Use literal_eval instead of eval

2011-07-25 03:40:59 -04:00
parent bcb61c3ca3
commit 5e4bb41f07
1 changed files with 4 additions and 2 deletions
--- a/apps/sources/managers.py
+++ b/apps/sources/managers.py
@@ -1,3 +1,5 @@
+from ast import literal_eval
+
 from django.db import models
 from django.contrib.contenttypes.models import ContentType

@@ -15,10 +17,10 @@ class SourceTransformationManager(models.Manager):
                transformations.append(
                    {
                        'transformation': transformation['transformation'],
-                        'arguments': eval(transformation['arguments'], {})
+                        'arguments': literal_eval(transformation['arguments'].strip())
                    }
                )
-            except Exception, e:
+            except (ValueError, SyntaxError), e:
                warnings.append(e)
        
        return transformations, warnings