Applying patch

[#636769] Fix for major rexec bugs * Lib/rexec.py (FileBase): Added 'xreadlines' and '__iter__' to allowed file methods. (FileWrapper.__init__): Removed unnecessary self.f variable, which gave direct access to the file object. (RExec): Added 'xreadlines' and '_weakref' to allowed modules. (RExec.r_open): Convert string subclasses to a real string classes before doing comparisons with mode parameter. * Lib/ihooks.py (BasicModuleImporter.import_module/reload/unload): Convert the module name to a real string before working with it. (ModuleImporter.import_module/import_it/reload): Convert the module name to a real strings before working with it. * Misc/NEWS Document the change.
2025-08-03 16:39:00 +00:00 · 2002-12-16 13:11:57 +00:00 · 2002-12-16 13:11:57 +00:00 · d5ae01a803
commit d5ae01a803
parent 822a77fcc7
3 changed files with 15 additions and 7 deletions
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -667,6 +667,9 @@ Library
  unix environment even if DISPLAY was not set. Also, support for
  skipstone browser was included.

+- Fixed bug #636769: rexec would run unallowed code if subclasses of
+  strings were used as parameters for certain functions.
+
 Tools/Demos
 -----------