Safely parse XMLs using defusedxml
This commit is contained in:
croneter
parent
0933dea407
commit
b29e07846f
4 changed files with 6 additions and 4 deletions
|
|
@ -3,6 +3,7 @@
|
||||||
<requires>
|
<requires>
|
||||||
<import addon="xbmc.python" version="2.1.0"/>
|
<import addon="xbmc.python" version="2.1.0"/>
|
||||||
<import addon="script.module.requests" version="2.9.1" />
|
<import addon="script.module.requests" version="2.9.1" />
|
||||||
|
<import addon="script.module.defusedxml" version="0.5.0"/>
|
||||||
<import addon="plugin.video.plexkodiconnect.movies" version="2.0.5" />
|
<import addon="plugin.video.plexkodiconnect.movies" version="2.0.5" />
|
||||||
<import addon="plugin.video.plexkodiconnect.tvshows" version="2.0.5" />
|
<import addon="plugin.video.plexkodiconnect.tvshows" version="2.0.5" />
|
||||||
</requires>
|
</requires>
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
from __future__ import absolute_import, division, unicode_literals
|
from __future__ import absolute_import, division, unicode_literals
|
||||||
from logging import getLogger
|
from logging import getLogger
|
||||||
import xml.etree.ElementTree as etree
|
import defusedxml.ElementTree as etree # etree parse unsafe
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
from . import utils
|
from . import utils
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ from StringIO import StringIO
|
||||||
from time import localtime, strftime
|
from time import localtime, strftime
|
||||||
from unicodedata import normalize
|
from unicodedata import normalize
|
||||||
import xml.etree.ElementTree as etree
|
import xml.etree.ElementTree as etree
|
||||||
|
import defusedxml.ElementTree as defused_etree # etree parse unsafe
|
||||||
from functools import wraps, partial
|
from functools import wraps, partial
|
||||||
from urllib import quote_plus
|
from urllib import quote_plus
|
||||||
import hashlib
|
import hashlib
|
||||||
|
|
@ -669,7 +670,7 @@ class XmlKodiSetting(object):
|
||||||
|
|
||||||
def __enter__(self):
|
def __enter__(self):
|
||||||
try:
|
try:
|
||||||
self.tree = etree.parse(self.path)
|
self.tree = defused_etree.parse(self.path)
|
||||||
except IOError:
|
except IOError:
|
||||||
# Document is blank or missing
|
# Document is blank or missing
|
||||||
if self.force_create is False:
|
if self.force_create is False:
|
||||||
|
|
@ -828,7 +829,7 @@ def passwords_xml():
|
||||||
path = path_ops.translate_path('special://userdata/')
|
path = path_ops.translate_path('special://userdata/')
|
||||||
xmlpath = "%spasswords.xml" % path
|
xmlpath = "%spasswords.xml" % path
|
||||||
try:
|
try:
|
||||||
xmlparse = etree.parse(xmlpath)
|
xmlparse = defused_etree.parse(xmlpath)
|
||||||
except IOError:
|
except IOError:
|
||||||
# Document is blank or missing
|
# Document is blank or missing
|
||||||
root = etree.Element('passwords')
|
root = etree.Element('passwords')
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
from logging import getLogger
|
from logging import getLogger
|
||||||
from json import loads
|
from json import loads
|
||||||
import xml.etree.ElementTree as etree
|
import defusedxml.ElementTree as etree # etree parse unsafe
|
||||||
from threading import Thread
|
from threading import Thread
|
||||||
from ssl import CERT_NONE
|
from ssl import CERT_NONE
|
||||||
from xbmc import sleep
|
from xbmc import sleep
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue