[packages/python-markdown.git] / python-markdown-yaml.patch

diff --git a/markdown/__main__.py b/markdown/__main__.py
index 38d08fe0..43e486c9 100644
--- a/markdown/__main__.py
+++ b/markdown/__main__.py
@@ -26,9 +26,17 @@
 import warnings
 import markdown
 try:
-    import yaml
+    # We use `unsafe_load` because users may need to pass in actual Python
+    # objects. As this is only available from the CLI, the user has much
+    # worse problems if an attacker can use this as an attach vector.
+    from yaml import unsafe_load as yaml_load
 except ImportError:  # pragma: no cover
-    import json as yaml
+    try:
+        # Fall back to PyYAML <5.1
+        from yaml import load as yaml_load
+    except ImportError:
+        # Fall back to JSON
+        from json import load as yaml_load
 
 import logging
 from logging import DEBUG, WARNING, CRITICAL
@@ -97,7 +105,7 @@ def parse_options(args=None, values=None):
             options.configfile, mode="r", encoding=options.encoding
         ) as fp:
             try:
-                extension_configs = yaml.load(fp)
+                extension_configs = yaml_load(fp)
             except Exception as e:
                 message = "Failed parsing extension config file: %s" % \
                           options.configfile
--- a/tests/__init__.py.orig	2018-01-05 01:41:13.000000000 +0100
+++ b/tests/__init__.py	2019-03-22 22:41:00.850729644 +0100
@@ -17,13 +17,16 @@
 except ImportError:
     tidylib = None
 try:
-    import yaml
-except ImportError as e:
-    msg = e.args[0]
-    msg = msg + ". A YAML library is required to run the Python-Markdown " \
-        "tests. Run `pip install pyyaml` to install the latest version."
-    e.args = (msg,) + e.args[1:]
-    raise
+    from yaml import unsafe_load as yaml_load
+except ImportError: # PyYAML < 5.1
+    try:
+        from yaml import load as yaml_load
+    except ImportError as e:
+        msg = e.args[0]
+        msg = msg + ". A YAML library is required to run the Python-Markdown " \
+            "tests. Run `pip install pyyaml` to install the latest version."
+        e.args = (msg,) + e.args[1:]
+        raise
 
 test_dir = os.path.abspath(os.path.dirname(__file__))
 
@@ -36,7 +39,7 @@
         self._config = {}
         if os.path.exists(filename):
             with codecs.open(filename, encoding="utf-8") as f:
-                self._config = yaml.load(f)
+                self._config = yaml_load(f)
 
     def get(self, section, option):
         """ Get config value for given section and option key. """
Commit	Line	Data
4c99705f JB	1	diff --git a/markdown/__main__.py b/markdown/__main__.py
	2	index 38d08fe0..43e486c9 100644
	3	--- a/markdown/__main__.py
	4	+++ b/markdown/__main__.py
	5	@@ -26,9 +26,17 @@
	6	import warnings
	7	import markdown
	8	try:
	9	- import yaml
	10	+ # We use `unsafe_load` because users may need to pass in actual Python
	11	+ # objects. As this is only available from the CLI, the user has much
	12	+ # worse problems if an attacker can use this as an attach vector.
	13	+ from yaml import unsafe_load as yaml_load
	14	except ImportError: # pragma: no cover
	15	- import json as yaml
	16	+ try:
	17	+ # Fall back to PyYAML <5.1
	18	+ from yaml import load as yaml_load
	19	+ except ImportError:
	20	+ # Fall back to JSON
	21	+ from json import load as yaml_load
	22
	23	import logging
	24	from logging import DEBUG, WARNING, CRITICAL
	25	@@ -97,7 +105,7 @@ def parse_options(args=None, values=None):
	26	options.configfile, mode="r", encoding=options.encoding
	27	) as fp:
	28	try:
	29	- extension_configs = yaml.load(fp)
	30	+ extension_configs = yaml_load(fp)
	31	except Exception as e:
	32	message = "Failed parsing extension config file: %s" % \
	33	options.configfile
	34	--- a/tests/__init__.py.orig 2018-01-05 01:41:13.000000000 +0100
	35	+++ b/tests/__init__.py 2019-03-22 22:41:00.850729644 +0100
	36	@@ -17,13 +17,16 @@
	37	except ImportError:
	38	tidylib = None
	39	try:
	40	- import yaml
	41	-except ImportError as e:
	42	- msg = e.args[0]
	43	- msg = msg + ". A YAML library is required to run the Python-Markdown " \
	44	- "tests. Run `pip install pyyaml` to install the latest version."
	45	- e.args = (msg,) + e.args[1:]
	46	- raise
	47	+ from yaml import unsafe_load as yaml_load
	48	+except ImportError: # PyYAML < 5.1
	49	+ try:
	50	+ from yaml import load as yaml_load
	51	+ except ImportError as e:
	52	+ msg = e.args[0]
	53	+ msg = msg + ". A YAML library is required to run the Python-Markdown " \
	54	+ "tests. Run `pip install pyyaml` to install the latest version."
	55	+ e.args = (msg,) + e.args[1:]
	56	+ raise
	57
	58	test_dir = os.path.abspath(os.path.dirname(__file__))
	59
	60	@@ -36,7 +39,7 @@
	61	self._config = {}
	62	if os.path.exists(filename):
	63	with codecs.open(filename, encoding="utf-8") as f:
	64	- self._config = yaml.load(f)
65	+ self._config = yaml_load(f)
66
67	def get(self, section, option):
68	""" Get config value for given section and option key. """