Update Jinja2 (Python template library) to 2.7.1

third_party/jinja2/sandbox.py

 # -*- coding: utf-8 -*-
 """
     jinja2.sandbox
     ~~~~~~~~~~~~~~
 
     Adds a sandbox layer to Jinja as it was the default behavior in the old
     Jinja 1 releases.  This sandbox is slightly different from Jinja 1 as the
     default behavior is easier to use.
 
     The behavior can be changed by subclassing the environment.
 
     :copyright: (c) 2010 by the Jinja Team.
     :license: BSD.
 """
 import operator
 from jinja2.environment import Environment
 from jinja2.exceptions import SecurityError
-from jinja2.utils import FunctionType, MethodType, TracebackType, CodeType, \
-     FrameType, GeneratorType
+from jinja2._compat import string_types, function_type, method_type, \
+     traceback_type, code_type, frame_type, generator_type, PY2
 
 
 #: maximum number of items a range may produce
 MAX_RANGE = 100000
 
 #: attributes of function objects that are considered unsafe.
 UNSAFE_FUNCTION_ATTRIBUTES = set(['func_closure', 'func_code', 'func_dict',
                                   'func_defaults', 'func_globals'])
 
 #: unsafe method attributes.  function attributes are unsafe for methods too
 UNSAFE_METHOD_ATTRIBUTES = set(['im_class', 'im_func', 'im_self'])
 
+#: unsafe generator attirbutes.
+UNSAFE_GENERATOR_ATTRIBUTES = set(['gi_frame', 'gi_code'])
+
+# On versions > python 2 the special attributes on functions are gone,
+# but they remain on methods and generators for whatever reason.
+if not PY2:
+    UNSAFE_FUNCTION_ATTRIBUTES = set()
 
 import warnings
 
 # make sure we don't warn in python 2.6 about stuff we don't care about
 warnings.filterwarnings('ignore', 'the sets module', DeprecationWarning,
                         module='jinja2.sandbox')
 
 from collections import deque
 
 _mutable_set_types = (set,)
@@ skipping 41 matching lines @@
         'append', 'appendleft', 'clear', 'extend', 'extendleft', 'pop',
         'popleft', 'remove', 'rotate'
     ]))
 )
 
 
 def safe_range(*args):
     """A range that can't generate ranges with a length of more than
     MAX_RANGE items.
     """
-    rng = xrange(*args)
+    rng = range(*args)
     if len(rng) > MAX_RANGE:
         raise OverflowError('range too big, maximum size for range is %d' %
                             MAX_RANGE)
     return rng
 
 
 def unsafe(f):
     """Marks a function or method as unsafe.
 
     ::
 
         @unsafe
         def delete(self):
             pass
     """
     f.unsafe_callable = True
     return f
 
 
 def is_internal_attribute(obj, attr):
     """Test if the attribute given is an internal python attribute.  For
     example this function returns `True` for the `func_code` attribute of
     python objects.  This is useful if the environment method
-    :meth:`~SandboxedEnvironment.is_safe_attribute` is overriden.
+    :meth:`~SandboxedEnvironment.is_safe_attribute` is overridden.
 
     >>> from jinja2.sandbox import is_internal_attribute
     >>> is_internal_attribute(lambda: None, "func_code")
     True
     >>> is_internal_attribute((lambda x:x).func_code, 'co_code')
     True
     >>> is_internal_attribute(str, "upper")
     False
     """
-    if isinstance(obj, FunctionType):
+    if isinstance(obj, function_type):
         if attr in UNSAFE_FUNCTION_ATTRIBUTES:
             return True
-    elif isinstance(obj, MethodType):
+    elif isinstance(obj, method_type):
         if attr in UNSAFE_FUNCTION_ATTRIBUTES or \
            attr in UNSAFE_METHOD_ATTRIBUTES:
             return True
     elif isinstance(obj, type):
         if attr == 'mro':
             return True
-    elif isinstance(obj, (CodeType, TracebackType, FrameType)):
+    elif isinstance(obj, (code_type, traceback_type, frame_type)):
         return True
-    elif isinstance(obj, GeneratorType):
-        if attr == 'gi_frame':
+    elif isinstance(obj, generator_type):
+        if attr in UNSAFE_GENERATOR_ATTRIBUTES:
             return True
     return attr.startswith('__')
 
 
 def modifies_known_mutable(obj, attr):
     """This function checks if an attribute on a builtin mutable object
     (list, dict, set or deque) would modify it if called.  It also supports
     the "user"-versions of the objects (`sets.Set`, `UserDict.*` etc.) and
     with Python 2.6 onwards the abstract base classes `MutableSet`,
     `MutableMapping`, and `MutableSequence`.
@@ skipping 141 matching lines @@
 
         .. versionadded:: 2.6
         """
         return self.unop_table[operator](arg)
 
     def getitem(self, obj, argument):
         """Subscribe an object from sandboxed code."""
         try:
             return obj[argument]
         except (TypeError, LookupError):
-            if isinstance(argument, basestring):
+            if isinstance(argument, string_types):
                 try:
                     attr = str(argument)
                 except Exception:
                     pass
                 else:
                     try:
                         value = getattr(obj, attr)
                     except AttributeError:
                         pass
                     else:
@@ skipping 39 matching lines @@
 class ImmutableSandboxedEnvironment(SandboxedEnvironment):
     """Works exactly like the regular `SandboxedEnvironment` but does not
     permit modifications on the builtin mutable objects `list`, `set`, and
     `dict` by using the :func:`modifies_known_mutable` function.
     """
 
     def is_safe_attribute(self, obj, attr, value):
         if not SandboxedEnvironment.is_safe_attribute(self, obj, attr, value):
             return False
         return not modifies_known_mutable(obj, attr)