From 239ef35e545ef6333c0b5dff6484659ffd62c9b0 Mon Sep 17 00:00:00 2001
From: Dimitri Papadopoulos
 <3234522+DimitriPapadopoulos@users.noreply.github.com>
Date: Sun, 17 Jul 2022 09:28:21 +0200
Subject: [PATCH 1/2] Merge the following four upstream commits required for
 CVE-2025-9375

- Merge `isinstance` calls (9c3ec3c)
- Apply ruff/pyupgrade rule UP031 (d4a50f5)
- Apply ruff/pyupgrade rule UP032 (3df6d23)
- Get rid of Python 2 basestring and unicode (#346) (5b1b511)
---
 ez_setup.py             |  7 +++----
 tests/test_xmltodict.py |  4 ++--
 xmltodict.py            | 39 ++++++++++++---------------------------
 3 files changed, 17 insertions(+), 33 deletions(-)

diff --git a/ez_setup.py b/ez_setup.py
index 800c31e..b5cc352 100644
--- a/ez_setup.py
+++ b/ez_setup.py
@@ -131,7 +131,7 @@ def archive_context(filename):
 
 def _do_download(version, download_base, to_dir, download_delay):
     """Download Setuptools."""
-    py_desig = 'py{sys.version_info[0]}.{sys.version_info[1]}'.format(sys=sys)
+    py_desig = f'py{sys.version_info[0]}.{sys.version_info[1]}'
     tp = 'setuptools-{version}-{py_desig}.egg'
     egg = os.path.join(to_dir, tp.format(**locals()))
     if not os.path.exists(egg):
@@ -245,8 +245,7 @@ def download_file_powershell(url, target):
     ps_cmd = (
         "[System.Net.WebRequest]::DefaultWebProxy.Credentials = "
         "[System.Net.CredentialCache]::DefaultCredentials; "
-        '(new-object System.Net.WebClient).DownloadFile("%(url)s", "%(target)s")'
-        % locals()
+        '(new-object System.Net.WebClient).DownloadFile("{url}", "{target}")'.format(**locals())
     )
     cmd = [
         'powershell',
@@ -346,7 +345,7 @@ def download_setuptools(
     """
     # making sure we use the absolute path
     to_dir = os.path.abspath(to_dir)
-    zip_name = "setuptools-%s.zip" % version
+    zip_name = f"setuptools-{version}.zip"
     url = download_base + zip_name
     saveto = os.path.join(to_dir, zip_name)
     if not os.path.exists(saveto):  # Avoid repeated downloads
diff --git a/tests/test_xmltodict.py b/tests/test_xmltodict.py
index 04137f9..aa7a1a4 100644
--- a/tests/test_xmltodict.py
+++ b/tests/test_xmltodict.py
@@ -168,14 +168,14 @@ class XMLToDictTestCase(unittest.TestCase):
         except NameError:
             value = chr(39321)
         self.assertEqual({'a': value},
-                         parse('<a>%s</a>' % value))
+                         parse(f'<a>{value}</a>'))
 
     def test_encoded_string(self):
         try:
             value = unichr(39321)
         except NameError:
             value = chr(39321)
-        xml = '<a>%s</a>' % value
+        xml = f'<a>{value}</a>'
         self.assertEqual(parse(xml),
                          parse(xml.encode('utf-8')))
 
diff --git a/xmltodict.py b/xmltodict.py
index ca760aa..a0ba0de 100755
--- a/xmltodict.py
+++ b/xmltodict.py
@@ -22,15 +22,6 @@ if tuple(map(int, platform.python_version_tuple()[:2])) < (3, 7):
 
 from inspect import isgenerator
 
-try:  # pragma no cover
-    _basestring = basestring
-except NameError:  # pragma no cover
-    _basestring = str
-try:  # pragma no cover
-    _unicode = unicode
-except NameError:  # pragma no cover
-    _unicode = str
-
 __author__ = 'Martin Blech'
 __version__ = '0.13.0'
 __license__ = 'MIT'
@@ -335,9 +326,8 @@ def parse(xml_input, encoding=None, expat=expat, process_namespaces=False,
     """
     handler = _DictSAXHandler(namespace_separator=namespace_separator,
                               **kwargs)
-    if isinstance(xml_input, _unicode):
-        if not encoding:
-            encoding = 'utf-8'
+    if isinstance(xml_input, str):
+        encoding = encoding or 'utf-8'
         xml_input = xml_input.encode(encoding)
     if not process_namespaces:
         namespace_separator = None
@@ -412,9 +402,7 @@ def _emit(key, value, content_handler,
         if result is None:
             return
         key, value = result
-    if (not hasattr(value, '__iter__')
-            or isinstance(value, _basestring)
-            or isinstance(value, dict)):
+    if not hasattr(value, '__iter__') or isinstance(value, (str, dict)):
         value = [value]
     for index, v in enumerate(value):
         if full_document and depth == 0 and index > 0:
@@ -422,16 +410,13 @@ def _emit(key, value, content_handler,
         if v is None:
             v = _dict()
         elif isinstance(v, bool):
-            if v:
-                v = _unicode('true')
-            else:
-                v = _unicode('false')
-        elif not isinstance(v, dict):
-            if expand_iter and hasattr(v, '__iter__') and not isinstance(v, _basestring):
+            v = 'true' if v else 'false'
+        elif not isinstance(v, (dict, str)):
+            if expand_iter and hasattr(v, '__iter__'):
                 v = _dict(((expand_iter, v),))
             else:
-                v = _unicode(v)
-        if isinstance(v, _basestring):
+                v = str(v)
+        if isinstance(v, str):
             v = _dict(((cdata_key, v),))
         cdata = None
         attrs = _dict()
@@ -445,11 +430,11 @@ def _emit(key, value, content_handler,
                                         attr_prefix)
                 if ik == '@xmlns' and isinstance(iv, dict):
                     for k, v in iv.items():
-                        attr = 'xmlns{}'.format(':{}'.format(k) if k else '')
-                        attrs[attr] = _unicode(v)
+                        attr = 'xmlns{}'.format(f':{k}' if k else '')
+                        attrs[attr] = str(v)
                     continue
-                if not isinstance(iv, _unicode):
-                    iv = _unicode(iv)
+                if not isinstance(iv, str):
+                    iv = str(iv)
                 attrs[ik[len(attr_prefix):]] = iv
                 continue
             children.append((ik, iv))
-- 
2.51.0