File dia-can-2005-2966.patch of Package dia

Index: plug-ins/python/diasvg_import.py
===================================================================
--- plug-ins/python/diasvg_import.py	(revision 7)
+++ plug-ins/python/diasvg_import.py	(working copy)
@@ -54,6 +54,10 @@
 		return (int(m.group(1)) / 255.0, int(m.group(2)) / 255.0, int(m.group(2)) / 255.0)
 	# any more ugly color definitions not compatible with pango_color_parse() ?
 	return string.strip(s)
+
+def eval_secure(s):
+	return string.translate(s, string.maketrans("\"()", "___"))
+
 class Object :
 	def __init__(self) :
 		self.props = {"x" : 0, "y" : 0, "stroke" : "none"}
@@ -65,7 +69,8 @@
 			sp2 = string.split(string.strip(s1), ":")
 			if len(sp2) == 2 :
 				try :
-					eval("self." + string.replace(sp2[0], "-", "_") + "(\"" + string.strip(sp2[1]) + "\")")
+					eval("self." + eval_secure(string.replace(sp2[0], "-", "_")) +
+						"(\"" + eval_secure(string.strip(sp2[1])) + "\")")
 				except AttributeError :
 					self.props[sp2[0]] = string.strip(sp2[1])
 	def x(self, s) :
@@ -282,7 +287,7 @@
 	def CopyProps(self, dest) :
 		# to be used to inherit group props to childs _before_ they get their own
 		for p in self.props.keys() :
-			sf = "dest." + string.replace(p, "-", "_") + "(\"" + str(self.props[p]) + "\")"
+			sf = "dest." + eval_secure(string.replace(p, "-", "_")) + "(\"" + eval_secure(str(self.props[p])) + "\")"
 			try : # accessor first
 				eval(sf)
 			except :
@@ -561,7 +566,7 @@
 				o = Group()
 				stack.append(o)
 			else :
-				s = string.capitalize(name) + "()"
+				s = eval_secure(string.capitalize(name)) + "()"
 				try :
 					o = eval(s)
 				except :
@@ -575,7 +580,7 @@
 				ma = string.replace(a, "-", "_")
 				# e.g. xlink:href -> xlink__href
 				ma = string.replace(ma, ":", "__")
-				s = "o." +  ma + "(\"" + attrs[a] + "\")"
+				s = "o." +  eval_secure(ma) + "(\"" + eval_secure(attrs[a]) + "\")"
 				try :
 					eval(s)
 				except AttributeError, msg :
openSUSE Build Service is sponsored by