[Python-Dev] Adding a maximum element count to parse_qs?
Antoine Pitrou
solipsis at pitrou.net
Mon Feb 13 00:19:16 CET 2012
On Mon, 13 Feb 2012 00:08:45 +0100
martin at v.loewis.de wrote:
>
> >> b) of limited use for existing installations which won't use the API.
> >
> > Obviously it won't fix vulnerabilities due to some other API. If you
> > propose other APIs we can also fix them.
>
> No, you are missing my point. I assume you proposed (even though you
> didn't say so explicitly) that parse_qs gets an opt-in API change to
> limit the number of parameters. If that is added, it will have no
> effect on any existing applications, as they will all currently not
> pass that parameter.
No, I said it would include a default value of (say) 1000 parameters.
That default value would be applied to anyone doesn't use the new API.
(the reason I'm proposing a new API is to allow people to change or
disable the limit, in case they really want to pass a large number of
parameters)
Regards
Antoine.
More information about the Python-Dev
mailing list