On Mon, 13 Feb 2012 00:08:45 +0100 mar...@v.loewis.de wrote: > > >> b) of limited use for existing installations which won't use the API. > > > > Obviously it won't fix vulnerabilities due to some other API. If you > > propose other APIs we can also fix them. > > No, you are missing my point. I assume you proposed (even though you > didn't say so explicitly) that parse_qs gets an opt-in API change to > limit the number of parameters. If that is added, it will have no > effect on any existing applications, as they will all currently not > pass that parameter.
No, I said it would include a default value of (say) 1000 parameters. That default value would be applied to anyone doesn't use the new API. (the reason I'm proposing a new API is to allow people to change or disable the limit, in case they really want to pass a large number of parameters) Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
