X-Git-Url: https://mudpy.org/gitweb?a=blobdiff_plain;f=lib%2Fmudpy%2Fdata.py;h=8386842c4d3ace3b97b9e6e54e662184b52902cb;hb=7e78772b5ba2efbb84710db0ecd540c9b745217a;hp=f254dc6dc67a057871f8f79870bd566dbea8a4f5;hpb=b30249dada13540bf31fcd8b442efa3802717626;p=mudpy.git

diff --git a/lib/mudpy/data.py b/lib/mudpy/data.py
index f254dc6..8386842 100644
--- a/lib/mudpy/data.py
+++ b/lib/mudpy/data.py
@@ -26,7 +26,7 @@ class DataFile:
         """Read a file and create elements accordingly."""
         self.modified = False
         try:
-            self.data = yaml.load(open(self.filename))
+            self.data = yaml.safe_load(open(self.filename))
         except FileNotFoundError:
             # it's normal if the file is one which doesn't exist yet
             log_entry = ("File %s is unavailable." % self.filename, 6)
@@ -100,6 +100,9 @@ class DataFile:
 
     def save(self):
         """Write the data, if necessary."""
+        normal_umask = 0o0022
+        private_umask = 0o0077
+        private_file_mode = 0o0600
 
         # when modified, writeable and has content or the file exists
         if self.modified and self.is_writeable() and (
@@ -108,7 +111,9 @@ class DataFile:
 
             # make parent directories if necessary
             if not os.path.exists(os.path.dirname(self.filename)):
+                old_umask = os.umask(normal_umask)
                 os.makedirs(os.path.dirname(self.filename))
+                os.umask(old_umask)
 
             # backup the file
             if "__control__" in self.data and "backup_count" in self.data[
@@ -144,17 +149,21 @@ class DataFile:
                     os.rename(self.filename, self.filename + ".0")
 
             # our data file
-            file_descriptor = open(self.filename, "w")
-
-            # if it's marked private, chmod it appropriately
-            if self.filename in self.universe.private_files and oct(
-               stat.S_IMODE(os.stat(self.filename)[stat.ST_MODE])
-               ) != 0o0600:
-                os.chmod(self.filename, 0o0600)
+            if self.filename in self.universe.private_files:
+                old_umask = os.umask(private_umask)
+                file_descriptor = open(self.filename, "w")
+                if oct(stat.S_IMODE(os.stat(
+                        self.filename)[stat.ST_MODE])) != private_file_mode:
+                    # if it's marked private, chmod it appropriately
+                    os.chmod(self.filename, private_file_mode)
+            else:
+                old_umask = os.umask(normal_umask)
+                file_descriptor = open(self.filename, "w")
+            os.umask(old_umask)
 
             # write and close the file
-            yaml.dump(self.data, allow_unicode=True, default_flow_style=False,
-                      stream=file_descriptor)
+            yaml.safe_dump(self.data, allow_unicode=True,
+                           default_flow_style=False, stream=file_descriptor)
             file_descriptor.close()
 
             # unset the modified flag