On Fri, 2009-10-09 at 12:21 -0700, davisd wrote: > Sorry for the public disclosure... I did email django security after > I posted. I'm just getting into this open source goodness and I'm not > really sure how it's supposed to operate yet. > > I did consult the documentation: > http://docs.djangoproject.com/en/dev/internals/contributing/ > > Jacob: > I'm running django from SVN > Python 2.6.2 > I believe the Operating system is moot- it's all in the python. > Linux kernel 2.6.31-11, but also 2.6.18.8 - > > I'm wondering if a multithreaded webserver setup would be more guarded > against this sort of thing? >
This bug has no effect on FreeBSD systems I've tested, so it looks like it is OS specific. FreeBSD 7.0, 7.1, 7.2 + python 2.5.4 work fine. > $ time python -c "from django.forms.fields import email_re; > email_re.match('viewx3dtextx26q...@yahoo.comx26latlngx3d15854521645943074058'); > import django; print django.VERSION" (1, 1, 0, 'final', 0) real 0m0.086s user 0m0.055s sys 0m0.029s Linux 2.6.27 + python 2.5.4 fails. > $ time python -c "from django.forms.fields import email_re; > email_re.match('viewx3dtextx26q...@yahoo.comx26latlngx3d15854521645943074058'); > import django; print django.VERSION" ^CTraceback (most recent call last): File "<string>", line 1, in <module> KeyboardInterrupt real 0m21.317s user 0m21.173s sys 0m0.044s Cheers Tom --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---