|
47 | 47 |
|
48 | 48 | import base64 |
49 | 49 | import copy |
50 | | -import datetime |
51 | 50 | import getopt |
| 51 | +import io |
52 | 52 | import os |
53 | 53 | import pickle |
54 | | -import re |
55 | 54 | import sys |
56 | 55 | import threading |
57 | 56 | import time |
|
60 | 59 | from http.server import BaseHTTPRequestHandler, HTTPServer |
61 | 60 |
|
62 | 61 | # Allow this program to run inside the NLTK source tree. |
63 | | -from sys import argv, path |
| 62 | +from sys import argv |
64 | 63 | from urllib.parse import unquote_plus |
65 | 64 |
|
66 | 65 | from nltk.corpus import wordnet as wn |
67 | 66 | from nltk.corpus.reader.wordnet import Lemma, Synset |
68 | 67 |
|
69 | | -# now included in local file |
70 | | -# from util import html_header, html_trailer, \ |
71 | | -# get_static_index_page, get_static_page_by_path, \ |
72 | | -# page_from_word, page_from_href |
73 | | - |
74 | 68 | firstClient = True |
75 | 69 |
|
76 | 70 | # True if we're not also running a web browser. The value f server_mode |
@@ -659,6 +653,16 @@ def make_synset_html(db_name, disp_name, rels): |
659 | 653 | return html |
660 | 654 |
|
661 | 655 |
|
| 656 | +class RestrictedUnpickler(pickle.Unpickler): |
| 657 | + """ |
| 658 | + Unpickler that prevents any class or function from being used during loading. |
| 659 | + """ |
| 660 | + |
| 661 | + def find_class(self, module, name): |
| 662 | + # Forbid every function |
| 663 | + raise pickle.UnpicklingError(f"global '{module}.{name}' is forbidden") |
| 664 | + |
| 665 | + |
662 | 666 | class Reference: |
663 | 667 | """ |
664 | 668 | A reference to a page that may be generated by page_word |
@@ -694,7 +698,7 @@ def decode(string): |
694 | 698 | Decode a reference encoded with Reference.encode |
695 | 699 | """ |
696 | 700 | string = base64.urlsafe_b64decode(string.encode()) |
697 | | - word, synset_relations = pickle.loads(string) |
| 701 | + word, synset_relations = RestrictedUnpickler(io.BytesIO(string)).load() |
698 | 702 | return Reference(word, synset_relations) |
699 | 703 |
|
700 | 704 | def toggle_synset_relation(self, synset, relation): |
@@ -794,7 +798,7 @@ def page_from_reference(href): |
794 | 798 | except KeyError: |
795 | 799 | pass |
796 | 800 | if not body: |
797 | | - body = "The word or words '%s' where not found in the dictionary." % word |
| 801 | + body = "The word or words '%s' were not found in the dictionary." % word |
798 | 802 | return body, word |
799 | 803 |
|
800 | 804 |
|
|
0 commit comments