Branko Cibej wrote:
> Mathias Weinert wrote:
> > Branko Cibej wrote:
> >>
> >> $ python
> >> Python 2.4.2 (#67, Sep 28 2005, 12:41:11) [MSC v.1310 32 bit (Intel)] on win32
> >> Type "help", "copyright", "credits" or "license" for more information.
> >>
> >>>>> p = eval("['this', 'is', 'a', 'list', 'of', 'strings']")
> >>>>> print p
> >>>>>
> >> ['this', 'is', 'a', 'list', 'of', 'strings']
> >>
> >>>>> print ' '.join(p)
> >>>>>
> >> this is a list of strings
> >>
> >>>>> ^Z
> >>>>>
> >> I fail to see how it could be simpler.
> >>
> >>
> >
> > This is indeed a very simple solution and, believe it or not,
> > I also found this solution. But after doing some more
> > research I discovered that this is a big security hole because
> > with the eval function any Python code could be executed!
> >
> Heh, whoever has access to mailer.conf presumably has access to
> mailer.py as well, so that's not much of a problem, IMHO.
>
Agreed. But we cannot be sure that this is the case all the time.
IMHO, I would not open a possible security hole (even if it's very
unlike that it can be used to do any harm) as long as there is an
other possibility to achieve a similar result.
My favourite solution is to allow to define the split character in front
of the mail addresses. For me
to_addr = [,] "Wallace" <wallace@atanyaddress>, "Grommit" <grommit@same>
would be okay.
Mathias
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Jun 9 12:47:33 2006