[ocrfeeder] Do not use exec to load a DataBox

[Joaquim Rocha <jrocha src gnome org>]

commit a9c34e1634d960bfd0833d878cb48e23ddc225cb
Author: Joaquim Rocha <me joaquimrocha com>
Date:   Tue Jan 7 23:42:23 2020 +0100

    Do not use exec to load a DataBox
    
    There is no need for using exec when loading a DataBox from a project
    save file and it could have security implications. So this patch
    refactors the code to not use exec.

 src/ocrfeeder/studio/project.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)
---
diff --git a/src/ocrfeeder/studio/project.py b/src/ocrfeeder/studio/project.py
index d091a07..edff930 100644
--- a/src/ocrfeeder/studio/project.py
+++ b/src/ocrfeeder/studio/project.py
@@ -135,7 +135,7 @@ class ProjectLoader:
             debug('Page Data: %s' % page_data)
             data_boxes = []
             for data_box in page_data['data_boxes']:
-                args = []
+                args = {}
                 # text variable is to avoid problems with
                 # escaping characters
                 text = ''
@@ -143,13 +143,12 @@ class ProjectLoader:
                     if var_name == 'text':
                         text = value
                         continue
-                    real_value = '"""%s"""' % re.escape(value)
                     try:
                         real_value = int(value)
                     except ValueError:
-                        pass
-                    args.append('%s = %s' % (var_name, real_value))
-                exec('box = DataBox(%s)' % ', '.join(args))
+                        real_value = value
+                    args[var_name] = real_value
+                box = DataBox(**args)
                 box.text = text
                 data_boxes.append(box)
             image_path = page_data['image_path']