[Python-checkins] python/dist/src/Lib pickle.py,1.68,1.69

loewis@users.sourceforge.net loewis@users.sourceforge.net
2002年8月14日 00:46:55 -0700

• Previous message: [Python-checkins] python/dist/src/Include stringobject.h,2.35,2.36
• Next message: [Python-checkins] python/dist/src/Lib/test pickletester.py,1.17,1.18
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Update of /cvsroot/python/python/dist/src/Lib
In directory usw-pr-cvs1:/tmp/cvs-serv761/Lib
Modified Files:
	pickle.py 
Log Message:
Patch #505705: Remove eval in pickle and cPickle.
Index: pickle.py
===================================================================
RCS file: /cvsroot/python/python/dist/src/Lib/pickle.py,v
retrieving revision 1.68
retrieving revision 1.69
diff -C2 -d -r1.68 -r1.69
*** pickle.py	16 Jul 2002 19:47:43 -0000	1.68
--- pickle.py	14 Aug 2002 07:46:22 -0000	1.69
***************
*** 127,130 ****
--- 127,132 ----
 del x
 
+ _quotes = ["'", '"']
+ 
 class Pickler:
 
***************
*** 741,748 ****
 def load_string(self):
 rep = self.readline()[:-1]
! if not self._is_string_secure(rep):
 raise ValueError, "insecure string pickle"
! self.append(eval(rep,
! {'__builtins__': {}})) # Let's be careful
 dispatch[STRING] = load_string
 
--- 743,755 ----
 def load_string(self):
 rep = self.readline()[:-1]
! for q in _quotes:
! if rep.startswith(q):
! if not rep.endswith(q):
! raise ValueError, "insecure string pickle"
! rep = rep[len(q):-len(q)]
! break
! else:
 raise ValueError, "insecure string pickle"
! self.append(rep.decode("string-escape"))
 dispatch[STRING] = load_string
 

---

• Previous message: [Python-checkins] python/dist/src/Include stringobject.h,2.35,2.36
• Next message: [Python-checkins] python/dist/src/Lib/test pickletester.py,1.17,1.18
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]