Math.rpn should use _mathSafeEnv, otherwise untrusted users can freeze the bot

2025-01-11 12:42:34 +01:00 · 2015-08-29 01:19:50 +00:00 · 2015-08-29 01:19:50 +00:00 · 1aeb847509
commit 1aeb847509
parent 943c8bc495
1 changed files with 3 additions and 3 deletions
--- a/plugins/Math/plugin.py
+++ b/plugins/Math/plugin.py
@ -279,8 +279,8 @@ class Math(callbacks.Plugin):
                    x = abs(x)
                stack.append(x)
            except ValueError: # Not a float.
-                if arg in self._mathEnv:
-                    f = self._mathEnv[arg]
+                if arg in self._mathSafeEnv:
+                    f = self._mathSafeEnv[arg]
                    if callable(f):
                        called = False
                        arguments = []
@ -303,7 +303,7 @@ class Math(callbacks.Plugin):
                    arg1 = stack.pop()
                    s = '%s%s%s' % (arg1, arg, arg2)
                    try:
-                        stack.append(eval(s, self._mathEnv, self._mathEnv))
+                        stack.append(eval(s, self._mathSafeEnv, self._mathSafeEnv))
                    except SyntaxError:
                        irc.error(format(_('%q is not a defined function.'),
                                         arg))