X-Git-Url: https://git.yukkurigames.com/?p=python-bulletml.git;a=blobdiff_plain;f=bulletml%2Fexpr.py;h=c7d40983dd620d5fa961f7fb70b5b1e7111f456c;hp=b72fa224f7ed49bb2f166582f0ee85176852e003;hb=HEAD;hpb=bf75a44b852c5b2f9ad74fbfd11e2907a94f76a4

diff --git a/bulletml/expr.py b/bulletml/expr.py
index b72fa22..c7d4098 100644
--- a/bulletml/expr.py
+++ b/bulletml/expr.py
@@ -11,6 +11,8 @@ import re
 
 from bulletml.errors import Error
 
+__all__ = ["ExprError", "NumberDef", "INumberDef"]
+
 class ExprError(Error):
     """Raised when an invalid expression is evaluated/compiled."""
     pass
@@ -19,7 +21,6 @@ class NumberDef(object):
     """BulletML numeric expression.
 
     This translates BulletML numeric expressions into Python expressions.
-    The 
 
     Examples:
     35
@@ -37,7 +38,13 @@ class NumberDef(object):
             expr = expr.string
         except AttributeError:
             pass
-        self.string = str(expr)
+        try:
+            if "__" in expr:
+                # nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
+                raise ExprError(expr)
+        except TypeError:
+            pass
+        self.string = expr = str(expr)
         repl = lambda match: "params[%d]" % (int(match.group()[1:]) - 1)
         expr = re.sub(r"\$\d+", repl, expr.lower())
         self.__expr = expr.replace("$rand", "random()").replace("$rank", "rank")
@@ -75,6 +82,7 @@ class INumberDef(NumberDef):
             self._value = int(round(self._value))
 
     def __call__(self, params, rank):
+        # Avoid int(round(__call__())) overhead for constants.
         if self._value is not None:
             return self._value
         return int(round(super(INumberDef, self).__call__(params, rank)))