Issue #16248: Disable code execution from the user's home directory by tkinter when...

author Antoine Pitrou <solipsis@pitrou.net>

Sun, 9 Dec 2012 13:46:18 +0000 (14:46 +0100)

committer Antoine Pitrou <solipsis@pitrou.net>

Sun, 9 Dec 2012 13:46:18 +0000 (14:46 +0100)
author Antoine Pitrou <solipsis@pitrou.net>
Sun, 9 Dec 2012 13:46:18 +0000 (14:46 +0100)
committer Antoine Pitrou <solipsis@pitrou.net>
Sun, 9 Dec 2012 13:46:18 +0000 (14:46 +0100)
diff --git a/Lib/tkinter/__init__.py b/Lib/tkinter/__init__.py

index 0bccbfc1f531defbd5327fbbadd2c1416dcce097..50e51ab2091c9e528c927021061d5764e89ef4c3 100644 (file)
--- a/Lib/tkinter/__init__.py
+++ b/Lib/tkinter/__init__.py
@@ -1632,7 +1632,9 @@ class Tk(Misc, Wm):
          self.tk = _tkinter.create(screenName, baseName, className, interactive, wantobjects, useTk, sync, use)
          if useTk:
              self._loadtk()
-        self.readprofile(baseName, className)
+        if not sys.flags.ignore_environment:
+            # Issue #16248: Honor the -E flag to avoid code injection.
+            self.readprofile(baseName, className)
      def loadtk(self):
          if not self._tkloaded:
              self.tk.loadtk()
diff --git a/Misc/NEWS b/Misc/NEWS

index 77e2ddaf755f8d2d03b3ab080156dbb081bade44..0b5fab4ef115d2f1986dcd6e34a1e899c6c0aa83 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,9 @@ Core and Builtins
  Library
  -------
  
+- Issue #16248: Disable code execution from the user's home directory by tkinter
+  when the -E flag is passed to Python.
+
  
  What's New in Python 3.1.5?
  ===========================
author	Antoine Pitrou <solipsis@pitrou.net>
	Sun, 9 Dec 2012 13:46:18 +0000 (14:46 +0100)
committer	Antoine Pitrou <solipsis@pitrou.net>
	Sun, 9 Dec 2012 13:46:18 +0000 (14:46 +0100)
Lib/tkinter/__init__.py		patch \| blob \| history
Misc/NEWS		patch \| blob \| history