New submission from SpaceOne: >>> from configparser import ConfigParser >>> from io import StringIO >>> from configparser import ConfigParser >>> c = ConfigParser() >>> c.add_section('foo]\nbar=baz\n[bar') >>> fd = StringIO() >>> c.write(fd) >>> print(fd.getvalue()) [foo] bar=baz [bar]
User input should always be validated. At least a ValueError should be raised if add_section() is called with a string containing anything like ']\x00\n[' or any other non-printable string. As this will always create a broken configuration or might lead to ini-injections. Otherwise ConfigParser cannot be used to write new config files without having deeper knowledge about the implementation. See also: http://bugs.python.org/issue23301 http://bugs.python.org/issue20923 ---------- components: Library (Lib) messages: 255270 nosy: spaceone priority: normal severity: normal status: open title: ConfigParser should never write broken configurations type: behavior versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 3.6 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25723> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com