Setting up xpath_sifter.py in config.ini

Harry Fuecks hfuecks at gmail.com
Sat Oct 21 09:04:44 EST 2006


Following on from
http://lists.planetplanet.org/archives/devel/2006-October/001189.html
- (thanks for fixing)

Is it possible to define the require / exclude xpath statements for
xpath_sifter.py on a per-feed basis in config.ini, under the sectiton
for ? It seems like they can only be defined once and are then applied
to all feeds, but I may have misunderstood. Dealing with two seperate
feeds now where there are multiple authors, but only want entries from
one of them in each case.

Also is it likely to be safe to allow the require / exclude rules to
be defined by untrusted sources - specifically worried about shell
command injection - it looks to me like an attempt to inject a command
via the options - perhaps something like require: ;rm * would bubble
through to some os.exec* function but not actually result in rm *
being executed, rather handled as an option.

I'm generating the config.ini file from contents of a wiki (described
here http://www.webtuesday.ch/wiki/planet) and trying to extend that
so people can add xpath_sifter.py rules in the same manner - wondering
how much input validation I need (hoping to avoid validating the xpath
expressions themselves)

Many thanks.


More information about the devel mailing list