At Barry's suggestion, plug the security leak by using an empty

__builtins__ for all calls to eval().  This still allows someone to
write string.atof("[1]*1000000") (which Jim Fulton worries about) but
effectively disables access to system modules and functions.

0 files changed, 0 insertions, 0 deletions