diff options
| author | bwarsaw | 1998-12-29 04:32:30 +0000 |
|---|---|---|
| committer | bwarsaw | 1998-12-29 04:32:30 +0000 |
| commit | 4c7544163a5ae72cc232903084d7816dbf70bd43 (patch) | |
| tree | 263a8e6bdb7c4a0e388e7e400b53673714ae1431 | |
| parent | 782d34e76fadd355051bcff78e9521af42603151 (diff) | |
| download | mailman-4c7544163a5ae72cc232903084d7816dbf70bd43.tar.gz mailman-4c7544163a5ae72cc232903084d7816dbf70bd43.tar.zst mailman-4c7544163a5ae72cc232903084d7816dbf70bd43.zip | |
Don't use eval() to turn a string into an int, use int() -- it's safer.
| -rw-r--r-- | Mailman/Cgi/handle_opts.py | 45 | ||||
| -rw-r--r-- | Mailman/Cgi/subscribe.py | 6 |
2 files changed, 24 insertions, 27 deletions
diff --git a/Mailman/Cgi/handle_opts.py b/Mailman/Cgi/handle_opts.py index f85694e9d..4cad556e2 100644 --- a/Mailman/Cgi/handle_opts.py +++ b/Mailman/Cgi/handle_opts.py @@ -203,32 +203,25 @@ exactly what happened to provoke this error.<p>''' " and your new password twice.") else: - # If keys don't exist, set them to whatever they were. (essentially - # a noop) - if form.has_key("digest"): - digest_value = eval(form["digest"].value) - else: - digest_value = list.GetUserOption(user, mm_cfg.Digests) - if form.has_key("mime"): - mime = eval(form["mime"].value) - else: - mime = list.GetUserOption(user, mm_cfg.DisableMime) - if form.has_key("dontreceive"): - dont_receive = eval(form["dontreceive"].value) - else: - dont_receive = list.GetUserOption(user, mm_cfg.DontReceiveOwnPosts) - if form.has_key("ackposts"): - ack_posts = eval(form["ackposts"].value) - else: - ack_posts = list.GetUserOption(user, mm_cfg.AcknowlegePosts) - if form.has_key("disablemail"): - disable_mail = eval(form["disablemail"].value) - else: - disable_mail = list.GetUserOption(user, mm_cfg.DisableDelivery) - if form.has_key("conceal"): - conceal = eval(form["conceal"].value) - else: - conceal = list.GetUserOption(user, mm_cfg.ConcealSubscription) + # if key doesn't exist, or its value can't be int()'ified, return the + # current value (essentially a noop) + def getval(key, default, form=form): + if form.has_key(key): + try: + return int(form[key].value) + except ValueError: + return default + return default + + useropt = list.GetUserOption + digest_value = getval('digest', useropt(user, mm_cfg.Digests)) + mime = getval('mime', useropt(user, mm_cfg.DisableMime)) + dont_receive = getval('dontreceive', + useropt(user, mm_cfg.DontReceiveOwnPosts)) + ack_posts = getval('ackposts', useropt(user, mm_cfg.AcknowlegePosts)) + disable_mail = getval('disablemail', + useropt(user, mm_cfg.DisableDelivery)) + conceal = getval('conceal', useropt(user, mm_cfg.ConcealSubscription)) if not form.has_key("digpw"): PrintResults("You must supply a password to change options.") diff --git a/Mailman/Cgi/subscribe.py b/Mailman/Cgi/subscribe.py index d331cf998..19fe2c738 100644 --- a/Mailman/Cgi/subscribe.py +++ b/Mailman/Cgi/subscribe.py @@ -135,7 +135,11 @@ def main(): results = results + "Your passwords did not match.<br>" if form.has_key("digest"): - digest = eval(form["digest"].value) + try: + digest = int(form['digest'].value) + except ValueError: + # TBD: Hmm, this shouldn't happen + digest = 0 if not list.digestable: digest = 0 |