On Oct 23, 2009, at 3:00 PM, Yuen Ho Wong wrote:
>
> Yuen Ho Wong <wyue...@gmail.com> added the comment:
>
> Ok I wasn't sure what security hole you were referring to, now I
> understand better.
>
> Here's a pseudo code solution:
>
> if isinstance(who_userid, int):
> who_userid = "int(" + who_userid + ")"
> elif isinstance(who_userid, float):
> who_userid = "float(" + who_userid + ")"
> elif isinstance(who_userid, str):
> pass
> else:
> raise ValueError
>
> When you parse the cookie, just do eval(). When the type is a str,
> check the global charset var
> for an appropriate charset to decode to. Is this an accceptable
> solution?
You aren't serious are you? I hope not 8^)
-Casey
_______________________________________________
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev
