[issue21832] collections.namedtuple does questionable things when passed questionable arguments

2014-06-24 Thread Roundup Robot
Roundup Robot added the comment: New changeset 958e8bebda6d by Raymond Hettinger in branch '3.4': Add news entry for #21832 http://hg.python.org/cpython/rev/958e8bebda6d -- ___ Python tracker __

[issue21832] collections.namedtuple does questionable things when passed questionable arguments

2014-06-24 Thread Roundup Robot
Roundup Robot added the comment: New changeset c238d2899d47 by Raymond Hettinger in branch '3.4': Issue 21832: Require named tuple inputs to be exact strings http://hg.python.org/cpython/rev/c238d2899d47 New changeset 5c60dd518182 by Raymond Hettinger in branch '3.4': Issue 21832: Require name

[issue21832] collections.namedtuple does questionable things when passed questionable arguments

2014-06-24 Thread Raymond Hettinger
Raymond Hettinger added the comment: I'll add the 3.4 and 3.5 as well plus a Misc/NEWS item shortly. -- resolution: -> fixed status: open -> closed ___ Python tracker ___ __

[issue21832] collections.namedtuple does questionable things when passed questionable arguments

2014-06-24 Thread Roundup Robot
Roundup Robot added the comment: New changeset 30063f97a44d by Raymond Hettinger in branch '2.7': Issue 21832: Require named tuple inputs to be exact strings http://hg.python.org/cpython/rev/30063f97a44d -- nosy: +python-dev ___ Python tracker

[issue21832] collections.namedtuple does questionable things when passed questionable arguments

2014-06-24 Thread Raymond Hettinger
Raymond Hettinger added the comment: ISTM that in order to run you code, a person already has to have the ability to run arbitrary code. The purpose of the existing checks was to support the use-case where the field names are taken from the header line of CSV files. I would be happy to add a

[issue21832] collections.namedtuple does questionable things when passed questionable arguments

2014-06-24 Thread Raymond Hettinger
Changes by Raymond Hettinger : -- versions: -Python 3.1, Python 3.2, Python 3.3 ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue21832] collections.namedtuple does questionable things when passed questionable arguments

2014-06-24 Thread Raymond Hettinger
Changes by Raymond Hettinger : -- assignee: -> rhettinger ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http

[issue21832] collections.namedtuple does questionable things when passed questionable arguments

2014-06-24 Thread STINNER Victor
STINNER Victor added the comment: IMO we should rewrite the implementation of namedtuple to avoid completly eval(). But there is the problem of the _source attribute: #19640. -- nosy: +haypo ___ Python tracker ___

[issue21832] collections.namedtuple does questionable things when passed questionable arguments

2014-06-23 Thread Benjamin Peterson
Changes by Benjamin Peterson : -- nosy: +rhettinger ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue21832] collections.namedtuple does questionable things when passed questionable arguments

2014-06-23 Thread Kevin Norris
New submission from Kevin Norris: Code such as this: class Foo: def __str__(self): # Perhaps this value comes from user input, or # some other unsafe source return something_untrusted def isidentifier(self): # Perhaps it returns