From 34f280d0945ce4a969463db4f23e498212a44d68 Mon Sep 17 00:00:00 2001
From: wmayer <wmayer@users.sourceforge.net>
Date: Sat, 11 May 2019 12:50:36 +0200
Subject: [PATCH] replace insecure use of eval() with proper use of units

---
 src/Mod/Image/ImageTools/_CommandImageScaling.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/Mod/Image/ImageTools/_CommandImageScaling.py b/src/Mod/Image/ImageTools/_CommandImageScaling.py
index c407229e4a..09fd943e2b 100644
--- a/src/Mod/Image/ImageTools/_CommandImageScaling.py
+++ b/src/Mod/Image/ImageTools/_CommandImageScaling.py
@@ -138,11 +138,13 @@ def cmdCreateImageScaling(name):
         def accept(self):
             sel = FreeCADGui.Selection.getSelection()
             try:
-                locale=QtCore.QLocale.system()
-                #d, ok = locale.toFloat(str(eval(self.lineEdit.text())))
                 try:
-                    d = float(str(eval(self.lineEdit.text().replace(',','.'))))
-                    ok = True
+                    q = FreeCAD.Units.parseQuantity(self.lineEdit.text())
+                    d = q.Value
+                    if q.Unit == FreeCAD.Units.Unit(): # plain number
+                        ok = True
+                    elif q.Unit == FreeCAD.Units.Length:
+                        ok = True
                 except:
                     ok = False
                 if not ok: