Update of /cvsroot/freevo/freevo/src/skins/main
In directory sc8-pr-cvs1:/tmp/cvs-serv19308
Modified Files:
info_area.py
Log Message:
make eval more secure (and remove trailing whitespaces)
Index: info_area.py
===================================================================
RCS file: /cvsroot/freevo/freevo/src/skins/main/info_area.py,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** info_area.py 1 Jan 2004 15:53:18 -0000 1.9
--- info_area.py 10 Jan 2004 16:53:22 -0000 1.10
***************
*** 6,13 ****
#
# Notes:
! # Todo:
#
# -----------------------------------------------------------------------
# $Log$
# Revision 1.9 2004/01/01 15:53:18 dischi
# move the shadow code into osd.py
--- 6,16 ----
#
# Notes:
! # Todo:
#
# -----------------------------------------------------------------------
# $Log$
+ # Revision 1.10 2004/01/10 16:53:22 dischi
+ # make eval more secure (and remove trailing whitespaces)
+ #
# Revision 1.9 2004/01/01 15:53:18 dischi
# move the shadow code into osd.py
***************
*** 34,38 ****
# -----------------------------------------------------------------------
# Freevo - A Home Theater PC framework
! # Copyright (C) 2002 Krister Lagerstrom, et al.
# Please see the file freevo/Docs/CREDITS for a complete list of authors.
#
--- 37,41 ----
# -----------------------------------------------------------------------
# Freevo - A Home Theater PC framework
! # Copyright (C) 2002 Krister Lagerstrom, et al.
# Please see the file freevo/Docs/CREDITS for a complete list of authors.
#
***************
*** 76,80 ****
self.sellist = None
!
def update_content_needed( self ):
"""
--- 79,83 ----
self.sellist = None
!
def update_content_needed( self ):
"""
***************
*** 82,86 ****
"""
update = 0
!
if self.layout_content is not self.layout.content:
return True
--- 85,89 ----
"""
update = 0
!
if self.layout_content is not self.layout.content:
return True
***************
*** 88,96 ****
if self.last_item != self.infoitem:
return True
!
update += self.set_content() # set self.content
update += self.set_list(update) # set self.list
! list = self.eval_expressions( self.list )
if self.sellist != list:
self.sellist = list
--- 91,105 ----
if self.last_item != self.infoitem:
return True
!
update += self.set_content() # set self.content
update += self.set_list(update) # set self.list
! try:
! list = self.eval_expressions( self.list )
! except:
! print "skin error: unable to parse expression in info_area"
! traceback.print_exc()
! return 0
!
if self.sellist != list:
self.sellist = list
***************
*** 100,104 ****
self.updated = 1
return update
!
def update_content( self ):
--- 109,113 ----
self.updated = 1
return update
!
def update_content( self ):
***************
*** 108,112 ****
if not self.updated: # entered a menu for the first time
self.set_list(self.set_content())
! self.sellist = self.eval_expressions( self.list )
self.last_item = self.infoitem
--- 117,126 ----
if not self.updated: # entered a menu for the first time
self.set_list(self.set_content())
! try:
! self.sellist = self.eval_expressions( self.list )
! except:
! print "skin error: unable to parse expression in info_area"
! traceback.print_exc()
! return 0
self.last_item = self.infoitem
***************
*** 128,132 ****
align_v = i.valign, align_h = i.align,
mode = i.mode )
!
elif isinstance( i, xml_skin.FormatImg ):
if i.src:
--- 142,146 ----
align_v = i.valign, align_h = i.align,
mode = i.mode )
!
elif isinstance( i, xml_skin.FormatImg ):
if i.src:
***************
*** 136,141 ****
else:
print _( "ERROR" ) + ": missing 'src' attribute in skin tag!"
!
!
self.last_item = self.infoitem
--- 150,155 ----
else:
print _( "ERROR" ) + ": missing 'src' attribute in skin tag!"
!
!
self.last_item = self.infoitem
***************
*** 157,166 ****
self.content.y != self.area_val.y):
update=1
!
if self.layout_content is not self.layout.content or update:
types = self.layout.content.types
self.content = self.calc_geometry( self.layout.content, copy_object=True
)
# backup types, which have the previously calculated fcontent
! self.content.types = types
self.layout_content = self.layout.content
return 1
--- 171,180 ----
self.content.y != self.area_val.y):
update=1
!
if self.layout_content is not self.layout.content or update:
types = self.layout.content.types
self.content = self.calc_geometry( self.layout.content, copy_object=True
)
# backup types, which have the previously calculated fcontent
! self.content.types = types
self.layout_content = self.layout.content
return 1
***************
*** 176,186 ****
if hasattr( self.infoitem, 'info_type'):
key = self.infoitem.info_type or key
!
elif hasattr( self.infoitem, 'type' ):
key = self.infoitem.type or key
! try:
val = self.content.types[ key ]
! except:
val = self.content.types[ 'default' ]
--- 190,200 ----
if hasattr( self.infoitem, 'info_type'):
key = self.infoitem.info_type or key
!
elif hasattr( self.infoitem, 'type' ):
key = self.infoitem.type or key
! if self.content.types.has_key(key):
val = self.content.types[ key ]
! else:
val = self.content.types[ 'default' ]
***************
*** 191,195 ****
self.list = val.fcontent
return 1
!
return 0
--- 205,209 ----
self.list = val.fcontent
return 1
!
return 0
***************
*** 199,218 ****
"""
create the python expression
! """
! exp = ''
for b in expression.split( ' ' ):
if b in ( 'and', 'or', 'not' ):
# valid operator
exp += ' %s' % ( b )
!
