mmarch/text-generation-webui
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request from GHSA-hv5m-3rp9-xcpf

Browse source 
* Remove eval of API input

* Remove unnecessary eval/exec for security

* Use ast.literal_eval

* Use ast.literal_eval

---------

Co-authored-by: oobabooga <112222186+oobabooga@users.noreply.github.com>
This commit is contained in:
Mikel Bober-Irizar 2023-04-16 05:36:50 +01:00 committed by GitHub
parent d2ea925fa5
commit 16a3a5b039
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 15 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/chat.py
View file

@ -1,3 +1,4 @@
import ast
import base64
import copy
import io
@ -81,7 +82,7 @@ def get_stopping_strings(state):
stopping_strings = [f"\n{state['name1']}", f"\n{state['name2']}"]
else:
stopping_strings = [f"\n{state['name1']}:", f"\n{state['name2']}:"]
stopping_strings += eval(f"[{state['custom_stopping_strings']}]")
stopping_strings += ast.literal_eval(f"[{state['custom_stopping_strings']}]")
return stopping_strings
@ -525,4 +526,4 @@ def upload_your_profile_picture(img, name1, name2, mode):
img.save(Path('cache/pfp_me.png'))
print('Profile picture saved to "cache/pfp_me.png"')
return chat_html_wrapper(shared.history['visible'], name1, name2, mode, reset_cache=True)
return chat_html_wrapper(shared.history['visible'], name1, name2, mode, reset_cache=True)