On 11/6/07, Jose Galvez <[EMAIL PROTECTED]> wrote:
>
> you could add
> for k,v in request.params:
> locals()[k] = v
> to the top f your functions
>
> this would inject the variable names into your functions do you could
> use them directly.
You can't modify local variables via locals(). Local variables are
implemented as an array with the names converted to subscripts at
compile time. The only exception is if the function contains an
'eval', which is slow and insecure (if the arg is untrusted).
===x1,py===
def test():
locals()["k"] = "v"
print k
if __name__ == "__main__": test()
===
$ python /tmp/x.py
Traceback (most recent call last):
File "/tmp/x.py", line 5, in <module>
if __name__ == "__main__": test()
File "/tmp/x.py", line 3, in test
print k
NameError: global name 'k' is not defined
If you put "k = 2" before the locals() call, it will print 2.
> I don't know what security risks this will bring up
A user might override one of your variables like 'filename_to_delete'.
--
Mike Orr <[EMAIL PROTECTED]>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
