Using regexes in DTML expressions
I'd like to be able to use a regex from the Python re module in a <dtml-if> tag expression, e.g. <dtml-if "_.re.search('(([Ps|Sc|S|C][i|y])|Sigh)Comp?', company_name)"> Pickled pink. </dtml-if> What is the easiest way to do something like this? Thanks, Ben
I'd like to be able to use a regex from the Python re module in a <dtml-if> tag expression, e.g.
<dtml-if "_.re.search('(([Ps|Sc|S|C][i|y])|Sigh)Comp?', company_name)"> Pickled pink. </dtml-if>
What is the easiest way to do something like this?
Edit DT_Util.py, changing line 200 from: import string, math, whrandom to import string, math, whrandom,re And after line 215: d['whrandom']=whrandom insert: d['re']=re (Line numbers refer to Zope 2.0.1, but the lines should be easily identifiable in other versions.) I cannot see any good reason why this change couldn't be included in the release so I will submit it to the collector. -- Duncan Booth duncan@dales.rmplc.co.uk int month(char *p){return(124864/((p[0]+p[1]-p[2]&0x1f)+1)%12)["\5\x8\3" "\6\7\xb\1\x9\xa\2\0\4"];} // Who said my code was obscure? http://dales.rmplc.co.uk/Duncan
On 11/10/99 4:46 AM, Duncan Booth at duncan@rcp.co.uk wrote:
I cannot see any good reason why this change couldn't be included in the release so I will submit it to the collector.
Remember that things aren't in the space for multiple reasons... *one* of them is resource issues. You can't us range because of this. 're' is another that can cause HUGE resource problems, as well as allowing people to easily (and accidentally, I've done it dozens of times) write regexs which are infinitely recursive and crash the server. Having said that, I suppose at some point in the future, it'd be nice to control exactly what is available in the name-space in a more flexible way, and let individual administrators decide. Chris -- | Christopher Petrilli Python Powered Digital Creations, Inc. | petrilli@digicool.com http://www.digicool.com
At 14:26 10/11/99 , Christopher Petrilli wrote:
On 11/10/99 4:46 AM, Duncan Booth at duncan@rcp.co.uk wrote:
I cannot see any good reason why this change couldn't be included in the release so I will submit it to the collector.
Remember that things aren't in the space for multiple reasons... *one* of them is resource issues. You can't us range because of this.
Actually, you can. I wrote a safe version of range, which has been incorporated into Zope since version 1.11.0 I believe. It is limited to a 1000 items. -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | Tel: +31-35-7502100 Fax: +31-35-7502111 | mailto:mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ------------------------------------------
On 11/10/99 4:46 AM, Duncan Booth at duncan@rcp.co.uk wrote:
I cannot see any good reason why this change couldn't be included in the release so I will submit it to the collector.
Remember that things aren't in the space for multiple reasons... *one* of them is resource issues. You can't us range because of this. 're' is another that can cause HUGE resource problems, as well as allowing people to easily (and accidentally, I've done it dozens of times) write regexs which are infinitely recursive and crash the server. Having said that, I suppose at some point in the future, it'd be nice to control exactly what is available in the name-space in a more flexible way, and let individual administrators decide.
I understand your point (although I cannot ever remember having that particular problem with a regex myself), but it is a great pity that you cannot safely include regular expressions in DTML methods. I wonder whether there is a 'safe' subset of regular expressions that may be easily detected and permitted while rejecting the potentially dangerous ones? Having said that I note that range is in fact permitted these days and limiting it to a maximum of 1000 prevents users accidentally killing the server, but does not prevent malicious use (or really unlucky use) as it can be nested. Equally DTML such as: <dtml-let s="'oops' * 1000 * 1000 * 10"> <dtml-var s> </dtml-let> I a very easy way to bring my system to its knees (for a little while at least, it does actually recover after a few minutes). I wonder whether there is any easy way to get Python to limit a particular thread's cpu time and/or memory usage. Unfortunately I suspect the answer is 'not without impacting performance'? -- Duncan Booth duncan@dales.rmplc.co.uk int month(char *p){return(124864/((p[0]+p[1]-p[2]&0x1f)+1)%12)["\5\x8\3" "\6\7\xb\1\x9\xa\2\0\4"];} // Who said my code was obscure? http://dales.rmplc.co.uk/Duncan
participants (4)
-
Ben Glazer -
Christopher Petrilli -
Duncan Booth -
Martijn Pieters