From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id C817C138A1A for ; Fri, 14 Nov 2014 01:14:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B0689E08A6; Fri, 14 Nov 2014 01:14:12 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 60388E08A6 for ; Fri, 14 Nov 2014 01:14:12 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5A7E233F692 for ; Fri, 14 Nov 2014 01:14:11 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id D7230A16D for ; Fri, 14 Nov 2014 01:14:09 +0000 (UTC) From: "Devan Franchini" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Devan Franchini" Message-ID: <1415927629.8a807c9d67ba7eadfb4695cdfbb8d7687dd2d26f.twitch153@gentoo> Subject: [gentoo-commits] proj/webapp-config:experimental commit in: WebappConfig/ X-VCS-Repository: proj/webapp-config X-VCS-Files: WebappConfig/config.py X-VCS-Directories: WebappConfig/ X-VCS-Committer: twitch153 X-VCS-Committer-Name: Devan Franchini X-VCS-Revision: 8a807c9d67ba7eadfb4695cdfbb8d7687dd2d26f X-VCS-Branch: experimental Date: Fri, 14 Nov 2014 01:14:09 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 7bac509e-a26d-4411-9fe4-12d40cfda81a X-Archives-Hash: 9c37c6f4e21a9133cdcb28390a42f29a commit: 8a807c9d67ba7eadfb4695cdfbb8d7687dd2d26f Author: Devan Franchini gentoo org> AuthorDate: Fri Nov 14 01:06:26 2014 +0000 Commit: Devan Franchini gentoo org> CommitDate: Fri Nov 14 01:13:49 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/webapp-config.git;a=commit;h=8a807c9d config.py: Modifies import strategy for config parser On systems which had dev-python/configparser installed (a package to add support for the py3.x configparser class in py2.x) webapp-config would make use of that class instead of py2.x's built in ConfigParser class. This would lead to improper interpolation of configuration variables that follow the syntax "${}". This dangerous behavior could (and has) lead to webapp-config installing a webapp to the root filesystem of a host. This danger has been avoided by modifying the import strategy for the config parser we're using so that we force import the ConfigParser class if using py2.x. X-Gentoo-Bug: 528752 X-Gentoo-Bug-URL: https://bugs.gentoo.org/528752 --- WebappConfig/config.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/WebappConfig/config.py b/WebappConfig/config.py index cdae149..c87b93b 100644 --- a/WebappConfig/config.py +++ b/WebappConfig/config.py @@ -21,15 +21,12 @@ import sys, os, os.path, re, socket, time -try: +if sys.hexversion >= 0x3000000: # Python 3 import configparser - if sys.version_info >= (3, 2): - from configparser import ConfigParser as configparser_ConfigParser - from configparser import ExtendedInterpolation - else: - from configparser import SafeConfigParser as configparser_ConfigParser -except ImportError: + from configparser import ConfigParser as configparser_ConfigParser + from configparser import ExtendedInterpolation +else: # Python 2 import ConfigParser as configparser from ConfigParser import SafeConfigParser as configparser_ConfigParser