|
Graham Dumpleton
graham.dumpleton at gmail.com
Thu Jun 21 19:03:12 EDT 2007
On 22/06/07, maker joe <makerjoe at gmail.com> wrote: > hi graham > how insecure is the following code > > exec "from %s import * " % 'test' > > if this is insecure what would be a secure alternative to get imported > vars/funcs at local namespace? In this case 'test' is a literal string. If it wasn't a literal string but somehow derived from user input it would be very dangerous. Anyway, you don't need to do that. Use: module = apache.import_module(module_name) and then reference via module rather than trying to do import '*' into local namespace. See documentation for import_module() in: http://www.modpython.org/live/current/doc-html/pyapi-apmeth.html BTW, never call modules 'test' as Python provides a standard module called that and thus you can get yourself in a knot when it somehow picks up the standard one and not yours. Graham > thank you > joseluis > > On 6/19/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote: > > Issue noted at: > > > > https://issues.apache.org/jira/browse/MODPYTHON-220 > > > > You should be able to use: > > > > somemodule = apache.import_module("somemodule") > > > > instead. > > > > Graham > > > > On 20/06/07, maker joe <makerjoe at gmail.com> wrote: > > > hi > > > how can i import a module from the current directory on a psp file > > > eg > > > test.psp > > > <% > > > import somemodule > > > %> > > > somemodule.py is at the same directory as test.psp > > > > > > the same works importing from a file.py > > > im using publisher and psp hanlers > > > python 2.5 modputhon 3.31 > > > > > > thanks > > > joseluis > > > _______________________________________________ > > > Mod_python mailing list > > > Mod_python at modpython.org > > > http://mailman.modpython.org/mailman/listinfo/mod_python > > > > > >
|