Description: Fix a security bug in the pickle loader.
 See Bug Report #646517
Forwarded: not-needed
Author: Michael Ziegler <diese-addy@funzt-halt.net>

Index: python-django-piston-0.2.2/piston/emitters.py
===================================================================
--- python-django-piston-0.2.2.orig/piston/emitters.py	2011-11-02 18:16:16.685560613 +0100
+++ python-django-piston-0.2.2/piston/emitters.py	2011-11-02 18:17:07.451559769 +0100
@@ -395,7 +395,17 @@
         return pickle.dumps(self.construct())
         
 Emitter.register('pickle', PickleEmitter, 'application/python-pickle')
-Mimer.register(pickle.loads, ('application/python-pickle',))
+
+"""
+WARNING: Accepting arbitrary pickled data is a huge security concern.
+The unpickler has been disabled by default now, and if you want to use
+it, please be aware of what implications it will have.
+
+Read more: http://nadiana.com/python-pickle-insecure
+
+Uncomment the line below to enable it. You're doing so at your own risk.
+"""
+#Mimer.register(pickle.loads, ('application/python-pickle',))
 
 class DjangoEmitter(Emitter):
     """