gh-136061: IDLE - update code in editor.Editor.load_extension #134874
Conversation
|
I believe that the 6 lines from 1205 to 1210 can be replaced by 2 lines -- an re.match and an f-string. I will submit an alternate proposal later. I believe that the input |
Misc/NEWS.d/next/Security/2025-05-29-03-24-18.gh-issue-134873.dziqkQ.rst
Outdated
Show resolved
Hide resolved
ZeroIntensity
added
type-security
|
@terryjreedy so should I leave the code for now, or should I go ahead
and replace with the re.match thing you are going to propose?
@ZeroIntensity so do you mean that active voice is preferred in
release notes? I can replace this specific case with the change that
you are suggesting, but I'm asking for advice in this aspect for
future News.
|
|
Yes, I think it can be. Will fix.
… Message ID: ***@***.***>
|
|
@johnzhou721 Lines 1373 to 1378 in 5ab66a8 As an example, I successfully utilized Gemini 2.5 Pro to generate a reasonable fix for this problem. Could you give it a try? |
|
@kexinoh Yes, I would give it a try once I have time; however, I am working on something else right now -- is it acceptable if I delay this by about a day or so? (if anyone else has a fix ready before I get to this, feel free to make a pr onto the branch of my pr and I'll merge it into my PR) |
…dziqkQ.rst Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
|
@kexinoh I have a small amount of time not enough to work on anything else before I end my day so I attempted the issue you pointed out -- but can't test though. |
Where? How? For what? Thanks! @ZeroIntensity |
We need a test case in |
terryjreedy
changed the title
|
Still need to delete Security blurb and add IDLE blurb and news items. However
remote: Permission to johnzhou721/cpython.git denied to terryjreedy. This is my standard pr revision push template. with pr#, @zware Do you have any idea what is wrong? Is the fact that johnzhou forked from somewhere else than python/cpython relevant? Edit: deleted blurb on View files page. Unfortunately, that triggers retest, which will fail because no blurb. Blurb-it failed also due to lack of access to PR. |
serhiy-storchaka
changed the title
|
@terryjreedy Thanks for looking into this issue and resolving my suspicions. I will be blurbing it. |
There was a problem hiding this comment.
Please make a change and an addition. Change the blurb to say
Update code in editor.Editor.load_extension. Patch by johnzhou and Zachary Ware.
Then add the same + the prefex gh-134873: to 'idlelib/News3.txt'. The result should be that the top 10 lines of the file looks like the following, with 2 blank lines above and 1 below the addition. (These blank lines matter as they enable clean backports!)
What's New in IDLE 3.14.0
(since 3.13.0)
Released on 2025-10-07
=========================
gh-134873: Update code in editor.Editor.load_extension.
Patch by johnzhou and Zachary Ware.
gh-112936: IDLE - Include Shell menu in single-process mode,
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
|
Is it needed? This change is mainly cosmetic, it has almost no effect on users. |
There was a problem hiding this comment.
After further review, I realize that we can replace 6 lines with one line to convert string vevent to string methodname in one expression that serves as a 'template' of the changes needed. See comment.
@serhiy-storchaka I don't think this change is needed as a security feature. To me, it makes the code a bit easier to read and understand.
If you veto merging the change (and close the issue as "won't fix"), I would instead want to add and merge a comment as to the equivalent expression, for whenever I or someone were to do a more thorough review of the extension functions. (I already noticed that load failure prints "Failed to import extension" to console twice, and aborts IDLE startup. Since essential IDLE functions were converted from 'extensions' to normal features years ago, stopping is no longer appropriate.)
|
Sorry for my unclear comment. I see now that it can be be interpreted incorrectly. I questioned not the change (which LGTM), but necessary of the NEWS entry for it. |
|
I have made the requested changes; please review again FYI: I credited @terryjreedy as well since they came up with the approach for combining it into all one line. (@terryjreedy: not sure about your pronouns, sorry for using they) |
|
Thanks for making the requested changes! @terryjreedy: please review the changes made to this pull request. |
My suspicion would be that the push to |
Misc/NEWS.d/next/IDLE/2025-06-28-13-29-52.gh-issue-136061.EQYuVW.rst
Outdated
Show resolved
Hide resolved
Co-authored-by: Zachary Ware <zachary.ware@gmail.com>
Co-authored-by: Zachary Ware <zachary.ware@gmail.com>
A DOS by Quadratic complexity issue is fixed in idlelib. Part of (but does not fix) #134873.