1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: Fix a security bug in the YAML emitter.
See https://bitbucket.org/jespern/django-piston/changeset/91bdaec89543
Forwarded: not-needed
Author: Michael Ziegler <diese-addy@funzt-halt.net>
Index: python-django-piston-0.2.2/piston/emitters.py
===================================================================
--- python-django-piston-0.2.2.orig/piston/emitters.py 2009-06-14 12:04:30.000000000 +0200
+++ python-django-piston-0.2.2/piston/emitters.py 2011-11-01 19:19:34.526595345 +0100
@@ -385,7 +385,7 @@
if yaml: # Only register yaml if it was import successfully.
Emitter.register('yaml', YAMLEmitter, 'application/x-yaml; charset=utf-8')
- Mimer.register(yaml.load, ('application/x-yaml',))
+ Mimer.register(yaml.safe_load, ('application/x-yaml',))
class PickleEmitter(Emitter):
"""
|
