Replaced unnecessary use of eval() in usermode icon function.

Don't think this was possible to abuse, but it's probably better to avoid eval anyway since it's a potential security risk.
2022-11-02 20:34:38 +01:00 · 2022-11-02 20:34:38 +01:00 · 8d1bef4db2
commit 8d1bef4db2
parent 5cbf2eb917
1 changed files with 11 additions and 7 deletions
--- a/memos.py
+++ b/memos.py
@ -1510,13 +1510,17 @@ class PesterMemo(PesterConvo):

    def iconCrap(self, c, down=True):
        for m in self.umodes if down else reversed(self.umodes):
-            if eval("c." + m):
-                if m == "box":
-                    icon = PesterIcon("smilies/box.png")
-                else:
-                    icon = PesterIcon(self.mainwindow.theme["memos/" + m + "/icon"])
-                c.setIcon(icon)
-                return
+            # These if attr used to be an if eval("c." + m),
+            # better not to use eval() unnecessarily for security reasons though.
+            # Hopefully this works fine too.
+            if hasattr(c, str(m)):
+                if getattr(c, str(m)):
+                    if m == "box":
+                        icon = PesterIcon("smilies/box.png")
+                    else:
+                        icon = PesterIcon(self.mainwindow.theme[f"memos/{m}/icon"])
+                    c.setIcon(icon)
+                    return
        icon = QtGui.QIcon()
        c.setIcon(icon)