diff options
-rw-r--r-- | lang/python/Makefile | 1 | ||||
-rw-r--r-- | lang/python/files/patch-Lib::SimpleXMLRPCServer.py | 125 | ||||
-rw-r--r-- | lang/python24/Makefile | 1 | ||||
-rw-r--r-- | lang/python24/files/patch-Lib::SimpleXMLRPCServer.py | 125 |
4 files changed, 252 insertions, 0 deletions
diff --git a/lang/python/Makefile b/lang/python/Makefile index 0fafbcb85066..8cbd19756eb4 100644 --- a/lang/python/Makefile +++ b/lang/python/Makefile @@ -7,6 +7,7 @@ PORTNAME= python PORTVERSION= 2.4 +PORTREVISION= 1 CATEGORIES= lang python ipv6 MASTER_SITES= ${PYTHON_MASTER_SITES} MASTER_SITE_SUBDIR= ${PYTHON_MASTER_SITE_SUBDIR} diff --git a/lang/python/files/patch-Lib::SimpleXMLRPCServer.py b/lang/python/files/patch-Lib::SimpleXMLRPCServer.py new file mode 100644 index 000000000000..54b8b4523f4e --- /dev/null +++ b/lang/python/files/patch-Lib::SimpleXMLRPCServer.py @@ -0,0 +1,125 @@ +Index: Lib/SimpleXMLRPCServer.py +=================================================================== +RCS file: /cvsroot/python/python/dist/src/Lib/SimpleXMLRPCServer.py,v +retrieving revision 1.7.8.1 +diff -c -r1.7.8.1 SimpleXMLRPCServer.py +*** Lib/SimpleXMLRPCServer.py 3 Oct 2004 23:23:00 -0000 1.7.8.1 +--- Lib/SimpleXMLRPCServer.py 3 Feb 2005 05:33:55 -0000 +*************** +*** 107,120 **** + import types + import os + +! def resolve_dotted_attribute(obj, attr): + """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d + + Resolves a dotted attribute name to an object. Raises + an AttributeError if any attribute in the chain starts with a '_'. + """ + +! for i in attr.split('.'): + if i.startswith('_'): + raise AttributeError( + 'attempt to access private attribute "%s"' % i +--- 107,128 ---- + import types + import os + +! def resolve_dotted_attribute(obj, attr, allow_dotted_names=True): + """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d + + Resolves a dotted attribute name to an object. Raises + an AttributeError if any attribute in the chain starts with a '_'. ++ ++ If the optional allow_dotted_names argument is false, dots are not ++ supported and this function operates similar to getattr(obj, attr). + """ + +! if allow_dotted_names: +! attrs = attr.split('.') +! else: +! attrs = [attr] +! +! for i in attrs: + if i.startswith('_'): + raise AttributeError( + 'attempt to access private attribute "%s"' % i +*************** +*** 156,162 **** + self.funcs = {} + self.instance = None + +! def register_instance(self, instance): + """Registers an instance to respond to XML-RPC requests. + + Only one instance can be installed at a time. +--- 164,170 ---- + self.funcs = {} + self.instance = None + +! def register_instance(self, instance, allow_dotted_names=False): + """Registers an instance to respond to XML-RPC requests. + + Only one instance can be installed at a time. +*************** +*** 174,182 **** +--- 182,204 ---- + + If a registered function matches a XML-RPC request, then it + will be called instead of the registered instance. ++ ++ If the optional allow_dotted_names argument is true and the ++ instance does not have a _dispatch method, method names ++ containing dots are supported and resolved, as long as none of ++ the name segments start with an '_'. ++ ++ *** SECURITY WARNING: *** ++ ++ Enabling the allow_dotted_names options allows intruders ++ to access your module's global variables and may allow ++ intruders to execute arbitrary code on your machine. Only ++ use this option on a secure, closed network. ++ + """ + + self.instance = instance ++ self.allow_dotted_names = allow_dotted_names + + def register_function(self, function, name = None): + """Registers a function to respond to XML-RPC requests. +*************** +*** 295,301 **** + try: + method = resolve_dotted_attribute( + self.instance, +! method_name + ) + except AttributeError: + pass +--- 317,324 ---- + try: + method = resolve_dotted_attribute( + self.instance, +! method_name, +! self.allow_dotted_names + ) + except AttributeError: + pass +*************** +*** 374,380 **** + try: + func = resolve_dotted_attribute( + self.instance, +! method + ) + except AttributeError: + pass +--- 