Ruud de Jong wrote:
> Steven Bethard schreef:
>> But unless the person eval-ing your code *only* writes immaculate
>> code I can see that you can probably screw them. ;) I wonder why
>> __subclasses__ isn't a restricted attribute... Is it ever used for
>> something that isn't evil? ;)
>>
>> S
Steven Bethard schreef:
> But unless the person eval-ing your code *only* writes immaculate code I
> can see that you can probably screw them. ;) I wonder why
> __subclasses__ isn't a restricted attribute... Is it ever used for
> something that isn't evil? ;)
>
> STeVe
Completely off topic,
Duncan Booth wrote:
> Steven Bethard wrote:
>
>
>>Interestingly, I don't seem to be able to create a file object as a
>>class attribute in restricted mode:
>>
>>py> class C(object):
>>... def __init__(self):
>>... self.f = file('temp.txt', 'w')
>>...
>>py> eval('''[ cls for cls in
>>
flyaflya wrote:
> a = "(1,2,3)"
> I want convert a to tuple:(1,2,3),but tuple(a) return ('(', '1', ',',
> '2', ',', '3', ')') not (1,2,3)
Probably a bit late... but there's always listquote - It's part of the
pythonutils module.
http://www.voidspace.org.uk/python/pythonutils.html
It will turn st
Steven Bethard wrote:
> Interestingly, I don't seem to be able to create a file object as a
> class attribute in restricted mode:
>
> py> class C(object):
> ... def __init__(self):
> ... self.f = file('temp.txt', 'w')
> ...
> py> eval('''[ cls for cls in
> {}.__class__.__bases__[0]._
Duncan Booth wrote:
> e.g. Assuming that the MyDatabase class does something nasty to a file:
>
class MyDatabase(object):
>
> def __init__(self, filename):
> self.filename = filename
> def initialise(self):
> print "Splat %s" % self.filename
>
eval('''[ cls for cl
Steven Bethard wrote:
> Duncan Booth wrote:
>> any new style class you have defined and call any of its methods with
>> whatever arguments I wish.
>
> Any new style class that I've defined? Or just any one I pass in as
> part of dict(__builtins__=None, ...)? If the former, could you
> elabora
Duncan Booth wrote:
> Steven Bethard wrote:
>
>>But you can try it at home if you set __builtins__ to something other
>>than the default:
>>
>>py> eval("""__import__("os").system('echo "hello"')""",
>>dict(__builtins__=None))
>>Traceback (most recent call last):
>> File "", line 1, in ?
>> F
Steven Bethard wrote:
>> Have you tried giving it the string '__import__("os").system("rm -rf
>> *")'? [Don't try that at home children!]
>
> But you can try it at home if you set __builtins__ to something other
> than the default:
>
> py> eval("""__import__("os").system('echo "hello"')""",
>
Duncan Booth wrote:
> Dan Bishop wrote:
>> Or if you do use eval, don't give it access to any names.
[snip]
>> os.system("rm -rf *")
>> Traceback (most recent call last):
>> File "", line 1, in ?
>> File "", line 0, in ?
>> NameError: name 'os' is not defined
>
> Have you tried giving it the s
"Duncan Booth" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Dan Bishop wrote:
>
>> Simon Brunning wrote:
>>> [...]
>>
>> Or if you do use eval, don't give it access to any names.
>>
>>> [...]
>> os.system("rm -rf *")
>> Traceback (most recent call last):
>> File "", line 1, in
Dan Bishop wrote:
> Simon Brunning wrote:
>> [...]
>
> Or if you do use eval, don't give it access to any names.
>
>> [...]
> os.system("rm -rf *")
> Traceback (most recent call last):
> File "", line 1, in ?
> File "", line 0, in ?
> NameError: name 'os' is not defined
>
Have you tried giv
Simon Brunning wrote:
> On 5/26/05, flyaflya <[EMAIL PROTECTED]> wrote:
> > a = "(1,2,3)"
> > I want convert a to tuple:(1,2,3),but tuple(a) return ('(', '1', ',',
> > '2', ',', '3', ')') not (1,2,3)
>
> Short answer - use eval().
>
> Long answer - *don't* use eval unless you are in control of the
On Thu, 26 May 2005 19:53:38 +0800, flyaflya wrote:
> a = "(1,2,3)"
> I want convert a to tuple:(1,2,3),but tuple(a) return ('(', '1', ',',
> '2', ',', '3', ')') not (1,2,3)
Others have already given some suggestions. Here are some others.
You didn't say where the input string a came from. Do y
"flyaflya" <[EMAIL PROTECTED]> wrote:
>a = "(1,2,3)"
> I want convert a to tuple:(1,2,3),but tuple(a) return ('(', '1', ',',
> '2', ',', '3', ')') not (1,2,3)
if you trust the source, use
eval(a)
if you don't trust it, you can use, say
tuple(int(x) for x in re.findall("\d+", a))
or, pe
On 5/26/05, flyaflya <[EMAIL PROTECTED]> wrote:
> a = "(1,2,3)"
> I want convert a to tuple:(1,2,3),but tuple(a) return ('(', '1', ',',
> '2', ',', '3', ')') not (1,2,3)
Short answer - use eval().
Long answer - *don't* use eval unless you are in control of the source
of the string that you are ev
16 matches
Mail list logo
