Lines 54-59
Link Here
|
54 |
return (int(m.group(1)) / 255.0, int(m.group(2)) / 255.0, int(m.group(2)) / 255.0) |
54 |
return (int(m.group(1)) / 255.0, int(m.group(2)) / 255.0, int(m.group(2)) / 255.0) |
55 |
# any more ugly color definitions not compatible with pango_color_parse() ? |
55 |
# any more ugly color definitions not compatible with pango_color_parse() ? |
56 |
return string.strip(s) |
56 |
return string.strip(s) |
|
|
57 |
|
58 |
def eval_secure(s): |
59 |
return string.translate(s, string.maketrans("\"()", "___")) |
60 |
|
57 |
class Object : |
61 |
class Object : |
58 |
def __init__(self) : |
62 |
def __init__(self) : |
59 |
self.props = {"x" : 0, "y" : 0, "stroke" : "none"} |
63 |
self.props = {"x" : 0, "y" : 0, "stroke" : "none"} |
Lines 65-71
Link Here
|
65 |
sp2 = string.split(string.strip(s1), ":") |
69 |
sp2 = string.split(string.strip(s1), ":") |
66 |
if len(sp2) == 2 : |
70 |
if len(sp2) == 2 : |
67 |
try : |
71 |
try : |
68 |
eval("self." + string.replace(sp2[0], "-", "_") + "(\"" + string.strip(sp2[1]) + "\")") |
72 |
eval("self." + eval_secure(string.replace(sp2[0], "-", "_")) + |
|
|
73 |
"(\"" + eval_secure(string.strip(sp2[1])) + "\")") |
69 |
except AttributeError : |
74 |
except AttributeError : |
70 |
self.props[sp2[0]] = string.strip(sp2[1]) |
75 |
self.props[sp2[0]] = string.strip(sp2[1]) |
71 |
def x(self, s) : |
76 |
def x(self, s) : |
Lines 282-288
Link Here
|
282 |
def CopyProps(self, dest) : |
287 |
def CopyProps(self, dest) : |
283 |
# to be used to inherit group props to childs _before_ they get their own |
288 |
# to be used to inherit group props to childs _before_ they get their own |
284 |
for p in self.props.keys() : |
289 |
for p in self.props.keys() : |
285 |
sf = "dest." + string.replace(p, "-", "_") + "(\"" + str(self.props[p]) + "\")" |
290 |
sf = "dest." + eval_secure(string.replace(p, "-", "_")) + "(\"" + eval_secure(str(self.props[p])) + "\")" |
286 |
try : # accessor first |
291 |
try : # accessor first |
287 |
eval(sf) |
292 |
eval(sf) |
288 |
except : |
293 |
except : |
Lines 561-567
Link Here
|
561 |
o = Group() |
566 |
o = Group() |
562 |
stack.append(o) |
567 |
stack.append(o) |
563 |
else : |
568 |
else : |
564 |
s = string.capitalize(name) + "()" |
569 |
s = eval_secure(string.capitalize(name)) + "()" |
565 |
try : |
570 |
try : |
566 |
o = eval(s) |
571 |
o = eval(s) |
567 |
except : |
572 |
except : |
Lines 575-581
Link Here
|
575 |
ma = string.replace(a, "-", "_") |
580 |
ma = string.replace(a, "-", "_") |
576 |
# e.g. xlink:href -> xlink__href |
581 |
# e.g. xlink:href -> xlink__href |
577 |
ma = string.replace(ma, ":", "__") |
582 |
ma = string.replace(ma, ":", "__") |
578 |
s = "o." + ma + "(\"" + attrs[a] + "\")" |
583 |
s = "o." + eval_secure(ma) + "(\"" + eval_secure(attrs[a]) + "\")" |
579 |
try : |
584 |
try : |
580 |
eval(s) |
585 |
eval(s) |
581 |
except AttributeError, msg : |
586 |
except AttributeError, msg : |