397,404 ---- + try: + func = resolve_dotted_attribute( + self.instance, +! method, +! self.allow_dotted_names + ) + except AttributeError: + pass diff --git a/lang/python24/Makefile b/lang/python24/Makefile index 0fafbcb85066..8cbd19756eb4 100644 --- a/lang/python24/Makefile +++ b/lang/python24/Makefile @@ -7,6 +7,7 @@ PORTNAME= python PORTVERSION= 2.4 +PORTREVISION= 1 CATEGORIES= lang python ipv6 MASTER_SITES= ${PYTHON_MASTER_SITES} MASTER_SITE_SUBDIR= ${PYTHON_MASTER_SITE_SUBDIR} diff --git a/lang/python24/files/patch-Lib::SimpleXMLRPCServer.py b/lang/python24/files/patch-Lib::SimpleXMLRPCServer.py new file mode 100644 index 000000000000..54b8b4523f4e --- /dev/null +++ b/lang/python24/files/patch-Lib::SimpleXMLRPCServer.py @@ -0,0 +1,125 @@ +Index: Lib/SimpleXMLRPCServer.py +=================================================================== +RCS file: /cvsroot/python/python/dist/src/Lib/SimpleXMLRPCServer.py,v +retrieving revision 1.7.8.1 +diff -c -r1.7.8.1 SimpleXMLRPCServer.py +*** Lib/SimpleXMLRPCServer.py 3 Oct 2004 23:23:00 -0000 1.7.8.1 +--- Lib/SimpleXMLRPCServer.py 3 Feb 2005 05:33:55 -0000 +*************** +*** 107,120 **** + import types + import os + +! def resolve_dotted_attribute(obj, attr): + """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d + + Resolves a dotted attribute name to an object. Raises + an AttributeError if any attribute in the chain starts with a '_'. + """ + +! for i in attr.split('.'): + if i.startswith('_'): + raise AttributeError( + 'attempt to access private attribute "%s"' % i +--- 107,128 ---- + import types + import os + +! def resolve_dotted_attribute(obj, attr, allow_dotted_names=True): + """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d + + Resolves a dotted attribute name to an object. Raises + an AttributeError if any attribute in the chain starts with a '_'. ++ ++ If the optional allow_dotted_names argument is false, dots are not ++ supported and this function operates similar to getattr(obj, attr). + """ + +! if allow_dotted_names: +! attrs = attr.split('.') +! else: +! attrs = [attr] +! +! for i in attrs: + if i.startswith('_'): + raise AttributeError( + 'attempt to access private attribute "%s"' % i +*************** +*** 156,162 **** + self.funcs = {} + self.instance = None + +! def register_instance(self, instance): + """Registers an instance to respond to XML-RPC requests. + + Only one instance can be installed at a time. +--- 164,170 ---- + self.funcs = {} + self.instance = None + +! def register_instance(self, instance, allow_dotted_names=False): + """Registers an instance to respond to XML-RPC requests. + + Only one instance can be installed at a time. +*************** +*** 174,182 **** +--- 182,204 ---- + + If a registered function matches a XML-RPC request, then it + will be called instead of the registered instance. ++ ++ If the optional allow_dotted_names argument is true and the ++ instance does not have a _dispatch method, method names ++ containing dots are supported and resolved, as long as none of ++ the name segments start with an '_'. ++ ++ *** SECURITY WARNING: *** ++ ++ Enabling the allow_dotted_names options allows intruders ++ to access your module's global variables and may allow ++ intruders to execute arbitrary code on your machine. Only ++ use this option on a secure, closed network. ++ + """ + + self.instance = instance ++ self.allow_dotted_names = allow_dotted_names + + def register_function(self, function, name = None): + """Registers a function to respond to XML-RPC requests. +*************** +*** 295,301 **** + try: + method = resolve_dotted_attribute( + self.instance, +! method_name + ) + except AttributeError: + pass +--- 317,324 ---- + try: + method = resolve_dotted_attribute( + self.instance, +! method_name, +! self.allow_dotted_names + ) + except AttributeError: + pass +*************** +*** 374,380 **** + try: + func = resolve_dotted_attribute( + self.instance, +! method + ) + except AttributeError: + pass +--- 397,404 ---- + try: + func = resolve_dotted_attribute( + self.instance, +! method, +! self.allow_dotted_names + ) + except AttributeError: + pass |