elif b[ :4 ] == 'len(' and b.find( ')' ) > 0 and \
len(b) - b.find(')') < 5:
# lenght of something
! exp += ' item.getattr("%s") %s' % ( b[ : ( b.find(')') + 1 ) ],
b[ ( b.find(')') + 1 ) : ])
else:
# an attribute
! exp += ' item.getattr("%s")' % b
!
return exp.strip()
--- 213,232 ----
"""
create the python expression
! """
! exp = ''
for b in expression.split( ' ' ):
if b in ( 'and', 'or', 'not' ):
# valid operator
exp += ' %s' % ( b )
!
elif b[ :4 ] == 'len(' and b.find( ')' ) > 0 and \
len(b) - b.find(')') < 5:
# lenght of something
! exp += ' attr("%s") %s' % ( b[ : ( b.find(')') + 1 ) ],
b[ ( b.find(')') + 1 ) : ])
else:
# an attribute
! exp += ' attr("%s")' % b
!
return exp.strip()
***************
*** 229,233 ****
so you can check if it changed just comparing two lists
(useful in music player, to update 'elapsed')
! """
item = self.infoitem
ret_list = [ ]
--- 243,247 ----
so you can check if it changed just comparing two lists
(useful in music player, to update 'elapsed')
! """
item = self.infoitem
ret_list = [ ]
***************
*** 235,239 ****
if not list:
return
!
rg = range( len( list ) )
for i in rg:
--- 249,253 ----
if not list:
return
!
rg = range( len( list ) )
for i in rg:
***************
*** 247,261 ****
# Evaluate the expression:
! try:
! if exp and eval( exp ):
! # It's true, we should recurse into children
! ret_list += self.eval_expressions( list[ i ].content, index
+ [ i ] )
! except:
! print "ERROR: Could not evaluate 'if' condition in info_area"
! print "expression was: 'if %s:', Item was: %s" % ( exp,
item.type )
! traceback.print_exc()
!
continue
!
elif isinstance( list[ i ], xml_skin.FormatText ):
exp = None
--- 261,269 ----
# Evaluate the expression:
! if exp and eval(exp, {'attr': item.getattr}, {}):
! # It's true, we should recurse into children
! ret_list += self.eval_expressions( list[ i ].content, index + [
i ] )
continue
!
elif isinstance( list[ i ], xml_skin.FormatText ):
exp = None
***************
*** 267,284 ****
else:
exp = list[ i ].expression
! try:
! # evaluate the expression:
if exp:
! exp = eval( exp )
! if exp:
! list[ i ].text = str( exp )
! except:
! print "ERROR: Parsing XML in info_area:"
! print "could not evaluate: '%s'" % ( exp )
! traceback.print_exc()
# I add a tuple here to be able to compare lists and know if we need
to
# update, this is useful in the mp3 player
ret_list += [ index + [ ( i, list[ i ].text ) ] ]
! else:
ret_list += [ index + [ i ] ]
--- 275,287 ----
else:
exp = list[ i ].expression
! # evaluate the expression:
! if exp:
! exp = eval(exp, {'attr': item.getattr}, {})
if exp:
! list[ i ].text = str( exp )
# I add a tuple here to be able to compare lists and know if we need
to
# update, this is useful in the mp3 player
ret_list += [ index + [ ( i, list[ i ].text ) ] ]
! else:
ret_list += [ index + [ i ] ]
***************
*** 296,304 ****
"""
x, y = 0, 0
!
item = self.infoitem
list = self.list
! ret_list = [ ]
last_newline = 0 # index of the last line
for i in sel_list:
--- 299,307 ----
"""
x, y = 0, 0
!
item = self.infoitem
list = self.list
! ret_list = [ ]
last_newline = 0 # index of the last line
for i in sel_list:
***************
*** 336,340 ****
if element.x == None:
element.x = x
!
if element.y == None:
element.y = y
--- 339,343 ----
if element.x == None:
element.x = x
!
if element.y == None:
element.y = y
***************
*** 345,364 ****
image = osd.loadbitmap( element.src, True )
size = image.get_size()
!
if element.width == None:
element.width = size[ 0 ]
!
if element.height == None:
! element.height = size[ 1 ]
!
ret_list += [ element ]
#
# Tag: <newline>
! #
elif isinstance( element, xml_skin.FormatNewline ):
newline = 1 # newline height will be added later
x = 0
!
#
# Tag: <text>
--- 348,367 ----
image = osd.loadbitmap( element.src, True )
size = image.get_size()
!
if element.width == None:
element.width = size[ 0 ]
!
if element.height == None:
! element.height = size[ 1 ]
!
ret_list += [ element ]
#
# Tag: <newline>
! #
elif isinstance( element, xml_skin.FormatNewline ):
newline = 1 # newline height will be added later
x = 0
!
#
# Tag: <text>
***************
*** 407,411 ****
x += element.width
ret_list.append(element)
!
# We should shrink the width and go next line (overflow)
--- 410,414 ----
x += element.width
ret_list.append(element)
!
# We should shrink the width and go next line (overflow)
***************
*** 427,431 ****
if j.text and j.height > newline_height:
newline_height = j.height
!
y = y + newline_height
last_newline = new_last_newline
--- 430,434 ----
if j.text and j.height > newline_height:
newline_height = j.height
!
y = y + newline_height
last_newline = new_last_newline
***************
*** 434,438 ****
for j in last_line:
j.height = newline_height
!
!
return ret_list
--- 437,441 ----
for j in last_line:
j.height = newline_height
!
!
return ret_list
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Freevo-cvslog mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/freevo-cvslog
