.

Because of my work on the sandboxed branch it's important that iterations do not modify existing objects because they could be persistent, thus shared among renderings. A quickfix would be changing the in split to a regex like this: 

r([A-Za-z_][A-Za-z0-9_]*(\s*,\s*[A-Za-z_][A-Za-z0-9_]*)*)\s+in

That would then automatically close the security problem of the sandbox branch too.

Attachments

Change History

Changed 22 months ago by cmlenz

  • description modified (diff)

(fixed formatting of description)

Changed 19 months ago by Armin Ronacher

Here a regexp that supports nested tuples. Hackish because it also matches some invalid constructs but a user gets a parsing error later anyways:

r'([(A-Za-z_][A-Za-z0-9_)]*(\s*,\s*[(A-Za-z_][A-Za-z0-9_)]*)*)\s+in'

Changed 13 months ago by cmlenz

  • priority changed from blocker to major
  • milestone changed from 0.5 to 0.5.1

Postponing.

Changed 12 months ago by cmlenz

  • milestone changed from 0.5.1 to 0.5.2

Changed 11 months ago by anonymous

sddsdsdddsddds

Changed 4 months ago by cmlenz

  • milestone changed from 0.5.2 to 0.6

Add/Change #151 (Undefined behavor of extended iteration)

Author


E-mail address and user name can be saved in the Preferences.


Change Properties
<Author field>
Action
as new
as The resolution will be set. Next status will be 'closed'
to The owner will change from cmlenz. Next status will be 'new'
The owner will change from cmlenz to anonymous. Next status will be 'assigned'
 
Note: See TracTickets for help on using tickets.