At 11:57 16/03/99 , Martijn Faassen wrote:
Eric Kidd wrote:
On Fri, Mar 12, 1999 at 06:26:42PM -0800, Bill Randle wrote:
This may be a newbie question, but I've loked thru the doc and didn't spot any obvious way to do this, short of an External Method.
I didn't find any other way, either. But here's an External Method you can use.
[snip external method]
I'm wondering; is there a reason why 'range' isn't accessible from DTML in the '_' namespace? Is the reason as you indicated in your external method, i.e. that you don't want people to generate vast ranges from DTML?
Just curious,
The reason if of course merory flooding attacks. A range that asks for a list of 3 billion items is a wee bit unpolite to the machine. A way of checking would be: RANGELIMIT = 1000 def SafeRange(iFirst, *args): if not len(args): iStart, iEnd, iStep = 0, iFirst, 1 elif len(args) == 1: iStart, iEnd, iStep = iFirst, args[0], 1 elif len(args) == 2: iStart, iEnd, iStep = iFirst, args[0], args[1] else: raise AttributeError, 'SafeRange() requires 1-3 int arguments' if iStep == 0: raise ValueError, 'zero step for SafeRange()' iLen = int((iEnd - iStart) / iStep) if iLen < 0: iLen = 0 if iLen >= RANGELIMIT: raise ValueError, 'SafeRange() too large' return range(iStart, iEnd, iStep) Maybe this should be part of the _ object. Can someone turn this into a patch and supply this to DC? I´m a bit short of time right now. -- M.J. Pieters, Web Developer | Antraciet http://www.antraciet.nl | Tel: +31-35-6254545 Fax: +31-35-6254555 | mailto:mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ------------------------------------------