subject:"\[issue11641\] raw_input\(\) \-> input\(\) security issue"

[issue11641] raw_input() -> input() security issue

2011-03-22 Thread Éric Araujo

Éric Araujo added the comment: I find http://docs.python.org/dev/library/functions#input clear enough. Remember that 3.x is a clean cut, it does not carry information for 2.x users; those have enough information with http://docs.python.org/py3k/whatsnew/3.0#builtins IMO. -- componen

[issue11641] raw_input() -> input() security issue

2011-03-22 Thread Brian Curtin

Changes by Brian Curtin : -- type: security -> ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.pyt

[issue11641] raw_input() -> input() security issue

2011-03-22 Thread anatoly techtonik

anatoly techtonik added the comment: Sorry. I've incidentally run converted file with Python 2.x. To avoid future confusions, should there be a reference in 2to3 docs to the behavior change for input() function? >From http://docs.python.org/library/2to3#2to3fixer-raw_input to >http://docs.py

[issue11641] raw_input() -> input() security issue

2011-03-22 Thread Eric Smith

Changes by Eric Smith : -- resolution: -> invalid status: open -> closed type: security -> ___ Python tracker ___ ___ Python-bugs-li

[issue11641] raw_input() -> input() security issue

2011-03-22 Thread Brian Curtin

Brian Curtin added the comment: This is incorrect. Please look at Python/bltinmodule.c for how input() is implemented - there is no eval involved. -- nosy: +brian.curtin ___ Python tracker ___

[issue11641] raw_input() -> input() security issue

2011-03-22 Thread Andreas Stührk

Andreas Stührk added the comment: `input()` in Python 3 is the same as `raw_input()` in Python 2. It does not evaluate the input as Python code. -- nosy: +Trundle ___ Python tracker __

[issue11641] raw_input() -> input() security issue

2011-03-22 Thread anatoly techtonik

Changes by anatoly techtonik : Added file: http://bugs.python.org/file21348/python3-security.py ___ Python tracker ___ ___ Python-bugs-list ma

[issue11641] raw_input() -> input() security issue

2011-03-22 Thread anatoly techtonik

New submission from anatoly techtonik : 2to3 converts raw_input() calls into input(), and input() runs all user data through eval(). This opens a hole in previously secure Python2.x applications. Is the author of this change aware of the issue? -- components: 2to3 (2.x to 3.0 conversio

[issue11641] raw_input() -> input() security issue

[issue11641] raw_input() -> input() security issue

[issue11641] raw_input() -> input() security issue

[issue11641] raw_input() -> input() security issue

[issue11641] raw_input() -> input() security issue

[issue11641] raw_input() -> input() security issue

[issue11641] raw_input() -> input() security issue

[issue11641] raw_input() -> input() security issue

8 matches

Site Navigation

Mail list logo

Footer information