fix: Use safe_eval instead eval

2021-05-18 13:42:14 +05:30 · 2021-05-18 13:42:14 +05:30 · 355a9e7e7b
commit 355a9e7e7b
parent 807070282c
1 changed files with 1 additions and 1 deletions
--- a/frappe/sessions.py
+++ b/frappe/sessions.py
@ -313,7 +313,7 @@ class Session:
 			""", (self.sid, get_expiry_period_for_query(self.device)))

 		if rec:
-			data = frappe._dict(eval(rec and rec[0][1] or '{}'))
+			data = frappe._dict(frappe.safe_eval(rec and rec[0][1] or '{}'))
 			data.user = rec[0][0]
 		else:
 			self._delete_session()