34 lines
1.6 KiB
Diff
34 lines
1.6 KiB
Diff
diff -aruN reportlab-3.4.0/src/reportlab/platypus/paraparser.py reportlab-3.4.0.alma/src/reportlab/platypus/paraparser.py
|
|
--- reportlab-3.4.0/src/reportlab/platypus/paraparser.py 2017-03-07 13:17:00
|
|
+++ reportlab-3.4.0.alma/src/reportlab/platypus/paraparser.py 2023-10-18 15:29:30
|
|
@@ -841,7 +841,11 @@
|
|
v = '\0'
|
|
elif 'code' in attr:
|
|
try:
|
|
- v = int(eval(attr['code']))
|
|
+ v = attr['code'].lower()
|
|
+ if v.startswith('0x'):
|
|
+ v = int(v,16)
|
|
+ else:
|
|
+ v = int(v,0) #treat as a python literal would be
|
|
v = chr(v) if isPy3 else unichr(v)
|
|
except:
|
|
self._syntax_error('<unichar/> invalid code attribute %s' % ascii(attr['code']))
|
|
diff -aruN reportlab-3.4.0/tests/test_platypus_paragraphs.py reportlab-3.4.0.alma/tests/test_platypus_paragraphs.py
|
|
--- reportlab-3.4.0/tests/test_platypus_paragraphs.py 2017-03-07 13:17:00
|
|
+++ reportlab-3.4.0.alma/tests/test_platypus_paragraphs.py 2023-10-18 15:29:30
|
|
@@ -306,6 +306,13 @@
|
|
doc = MyDocTemplate(outputfile('test_platypus_imageandflowables.pdf'),showBoundary=1)
|
|
doc.multiBuild(story)
|
|
|
|
+ def test_unicharCodeSafety(self):
|
|
+ """test a bug reported by ravi prakash giri <raviprakashgiri@gmail.com>"""
|
|
+ normal = getSampleStyleSheet()['BodyText']
|
|
+ self.assertRaises(Exception,Paragraph,
|
|
+ """<unichar code="open('/tmp/test.txt','w').write('Hello from unichar')"/>""",
|
|
+ normal)
|
|
+
|
|
class TwoFrameDocTemplate(BaseDocTemplate):
|
|
"Define a simple document with two frames per page."
|
|
|