Merge lp:~cjwatson/launchpad/defusedxml into lp:launchpad
Proposed by
Colin Watson
Status: | Merged |
---|---|
Merged at revision: | 18997 |
Proposed branch: | lp:~cjwatson/launchpad/defusedxml |
Merge into: | lp:launchpad |
Diff against target: |
283 lines (+36/-25) 11 files modified
constraints.txt (+1/-0) lib/lp/bugs/externalbugtracker/bugzilla.py (+4/-2) lib/lp/bugs/externalbugtracker/xmlrpc.py (+5/-1) lib/lp/bugs/scripts/bugimport.py (+3/-3) lib/lp/bugs/scripts/cveimport.py (+3/-3) lib/lp/bugs/scripts/tests/test_bugimport.py (+2/-2) lib/lp/hardwaredb/scripts/hwdbsubmissions.py (+3/-4) lib/lp/hardwaredb/scripts/tests/test_hwdb_submission_parser.py (+4/-3) lib/lp/services/xmlrpc.py (+6/-1) lib/lp/translations/utilities/xpi_header.py (+4/-6) setup.py (+1/-0) |
To merge this branch: | bzr merge lp:~cjwatson/launchpad/defusedxml |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
William Grant | code | Approve | |
Review via email: mp+368991@code.launchpad.net |
Commit message
Use defusedxml to parse untrusted XML.
Description of the change
Python's standard library documentation recommends this (https:/
The monkey-patching requirement for XML-RPC is a bit unfortunate, but this is mostly just for Bugzilla and Trac so it's tolerable.
To post a comment you must log in.