[Python-Dev] Adding a maximum element count to parse_qs?
martin at v.loewis.de
martin at v.loewis.de
Mon Feb 13 00:08:45 CET 2012
>> It's an API change, so it is
>> a) in violation with current practice for bug fix releases, and
>
> We are already violating a lot of things in order to fix this issue.
Not really. There isn't any significant API change in the proposed patch
(the ones that are there are safe to ignore in applications).
There is, of course, a major behavior change, but that is deliberately
opt-in.
>> b) of limited use for existing installations which won't use the API.
>
> Obviously it won't fix vulnerabilities due to some other API. If you
> propose other APIs we can also fix them.
No, you are missing my point. I assume you proposed (even though you
didn't say so explicitly) that parse_qs gets an opt-in API change to
limit the number of parameters. If that is added, it will have no
effect on any existing applications, as they will all currently not
pass that parameter.
Regards,
Martin
More information about the Python-Dev
mailing list