Re: [jokosher-devel] Jokosher Security Vulnerability

On Wednesday 27 September 2006 11:52, Nick Murtagh wrote:
> exec is yucky.


> Why not replace
>     exec("target_object.%s"%func)
> with
>     getattr(target_object, func)()
> There should probably be a try except around that in case target_object
> is None or func isn't a method or target_object.

I like the sound of using getattr or possibly hasattr as a way of guaranteeing 
what's there is valid. I think we are also passing parameters through func 
which complicates things a bit but that's probably just a bit of parsing.
John Green

john thegreens co uk

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]