lang/python22-pth/patches/patch-an


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

$NetBSD: patch-an,v 1.1.2.1 2005/02/16 14:00:08 salo Exp $

--- Lib/SimpleXMLRPCServer.py.orig	2001-09-29 06:54:33.000000000 +0200
+++ Lib/SimpleXMLRPCServer.py
@@ -161,7 +161,8 @@ class SimpleXMLRPCRequestHandler(BaseHTT
                     try:
                         func = _resolve_dotted_attribute(
                             self.server.instance,
-                            method
+                            method,
+                            self.allow_dotted_names
                             )
                     except AttributeError:
                         pass
@@ -178,11 +179,20 @@ class SimpleXMLRPCRequestHandler(BaseHTT
             BaseHTTPServer.BaseHTTPRequestHandler.log_request(self, code, size)
 
 
-def _resolve_dotted_attribute(obj, attr):
+def _resolve_dotted_attribute(obj, attr, allow_dotted_names=True):
     """Resolves a dotted attribute name to an object.  Raises
     an AttributeError if any attribute in the chain starts with a '_'.
+
+    If the optional allow_dotted_names argument is false, dots are not
+    supported and this function operates similar to getattr(obj, attr).
     """
-    for i in attr.split('.'):
+
+    if allow_dotted_names:
+        attrs = attr.split('.')
+    else:
+        attrs = [attr]
+
+    for i in attrs:
         if i.startswith('_'):
             raise AttributeError(
                 'attempt to access private attribute "%s"' % i
@@ -206,7 +216,7 @@ class SimpleXMLRPCServer(SocketServer.TC
         self.instance = None
         SocketServer.TCPServer.__init__(self, addr, requestHandler)
 
-    def register_instance(self, instance):
+    def register_instance(self, instance, allow_dotted_names=False):
         """Registers an instance to respond to XML-RPC requests.
 
         Only one instance can be installed at a time.
@@ -225,9 +235,23 @@ class SimpleXMLRPCServer(SocketServer.TC
 
         If a registered function matches a XML-RPC request, then it
         will be called instead of the registered instance.
+
+        If the optional allow_dotted_names argument is true and the
+        instance does not have a _dispatch method, method names
+        containing dots are supported and resolved, as long as none of
+        the name segments start with an '_'.
+
+            *** SECURITY WARNING: ***
+
+            Enabling the allow_dotted_names options allows intruders
+            to access your module's global variables and may allow
+            intruders to execute arbitrary code on your machine.  Only
+            use this option on a secure, closed network.
+
         """
 
         self.instance = instance
+        self.allow_dotted_names = allow_dotted_names
 
     def register_function(self, function, name = None):
         """Registers a function to respond to XML-RPC requests.