From 1880336bb4dedf2261d8902070ee3f143718c8e4 Mon Sep 17 00:00:00 2001
From: Joe Wreschnig <joe.wreschnig@gmail.com>
Date: Sun, 10 Jun 2012 10:42:21 +0200
Subject: [PATCH] Reject all expressions with __ in them.

---
 bulletml/expr.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bulletml/expr.py b/bulletml/expr.py
index 385b31b..c7d4098 100644
--- a/bulletml/expr.py
+++ b/bulletml/expr.py
@@ -38,6 +38,12 @@ class NumberDef(object):
             expr = expr.string
         except AttributeError:
             pass
+        try:
+            if "__" in expr:
+                # nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
+                raise ExprError(expr)
+        except TypeError:
+            pass
         self.string = expr = str(expr)
         repl = lambda match: "params[%d]" % (int(match.group()[1:]) - 1)
         expr = re.sub(r"\$\d+", repl, expr.lower())
-- 
2.20.1