From 6b6d8a94d0763a8c8d3ed8ecb1b21a1d25712ec3 Mon Sep 17 00:00:00 2001
From: Ned Batchelder <ned@nedbatchelder.com>
Date: Fri, 1 Feb 2013 10:50:01 -0500
Subject: [PATCH] Don't use PyYAML's .load() for reading YAML, use .safe_load()
 to avoid security problems.

---
 common/lib/xmodule/xmodule/x_module.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/lib/xmodule/xmodule/x_module.py b/common/lib/xmodule/xmodule/x_module.py
index 84b2dd4fbb..5387a9b083 100644
--- a/common/lib/xmodule/xmodule/x_module.py
+++ b/common/lib/xmodule/xmodule/x_module.py
@@ -406,7 +406,7 @@ class ResourceTemplates(object):
                 log.warning("Skipping unknown template file %s" % template_file)
                 continue
             template_content = resource_string(__name__, os.path.join(dirname, template_file))
-            template = yaml.load(template_content)
+            template = yaml.safe_load(template_content)
             templates.append(Template(**template))
 
         return templates