python-PyMySQL/CVE-2024-36039.patch

From 521e40050cb386a499f68f483fefd144c493053c Mon Sep 17 00:00:00 2001
From: Inada Naoki <songofacandy@gmail.com>
Date: Sat, 18 May 2024 11:33:30 +0900
Subject: [PATCH] forbid dict parameter

---
 pymysql/converters.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/pymysql/converters.py b/pymysql/converters.py
index 1adac75..dbf97ca 100644
--- a/pymysql/converters.py
+++ b/pymysql/converters.py
@@ -27,11 +27,7 @@ def escape_item(val, charset, mapping=None):
 
 
 def escape_dict(val, charset, mapping=None):
-    n = {}
-    for k, v in val.items():
-        quoted = escape_item(v, charset, mapping)
-        n[k] = quoted
-    return n
+    raise TypeError("dict can not be used as parameter")
 
 
 def escape_sequence(val, charset, mapping=None):
-- 
2.41.0
Fix CVE-2024-36039 (cherry picked from commit 4fc6700836e1eeb14a1f4c7455a3e83bee2239fb) 2024-05-23 10:17:26 +08:00			`From 521e40050cb386a499f68f483fefd144c493053c Mon Sep 17 00:00:00 2001`
			`From: Inada Naoki <songofacandy@gmail.com>`
			`Date: Sat, 18 May 2024 11:33:30 +0900`
			`Subject: [PATCH] forbid dict parameter`

			`---`
			`pymysql/converters.py \| 6 +-----`
			`1 file changed, 1 insertion(+), 5 deletions(-)`

			`diff --git a/pymysql/converters.py b/pymysql/converters.py`
			`index 1adac75..dbf97ca 100644`
			`--- a/pymysql/converters.py`
			`+++ b/pymysql/converters.py`
			`@@ -27,11 +27,7 @@ def escape_item(val, charset, mapping=None):`


			`def escape_dict(val, charset, mapping=None):`
			`- n = {}`
			`- for k, v in val.items():`
			`- quoted = escape_item(v, charset, mapping)`
			`- n[k] = quoted`
			`- return n`
			`+ raise TypeError("dict can not be used as parameter")`


			`def escape_sequence(val, charset, mapping=None):`
			`--`
			`2.41.0`