filenames generated are easily predictable, it is possible to trick an
unsuspecting program into overwriting another file by creating a
symbolic link with the predicted name. Fix this by using the
low-level os.open() function with the O_EXCL flag and mode 0700. On
non-Unix platforms, presumably there are no symbolic links so the
problem doesn't exist. The explicit test for Unix (posix, actually)
makes it possible to change the non-Unix logic to work without a
try-except clause.
The mktemp() file is as unsafe as ever.
"""
I've attached a long overdue patch to pickle.py to bring it to format
1.3, which is the same as 1.2 except that the binary float format
is supported. This is done using the new platform-indepent format
features of struct.
This patch also gets rid of the undocumented obsolete Pickler
dump_special method.
"""
"""
Jochen Hayek has reported a problem with some versions of IMAP4
servers that choose to mix the case in their CAPABILITIES response.
The patch below fixes the problem.
"""
"""
The FieldStorage constructor calls the read_multi method. The read_multi
method creates new FieldStorage objects, re-invoking the constructor
(on the new objects). The problem is that the 'environ', 'keep_blank_values',
and 'strict_parsing' arguments originally passed to the constructor are not
propigated to the new object constructors. This causes os.environ to be used,
leading to a miss-handling of the parts.
I fixed this by passing these arguments to read_multi and then on to the
constructor. See the context diff below.
"""
assign the exception info to sys.last_{type,value,traceback}. That
way, an introspective Tkinter app can inspect its own stack trace.
(The controversy is that it would keep some objects alive, but that's
probably no big deal.)
Fix bug in NoDefaultRoot() -- _default_root wasn't declared global;
and made it reentrant.
Don't set _default_root to whatever master gets passed in to
BaseWidget._setup() (only set it when we need to create a new Tk()
widget).
there's a syntax error. (In particular, display the correct
filename). This changes the API: if there's a syntax error, the
function now returns normally after dumping the error to sys.stderr.
I changed Sjoerd's use of string.join(string.split(...)) with
string.replace().
Added a debug function to replace 'print' statements.
Ensured that response attached to 'NO' replies is passed back.
added readonly exception.
Rearranged method order into types.
Ensure select returns a meaningful error on 'NO'.
'NO' returns from authenticate and login raise error with last message,
not list.
1. Generate a correct Content-Length header visible through the info() method
if a request to open an FTP URL gets a length in the response to RETR.
2. Take a third argument to urlretrieve() that makes it possible to progress-
meter an urlretrieve call (this is what I needed the above change for).
See the second patch band below for details.
3. To avoid spurious errors, I commented out the gopher test. The target
document no longer exists.
InteractiveInterpreter, which handles parsing and interpreter state
but doesn't know deal with buffering or prompting or input file
naming. And a derived class, InteractiveConsole, which adds buffering
and prompting and supports setting the filename once. Also tweak the
algorithm in compile_command() a bit so that input consisting of all
blank lines or comments always succeeds immediately, and note the fact
that apart from SyntaxError it can also raise OverflowError.
Windows. If sys.stdin doesn't appear to be a real file (characterized
by having a working fileno()), don't use any console specific methods
-- go straight to the default.
function is only used when running the calibration code, and it turns
out that recent changes in the timing code caused this statement to
raise an exception.
there's an __getinitargs__() method), if a TypeError occurs, catch and
reraise it but add info to the error about the class name being
instantiated. This makes debugging a lot easier if __getinitargs__()
returns something bogus (e.g. a string instead of a singleton tuple).
and without a message number argument: the argument was called 'msg'
but the code expected it to be called 'which'. In line with the other
methods, I've renamed the argument to 'which', and adapted the doc
string not to refer to 'msg'.