On 27.06.2014 01:18, Cédric Krier wrote: > Hi, > > I would like to remove «safe_eval» for many reasons: > > - doesn't work on Python3 > - never be sure it was really safe > - in the past there was issue between minor version of Python > > So in some place it could be replaced by plain «eval» because there are > any security concern. In other place, it could be replaced by JSON or > PYSON strings. But there are one place where it can not, it is in the > module price_list. So I'm thinking about using «simpleeval» [1] which > looks like the right tool. I still need to find if it is possible to > make it use Decimal instead of float. > > Is someone has a better idea? > > [1] https://pypi.python.org/pypi/simpleeval >
Sounds good to me. I guess simpleeval would become a new dependency of just the product_price_list module and not trytond then? The author states that it does not currently work with python3 either. I did not see any compatibility issues yet though. I have some experience on supporting both python 2 and 3 with the same codebase, guess I'll look into submitting a pull request so this dependency does not become a hindrance on the move to python3.
