[Python-checkins] python/dist/src/Modules _codecsmodule.c,2.13,2.14 cPickle.c,2.94,2.95
loewis@users.sourceforge.net
loewis@users.sourceforge.net
Wed, 14 Aug 2002 00:46:58 -0700
Update of /cvsroot/python/python/dist/src/Modules
In directory usw-pr-cvs1:/tmp/cvs-serv761/Modules
Modified Files:
_codecsmodule.c cPickle.c
Log Message:
Patch #505705: Remove eval in pickle and cPickle.
Index: _codecsmodule.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Modules/_codecsmodule.c,v
retrieving revision 2.13
retrieving revision 2.14
diff -C2 -d -r2.13 -r2.14
*** _codecsmodule.c 2 Aug 2002 02:27:13 -0000 2.13
--- _codecsmodule.c 14 Aug 2002 07:46:24 -0000 2.14
***************
*** 72,76 ****
}
- #ifdef Py_USING_UNICODE
/* --- Helpers ------------------------------------------------------------ */
--- 72,75 ----
***************
*** 98,101 ****
--- 97,143 ----
}
+ /* --- String codecs ------------------------------------------------------ */
+ static PyObject *
+ escape_decode(PyObject *self,
+ PyObject *args)
+ {
+ const char *errors = NULL;
+ const char *data;
+ int size;
+
+ if (!PyArg_ParseTuple(args, "s#|z:escape_decode",
+ &data, &size, &errors))
+ return NULL;
+ return codec_tuple(PyString_DecodeEscape(data, size, errors, 0, NULL),
+ size);
+ }
+
+ static PyObject *
+ escape_encode(PyObject *self,
+ PyObject *args)
+ {
+ PyObject *str;
+ const char *errors = NULL;
+ char *buf;
+ int len;
+
+ if (!PyArg_ParseTuple(args, "O!|z:escape_encode",
+ &PyString_Type, &str, &errors))
+ return NULL;
+
+ str = PyString_Repr(str, 0);
+ if (!str)
+ return NULL;
+
+ /* The string will be quoted. Unquote, similar to unicode-escape. */
+ buf = PyString_AS_STRING (str);
+ len = PyString_GET_SIZE (str);
+ memmove(buf, buf+1, len-2);
+ _PyString_Resize(&str, len-2);
+
+ return codec_tuple(str, PyString_Size(str));
+ }
+
+ #ifdef Py_USING_UNICODE
/* --- Decoder ------------------------------------------------------------ */
***************
*** 670,673 ****
--- 712,717 ----
{"register", codecregister, METH_VARARGS},
{"lookup", codeclookup, METH_VARARGS},
+ {"escape_encode", escape_encode, METH_VARARGS},
+ {"escape_decode", escape_decode, METH_VARARGS},
#ifdef Py_USING_UNICODE
{"utf_8_encode", utf_8_encode, METH_VARARGS},
Index: cPickle.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Modules/cPickle.c,v
retrieving revision 2.94
retrieving revision 2.95
diff -C2 -d -r2.94 -r2.95
*** cPickle.c 13 Aug 2002 22:20:40 -0000 2.94
--- cPickle.c 14 Aug 2002 07:46:26 -0000 2.95
***************
*** 2865,2872 ****
{
PyObject *str = 0;
! int len, res = -1, nslash;
! char *s, q, *p;
!
! static PyObject *eval_dict = 0;
if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
--- 2865,2870 ----
{
PyObject *str = 0;
! int len, res = -1;
! char *s, *p;
if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
***************
*** 2874,2908 ****
if (!( s=pystrndup(s,len))) return -1;
! /* Check for unquoted quotes (evil strings) */
! q=*s;
! if (q != '"' && q != '\'') goto insecure;
! for (p=s+1, nslash=0; *p; p++) {
! if (*p==q && nslash%2==0) break;
! if (*p=='\\') nslash++;
! else nslash=0;
! }
! if (*p == q) {
! for (p++; *p; p++)
! if (*(unsigned char *)p > ' ')
! goto insecure;
! }
! else
goto insecure;
/********************************************/
! if (!( eval_dict ))
! if (!( eval_dict = Py_BuildValue("{s{}}", "__builtins__")))
! goto finally;
!
! if (!( str = PyRun_String(s, Py_eval_input, eval_dict, eval_dict)))
! goto finally;
!
! free(s);
! PDATA_PUSH(self->stack, str, -1);
! return 0;
!
! finally:
free(s);
-
return res;
--- 2872,2897 ----
if (!( s=pystrndup(s,len))) return -1;
!
! /* Strip outermost quotes */
! while (s[len-1] <= ' ')
! len--;
! if(s[0]=='"' && s[len-1]=='"'){
! s[len-1] = '\0';
! p = s + 1 ;
! len -= 2;
! } else if(s[0]=='\'' && s[len-1]=='\''){
! s[len-1] = '\0';
! p = s + 1 ;
! len -= 2;
! } else
goto insecure;
/********************************************/
! str = PyString_DecodeEscape(p, len, NULL, 0, NULL);
! if (str) {
! PDATA_PUSH(self->stack, str, -1);
! res = 0;
! }
free(s);
return res;