commit | 90d62ab0a175b8f3451ee74f29d5de83650e2292 | [log] [tgz] |
---|---|---|
author | Guido van Rossum <guido@python.org> | Wed Dec 10 22:35:02 1997 +0000 |
committer | Guido van Rossum <guido@python.org> | Wed Dec 10 22:35:02 1997 +0000 |
tree | 9791fc43c2a1f401cf44ca56cf8aaff435d91b87 | |
parent | e680546894ae6e5dffe8b6f6a6a17a56301033ae [diff] |
Since this module is used as a fallback in case no built-in modules have been configured, string.atof() should not fail when "import re" fails (usually because pcre is not there). This opens up a tiny security hole: *if* an attacker can make "import re" fail, they can also make string.atof(arbitrary_string) evaluate the arbitrary string. Nothing to keep me awake at night...