Use yaml.safe_load when reading a poll batch file

grnet · Jan 25, 2018 · 9d53c89 · 9d53c89
1 parent 6ddf87e
commit 9d53c89
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/zeus/views/poll.py b/zeus/views/poll.py
@@ -227,7 +227,7 @@ def _handle_batch(election, polls, vars, auto_link=False):
 def _add_batch(request, election):
     batch_file = request.FILES['batch_file']
     try:
-        data = yaml.load(batch_file)
+        data = yaml.safe_load(batch_file)
     except Exception:
         messages.error(request, _("Invalid batch file contents"))
         url = election_reverse(election, 'polls_list')