From 8d1bef4db2b04e0c840c4511babfabe922c1f166 Mon Sep 17 00:00:00 2001
From: Dpeta <jasprose@protonmail.com>
Date: Wed, 2 Nov 2022 20:34:38 +0100
Subject: [PATCH] Replaced unnecessary use of eval() in usermode icon function.
 Don't think this was possible to abuse, but it's probably better to avoid
 eval anyway since it's a potential security risk.

---
 memos.py | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/memos.py b/memos.py
index 30e8be5..6469f71 100644
--- a/memos.py
+++ b/memos.py
@@ -1510,13 +1510,17 @@ class PesterMemo(PesterConvo):
 
     def iconCrap(self, c, down=True):
         for m in self.umodes if down else reversed(self.umodes):
-            if eval("c." + m):
-                if m == "box":
-                    icon = PesterIcon("smilies/box.png")
-                else:
-                    icon = PesterIcon(self.mainwindow.theme["memos/" + m + "/icon"])
-                c.setIcon(icon)
-                return
+            # These if attr used to be an if eval("c." + m),
+            # better not to use eval() unnecessarily for security reasons though.
+            # Hopefully this works fine too.
+            if hasattr(c, str(m)):
+                if getattr(c, str(m)):
+                    if m == "box":
+                        icon = PesterIcon("smilies/box.png")
+                    else:
+                        icon = PesterIcon(self.mainwindow.theme[f"memos/{m}/icon"])
+                    c.setIcon(icon)
+                    return
         icon = QtGui.QIcon()
         c.setIcon(icon)