[tor-commits] [stem/master] Avoid dangerous input() call
atagar at torproject.org
atagar at torproject.org
Sun Jan 4 02:29:04 UTC 2015
commit 6a2974b8085d8fc64d714ac1e543318b88f51e31
Author: Damian Johnson <atagar at torproject.org>
Date: Sat Jan 3 14:47:11 2015 -0800
Avoid dangerous input() call
Python3 wisely killed input() because it's risky, and renamed raw_input() to
input(). This is great, but simply changing raw_input() to input() as 2to3 did
means arbitrary code execution in python2, and breaks our interpreter.
---
stem/interpreter/__init__.py | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/stem/interpreter/__init__.py b/stem/interpreter/__init__.py
index f4fac8e..c96e11c 100644
--- a/stem/interpreter/__init__.py
+++ b/stem/interpreter/__init__.py
@@ -18,6 +18,7 @@ import sys
import stem
import stem.connection
+import stem.prereq
import stem.process
import stem.util.conf
import stem.util.system
@@ -125,7 +126,12 @@ def main():
while True:
try:
prompt = '... ' if interpreter.is_multiline_context else PROMPT
- user_input = input(prompt)
+
+ if stem.prereq.is_python_3():
+ user_input = input(prompt)
+ else:
+ user_input = raw_input(prompt)
+
response = interpreter.run_command(user_input)
if response is not None:
More information about the tor-commits
mailing list