Safely parse XMLs using defusedxml

This commit is contained in:
croneter 2018-09-05 17:36:38 +02:00
parent 0933dea407
commit b29e07846f
4 changed files with 6 additions and 4 deletions

View file

@ -3,6 +3,7 @@
<requires>
<import addon="xbmc.python" version="2.1.0"/>
<import addon="script.module.requests" version="2.9.1" />
<import addon="script.module.defusedxml" version="0.5.0"/>
<import addon="plugin.video.plexkodiconnect.movies" version="2.0.5" />
<import addon="plugin.video.plexkodiconnect.tvshows" version="2.0.5" />
</requires>

View file

@ -2,7 +2,7 @@
# -*- coding: utf-8 -*-
from __future__ import absolute_import, division, unicode_literals
from logging import getLogger
import xml.etree.ElementTree as etree
import defusedxml.ElementTree as etree # etree parse unsafe
import requests
from . import utils

View file

@ -13,6 +13,7 @@ from StringIO import StringIO
from time import localtime, strftime
from unicodedata import normalize
import xml.etree.ElementTree as etree
import defusedxml.ElementTree as defused_etree # etree parse unsafe
from functools import wraps, partial
from urllib import quote_plus
import hashlib
@ -669,7 +670,7 @@ class XmlKodiSetting(object):
def __enter__(self):
try:
self.tree = etree.parse(self.path)
self.tree = defused_etree.parse(self.path)
except IOError:
# Document is blank or missing
if self.force_create is False:
@ -828,7 +829,7 @@ def passwords_xml():
path = path_ops.translate_path('special://userdata/')
xmlpath = "%spasswords.xml" % path
try:
xmlparse = etree.parse(xmlpath)
xmlparse = defused_etree.parse(xmlpath)
except IOError:
# Document is blank or missing
root = etree.Element('passwords')

View file

@ -2,7 +2,7 @@
# -*- coding: utf-8 -*-
from logging import getLogger
from json import loads
import xml.etree.ElementTree as etree
import defusedxml.ElementTree as etree # etree parse unsafe
from threading import Thread
from ssl import CERT_NONE
from xbmc import sleep