From 9d53c89e38486a26ddc9d0cf0a28af18ef18ad5c Mon Sep 17 00:00:00 2001
From: Dionysis Grigoropoulos <dgrig@erethon.com>
Date: Wed, 17 Jan 2018 20:24:03 +0200
Subject: [PATCH] Use yaml.safe_load when reading a poll batch file

---
 zeus/views/poll.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zeus/views/poll.py b/zeus/views/poll.py
index 382aae19c..9d052717e 100644
--- a/zeus/views/poll.py
+++ b/zeus/views/poll.py
@@ -227,7 +227,7 @@ def _handle_batch(election, polls, vars, auto_link=False):
 def _add_batch(request, election):
     batch_file = request.FILES['batch_file']
     try:
-        data = yaml.load(batch_file)
+        data = yaml.safe_load(batch_file)
     except Exception:
         messages.error(request, _("Invalid batch file contents"))
         url = election_reverse(election, 'polls_list')