details: http://www.bx.psu.edu/hg/galaxy/rev/4b0e9e727dbf changeset: 3174:4b0e9e727dbf user: jeremy goecks <jeremy.goecks@emory.edu> date: Mon Dec 14 10:33:39 2009 -0500 description: Make code easier to read and more secure: replace eval() with getattr(). diffstat: lib/galaxy/web/framework/helpers/grids.py | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diffs (13 lines): diff -r f7dee0438854 -r 4b0e9e727dbf lib/galaxy/web/framework/helpers/grids.py --- a/lib/galaxy/web/framework/helpers/grids.py Fri Dec 11 11:11:15 2009 -0500 +++ b/lib/galaxy/web/framework/helpers/grids.py Mon Dec 14 10:33:39 2009 -0500 @@ -334,8 +334,7 @@ return query def get_filter( self, column_filter ): """ Returns a SQLAlchemy criterion derived from column_filter. """ - # This is a pretty ugly way to get the key attribute of model_class. TODO: Can this be fixed? - model_class_key_field = eval( "self.model_class." + self.key ) + model_class_key_field = getattr( self.model_class, self.key ) if isinstance( column_filter, basestring ): return func.lower( model_class_key_field ).like( "%" + column_filter.lower() + "%" )