[Zope] sequence of numbers
Martijn Pieters
mj@antraciet.nl
Tue, 16 Mar 1999 12:58:15 +0100
At 11:57 16/03/99 , Martijn Faassen wrote:
>Eric Kidd wrote:
>>
>> On Fri, Mar 12, 1999 at 06:26:42PM -0800, Bill Randle wrote:
>> > This may be a newbie question, but I've loked thru the doc and didn't
>> > spot any obvious way to do this, short of an External Method.
>>
>> I didn't find any other way, either. But here's an External Method you can
>> use.
>
>[snip external method]
>
>I'm wondering; is there a reason why 'range' isn't accessible from DTML
>in the '_' namespace? Is the reason as you indicated in your external
>method, i.e. that you don't want people to generate vast ranges from
>DTML?
>
>Just curious,
The reason if of course merory flooding attacks. A range that asks for a
list of 3 billion items is a wee bit unpolite to the machine.
A way of checking would be:
RANGELIMIT = 1000
def SafeRange(iFirst, *args):
if not len(args):
iStart, iEnd, iStep = 0, iFirst, 1
elif len(args) == 1:
iStart, iEnd, iStep = iFirst, args[0], 1
elif len(args) == 2:
iStart, iEnd, iStep = iFirst, args[0], args[1]
else:
raise AttributeError, 'SafeRange() requires 1-3 int arguments'
if iStep == 0: raise ValueError, 'zero step for SafeRange()'
iLen = int((iEnd - iStart) / iStep)
if iLen < 0: iLen = 0
if iLen >= RANGELIMIT: raise ValueError, 'SafeRange() too large'
return range(iStart, iEnd, iStep)
Maybe this should be part of the _ object. Can someone turn this into a
patch and supply this to DC? I´m a bit short of time right now.
--
M.J. Pieters, Web Developer
| Antraciet http://www.antraciet.nl
| Tel: +31-35-6254545 Fax: +31-35-6254555
| mailto:mj@antraciet.nl http://www.antraciet.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
------------------------------------------