On Oct 23, 2009, at 3:00 PM, Yuen Ho Wong wrote: > > Yuen Ho Wong <wyue...@gmail.com> added the comment: > > Ok I wasn't sure what security hole you were referring to, now I > understand better. > > Here's a pseudo code solution: > > if isinstance(who_userid, int): > who_userid = "int(" + who_userid + ")" > elif isinstance(who_userid, float): > who_userid = "float(" + who_userid + ")" > elif isinstance(who_userid, str): > pass > else: > raise ValueError > > When you parse the cookie, just do eval(). When the type is a str, > check the global charset var > for an appropriate charset to decode to. Is this an accceptable > solution?
You aren't serious are you? I hope not 8^) -Casey _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev