From 1aeb84750966f9bd1d7a084b692b5efd3a6e7900 Mon Sep 17 00:00:00 2001
From: jacksonmj <jacksonmj-git@jacksonmj.co.uk>
Date: Sat, 29 Aug 2015 01:19:50 +0000
Subject: [PATCH 1/2] Math.rpn should use _mathSafeEnv, otherwise untrusted
 users can freeze the bot

---
 plugins/Math/plugin.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugins/Math/plugin.py b/plugins/Math/plugin.py
index 518d21c7b..d9d1f1348 100644
--- a/plugins/Math/plugin.py
+++ b/plugins/Math/plugin.py
@@ -279,8 +279,8 @@ class Math(callbacks.Plugin):
                     x = abs(x)
                 stack.append(x)
             except ValueError: # Not a float.
-                if arg in self._mathEnv:
-                    f = self._mathEnv[arg]
+                if arg in self._mathSafeEnv:
+                    f = self._mathSafeEnv[arg]
                     if callable(f):
                         called = False
                         arguments = []
@@ -303,7 +303,7 @@ class Math(callbacks.Plugin):
                     arg1 = stack.pop()
                     s = '%s%s%s' % (arg1, arg, arg2)
                     try:
-                        stack.append(eval(s, self._mathEnv, self._mathEnv))
+                        stack.append(eval(s, self._mathSafeEnv, self._mathSafeEnv))
                     except SyntaxError:
                         irc.error(format(_('%q is not a defined function.'),
                                          arg))

From 97c7d0a9c332a952278cd3ea2eca1bf04b9fef41 Mon Sep 17 00:00:00 2001
From: jacksonmj <jacksonmj-git@jacksonmj.co.uk>
Date: Tue, 25 Aug 2015 00:46:44 +0000
Subject: [PATCH 2/2] Math.calc: allow factorial for smallish numbers

---
 plugins/Math/plugin.py | 9 +++++++--
 plugins/Math/test.py   | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/plugins/Math/plugin.py b/plugins/Math/plugin.py
index d9d1f1348..6b8a6342b 100644
--- a/plugins/Math/plugin.py
+++ b/plugins/Math/plugin.py
@@ -110,13 +110,18 @@ class Math(callbacks.Plugin):
             return math.sqrt(x)
     def _cbrt(x):
         return math.pow(x, 1.0/3)
+    def _factorial(x):
+        if x<=10000:
+            return math.factorial(x)
+        else:
+            raise Exception('factorial argument too large')
     _mathEnv['sqrt'] = _sqrt
     _mathEnv['cbrt'] = _cbrt
     _mathEnv['abs'] = abs
     _mathEnv['max'] = max
     _mathEnv['min'] = min
-    _mathSafeEnv = dict([(x,y) for x,y in _mathEnv.items()
-        if x not in ['factorial']])
+    _mathSafeEnv = dict([(x,y) for x,y in _mathEnv.items()])
+    _mathSafeEnv['factorial'] = _factorial
     _mathRe = re.compile(r'((?:(?<![A-Fa-f\d)])-)?'
                          r'(?:0x[A-Fa-f\d]+|'
                          r'0[0-7]+|'
diff --git a/plugins/Math/test.py b/plugins/Math/test.py
index 4ea7f61f1..91e3c4aaa 100644
--- a/plugins/Math/test.py
+++ b/plugins/Math/test.py
@@ -114,7 +114,7 @@ class MathTestCase(PluginTestCase):
         self.assertNotError('calc (1600 * 1200) - 2*(1024*1280)')
         self.assertNotError('calc 3-2*4')
         self.assertNotError('calc (1600 * 1200)-2*(1024*1280)')
-        self.assertError('calc factorial(99)')
+        self.assertError('calc factorial(20000)')
 
     def testCalcNoNameError(self):
         self.assertNotRegexp('calc foobar(x)', 'NameError')
@@ -139,7 +139,7 @@ class MathTestCase(PluginTestCase):
         self.assertResponse('icalc 1^1', '0')
         self.assertResponse('icalc 10**24', '1' + '0'*24)
         self.assertRegexp('icalc 49/6', '8.16')
-        self.assertNotError('icalc factorial(99)')
+        self.assertNotError('icalc factorial(20000)')
 
     def testRpn(self):
         self.assertResponse('rpn 5 2 +', '7')