p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed #33287 -- Made GeoJSON serializer use json.loads() instead of eval(). 

Thanks David Wyde for the report.
This commit is contained in:
Maxim Piskunov 2021-11-14 17:04:20 +03:00 committed by Mariusz Felisiak
parent 76f07b4fcf
commit 12fe3224f5
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
django/contrib/gis/serializers/geojson.py
View File

@ -1,3 +1,5 @@
import json
from django.contrib.gis.gdal import CoordTransform, SpatialReference
from django.core.serializers.base import SerializerDoesNotExist
from django.core.serializers.json import Serializer as JSONSerializer
@ -50,7 +52,7 @@ class Serializer(JSONSerializer):
srs = SpatialReference(self.srid)
self._cts[self._geometry.srid] = CoordTransform(self._geometry.srs, srs)
self._geometry.transform(self._cts[self._geometry.srid])
data["geometry"] = eval(self._geometry.geojson)
data["geometry"] = json.loads(self._geometry.geojson)
else:
data["geometry"] = None
return data