Mathias Weinert wrote:
> Branko Cibej wrote:
>
>> Mathias Weinert wrote:
>>
>>> Branko Cibej wrote:
>>>
>>>
>>>> Mathias Weinert wrote:
>>>>
>>>>
>>>>> Adding a new option 'to_addrs' is okay for me. So the following questions
>>>>> have to be answered:
>>>>>
>>>>> o Do we use to_addr only if to_addrs isn't set or do we combine them?
>>>>> -> I would say use only one of them.
>>>>>
>>>>> o Which character will be used for splitting?
>>>>> -> Although several (most) mail clients use ',' I could also accept to
>>>>> use the semicolon ';'. So is it ',' or ';'?
>>>>>
>>>>> o Do we want to use your code example to make the splitting process more
>>>>> smart?
>>>>> -> In order to not make it too complicated I would say 'No' (although
>>>>> I appreciate your code example).
>>>>>
>>>>> What do you think?
>>>>>
>>>>>
>>>>>
>>>> I think it's a waste of time to write this kind of parser in Python. :)
>>>>
>>>> Teach mailer.py to expect a Python list in the to_addr option it the
>>>> character in the option value is a bracket. So, if you write:
>>>>
>>>> to_addr = [ 'list',
>>>> 'of',
>>>> 'mail',
>>>> 'addresses' ]
>>>>
>>>> you can simply evaluate the option's value and get a Python list object.\
>>>> On the con side, the list elements would have to be valid Python
>>>> strings, using Python's quoting rules.
>>>>
>>>>
>>> At first thought, yes, great idea. No changes of config file needed
>>> (except a comment about the new feature), no deprecation and my goal
>>> achieved.
>>>
>>> But then I tried to implement the "you can simply evaluate
>>> the option's value and get a Python list object." idea...
>>> After doing some internet research I found out that there doesn't seem
>>> to be any simple way to do this.
>>>
>>> So unless you are able to tell me how to simply do the string to list
>>> conversion we have to find another solution.
>>>
>>>
>> So much for "internet research," then.
>>
>> $ python
>> Python 2.4.2 (#67, Sep 28 2005, 12:41:11) [MSC v.1310 32 bit (Intel)] on win32
>> Type "help", "copyright", "credits" or "license" for more information.
>>
>>>>> p = eval("['this', 'is', 'a', 'list', 'of', 'strings']")
>>>>> print p
>>>>>
>> ['this', 'is', 'a', 'list', 'of', 'strings']
>>
>>>>> print ' '.join(p)
>>>>>
>> this is a list of strings
>>
>>>>> ^Z
>>>>>
>> I fail to see how it could be simpler.
>>
>>
>
> This is indeed a very simple solution and, believe it or not,
> I also found this solution. But after doing some more
> research I discovered that this is a big security hole because
> with the eval function any Python code could be executed!
>
Heh, whoever has access to mailer.conf presumably has access to
mailer.py as well, so that's not much of a problem, IMHO.
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jun 9 12:15:49 2006