- Issue python#16248: Disable code execution from the user's home directory by

warsaw · warsaw · commit f25d95732cc0 · 2013-02-20T18:19:55.000-05:00
tkinter when the -E flag is passed to Python.  Patch by Zachary Ware.
diff --git a/Lib/lib-tk/Tkinter.py b/Lib/lib-tk/Tkinter.py
@@ -1643,7 +1643,9 @@ def __init__(self, screenName=None, baseName=None, className='Tk',
         self.tk = _tkinter.create(screenName, baseName, className, interactive, wantobjects, useTk, sync, use)
         if useTk:
             self._loadtk()
-        self.readprofile(baseName, className)
+        if not sys.flags.ignore_environment:
+            # Issue #16248: Honor the -E flag to avoid code injection.
+            self.readprofile(baseName, className)
     def loadtk(self):
         if not self._tkloaded:
             self.tk.loadtk()
diff --git a/Misc/NEWS b/Misc/NEWS
@@ -13,6 +13,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #16248: Disable code execution from the user's home directory by
+  tkinter when the -E flag is passed to Python.  Patch by Zachary Ware.
+
 
 What's New in Python 2.6.8?
 ===========================
