From bb80192f1c4f40ee51d98bb642eecfc3ac3eb13c Mon Sep 17 00:00:00 2001
From: SaadYousaf <saadyousaf@A006-00314.local>
Date: Tue, 3 Aug 2021 09:39:12 +0500
Subject: [PATCH] fix: update lxml parser for celery tasks to be more secure

---
 cms/celery.py | 6 +++++-
 lms/celery.py | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/cms/celery.py b/cms/celery.py
index 293121bcf2..88f38e5b1f 100644
--- a/cms/celery.py
+++ b/cms/celery.py
@@ -5,9 +5,13 @@ and auto discover tasks in all installed django apps.
 Taken from: https://celery.readthedocs.org/en/latest/django/first-steps-with-django.html
 """
 
-
 import os
 
+# Patch the xml libs before anything else.
+from safe_lxml import defuse_xml_libs
+
+defuse_xml_libs()
+
 
 # Set the default Django settings module for the 'celery' program
 # and then instantiate the Celery singleton.
diff --git a/lms/celery.py b/lms/celery.py
index 808df030ef..2ca97de3c6 100644
--- a/lms/celery.py
+++ b/lms/celery.py
@@ -7,6 +7,11 @@ Taken from: https://celery.readthedocs.org/en/latest/django/first-steps-with-dja
 
 import os
 
+# Patch the xml libs before anything else.
+from safe_lxml import defuse_xml_libs
+
+defuse_xml_libs()
+
 
 # Set the default Django settings module for the 'celery' program
 # and then instantiate the Celery singleton.