[Python-checkins] python/dist/src/Lib pickle.py,1.68,1.69
loewis@users.sourceforge.net
loewis@users.sourceforge.net
Wed, 14 Aug 2002 00:46:55 -0700
Update of /cvsroot/python/python/dist/src/Lib
In directory usw-pr-cvs1:/tmp/cvs-serv761/Lib
Modified Files:
pickle.py
Log Message:
Patch #505705: Remove eval in pickle and cPickle.
Index: pickle.py
===================================================================
RCS file: /cvsroot/python/python/dist/src/Lib/pickle.py,v
retrieving revision 1.68
retrieving revision 1.69
diff -C2 -d -r1.68 -r1.69
*** pickle.py 16 Jul 2002 19:47:43 -0000 1.68
--- pickle.py 14 Aug 2002 07:46:22 -0000 1.69
***************
*** 127,130 ****
--- 127,132 ----
del x
+ _quotes = ["'", '"']
+
class Pickler:
***************
*** 741,748 ****
def load_string(self):
rep = self.readline()[:-1]
! if not self._is_string_secure(rep):
raise ValueError, "insecure string pickle"
! self.append(eval(rep,
! {'__builtins__': {}})) # Let's be careful
dispatch[STRING] = load_string
--- 743,755 ----
def load_string(self):
rep = self.readline()[:-1]
! for q in _quotes:
! if rep.startswith(q):
! if not rep.endswith(q):
! raise ValueError, "insecure string pickle"
! rep = rep[len(q):-len(q)]
! break
! else:
raise ValueError, "insecure string pickle"
! self.append(rep.decode("string-escape"))
dispatch[STRING] = load_string