[Patches] [ python-Patches-744104 ] Remove eval() from csv
SourceForge.net
noreply@sourceforge.net
Wed, 11 Jun 2003 19:26:32 -0700
Patches item #744104, was opened at 2003-05-27 02:43
Message generated for change (Comment added) made by montanaro
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=744104&group_id=5470
Category: Library (Lib)
Group: Python 2.3
Status: Open
Resolution: None
Priority: 6
Submitted By: Raymond Hettinger (rhettinger)
Assigned to: Andrew McNamara (andrewmcnamara)
Summary: Remove eval() from csv
Initial Comment:
The eval() step in the csv module can be eliminated,
resulting in better security, more clarity, and a little
speed.
The idea is to make successive attempts to coerce
the string to a python type:
int(s), long(s), float(s), etc.
This allows the logic to be controlled precisely and for
specific types to be included or excluded (unicode
types for instance).
The patch is attached and passes all regression
tests. It should also work fine under Py2.2.
----------------------------------------------------------------------
>Comment By: Skip Montanaro (montanaro)
Date: 2003-06-11 21:26
Message:
Logged In: YES
user_id=44345
I think this is fine though there's a typo:
# treat longs as ints
if thisType == long:
thisType == int
The last "==" should be "=". That this didn't trigger a test
failure suggests we need another test case.
Also, since the interpreter can conceivably be built without
complex types, the use of the complex builtin should probably
be guarded.
S
----------------------------------------------------------------------
Comment By: Raymond Hettinger (rhettinger)
Date: 2003-06-09 11:42
Message:
Logged In: YES
user_id=80475
Skip said it would be fine if you took care of this one.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=744104&group_id=5470