Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #233 from edx/TNL-8593/security-fix

Browse Source 
fix: update lxml parser for celery tasks to be more secure
This commit is contained in:
Saad Yousaf
2021-08-11 14:07:28 +05:00
committed by GitHub
parent 6d0b8ee7a5 bb80192f1c
commit 933edd27e5
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cms/celery.py
View File

@@ -5,9 +5,13 @@ and auto discover tasks in all installed django apps.
Taken from: https://celery.readthedocs.org/en/latest/django/first-steps-with-django.html
"""
import os
# Patch the xml libs before anything else.
from safe_lxml import defuse_xml_libs
defuse_xml_libs()
# Set the default Django settings module for the 'celery' program
# and then instantiate the Celery singleton.

5
lms/celery.py
View File

@@ -7,6 +7,11 @@ Taken from: https://celery.readthedocs.org/en/latest/django/first-steps-with-dja
import os
# Patch the xml libs before anything else.
from safe_lxml import defuse_xml_libs
defuse_xml_libs()
# Set the default Django settings module for the 'celery' program
# and then instantiate the Celery singleton.