From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id BA6481389F5 for ; Tue, 18 Nov 2014 00:03:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EE2B5E0954; Tue, 18 Nov 2014 00:03:40 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6EF6FE0954 for ; Tue, 18 Nov 2014 00:03:40 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 59CAE340537 for ; Tue, 18 Nov 2014 00:03:39 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 9AEF7A588 for ; Tue, 18 Nov 2014 00:03:37 +0000 (UTC) From: "Devan Franchini" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Devan Franchini" Message-ID: <1416269009.bb32ea1330beb131b4c7924247fa677e5e5099eb.twitch153@gentoo> Subject: [gentoo-commits] proj/webapp-config:experimental commit in: WebappConfig/ X-VCS-Repository: proj/webapp-config X-VCS-Files: WebappConfig/config.py X-VCS-Directories: WebappConfig/ X-VCS-Committer: twitch153 X-VCS-Committer-Name: Devan Franchini X-VCS-Revision: bb32ea1330beb131b4c7924247fa677e5e5099eb X-VCS-Branch: experimental Date: Tue, 18 Nov 2014 00:03:37 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 80642dcf-f4b1-44d4-9ff4-f6b6d0a6d6e2 X-Archives-Hash: b85a5a630a4269359b3a6134c4e8e019 commit: bb32ea1330beb131b4c7924247fa677e5e5099eb Author: Devan Franchini gentoo org> AuthorDate: Fri Nov 14 01:06:26 2014 +0000 Commit: Devan Franchini gentoo org> CommitDate: Tue Nov 18 00:03:29 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/webapp-config.git;a=commit;h=bb32ea13 config.py: Modifies import strategy for config parser On systems which had dev-python/configparser installed (a package to add support for the py3.x configparser class in py2.x) webapp-config would make use of that class instead of py2.x's built in ConfigParser class. This would lead to improper interpolation of configuration variables that follow the syntax "${}". This dangerous behavior could (and has) lead to webapp-config installing a webapp to the root filesystem of a host. This danger has been avoided by modifying the import strategy for the config parser we're using so that we force import the ConfigParser class if using py2.x. X-Gentoo-Bug: 528752 X-Gentoo-Bug-URL: https://bugs.gentoo.org/528752 --- WebappConfig/config.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/WebappConfig/config.py b/WebappConfig/config.py index cdae149..c87b93b 100644 --- a/WebappConfig/config.py +++ b/WebappConfig/config.py @@ -21,15 +21,12 @@ import sys, os, os.path, re, socket, time -try: +if sys.hexversion >= 0x3000000: # Python 3 import configparser - if sys.version_info >= (3, 2): - from configparser import ConfigParser as configparser_ConfigParser - from configparser import ExtendedInterpolation - else: - from configparser import SafeConfigParser as configparser_ConfigParser -except ImportError: + from configparser import ConfigParser as configparser_ConfigParser + from configparser import ExtendedInterpolation +else: # Python 2 import ConfigParser as configparser from ConfigParser import SafeConfigParser as configparser_ConfigParser