[Zope] sequence of numbers

Martijn Pieters mj@antraciet.nl
Tue, 16 Mar 1999 12:58:15 +0100


At 11:57 16/03/99 , Martijn Faassen wrote:
>Eric Kidd wrote:
>> 
>> On Fri, Mar 12, 1999 at 06:26:42PM -0800, Bill Randle wrote:
>> > This may be a newbie question, but I've loked thru the doc and didn't
>> > spot any obvious way to do this, short of an External Method.
>> 
>> I didn't find any other way, either. But here's an External Method you can
>> use.
>
>[snip external method]
>
>I'm wondering; is there a reason why 'range' isn't accessible from DTML
>in the '_' namespace? Is the reason as you indicated in your external
>method, i.e. that you don't want people to generate vast ranges from
>DTML?
>
>Just curious,

The reason if of course merory flooding attacks. A range that asks for a
list of 3 billion items is a wee bit unpolite to the machine.

A way of checking would be:

RANGELIMIT = 1000

def SafeRange(iFirst, *args):
    if not len(args):
        iStart, iEnd, iStep = 0, iFirst, 1
    elif len(args) == 1:
        iStart, iEnd, iStep = iFirst, args[0], 1
    elif len(args) == 2:
        iStart, iEnd, iStep = iFirst, args[0], args[1]
    else:
        raise AttributeError, 'SafeRange() requires 1-3 int arguments'
    
    if iStep == 0: raise ValueError, 'zero step for SafeRange()'
    
    iLen = int((iEnd - iStart) / iStep)
    if iLen < 0: iLen = 0
    
    if iLen >= RANGELIMIT: raise ValueError, 'SafeRange() too large'
    
    return range(iStart, iEnd, iStep)

Maybe this should be part of the _ object. Can someone turn this into a
patch and supply this to DC? I´m a bit short of time right now.

--
M.J. Pieters, Web Developer
| Antraciet http://www.antraciet.nl
| Tel: +31-35-6254545 Fax: +31-35-6254555
| mailto:mj@antraciet.nl http://www.antraciet.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
------------------------------------------