diff options
Diffstat (limited to 'Lib/SimpleXMLRPCServer.py')
| -rw-r--r-- | Lib/SimpleXMLRPCServer.py | 34 | 
1 files changed, 31 insertions, 3 deletions
| diff --git a/Lib/SimpleXMLRPCServer.py b/Lib/SimpleXMLRPCServer.py index 1d4f00f2e3..0846a68ce6 100644 --- a/Lib/SimpleXMLRPCServer.py +++ b/Lib/SimpleXMLRPCServer.py @@ -247,10 +247,10 @@ class SimpleXMLRPCDispatcher:          of changing method dispatch behavior.          """ -        params, method = xmlrpclib.loads(data) - -        # generate response          try: +            params, method = xmlrpclib.loads(data) + +            # generate response              if dispatch_method is not None:                  response = dispatch_method(method, params)              else: @@ -423,6 +423,17 @@ class SimpleXMLRPCRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):      XML-RPC requests.      """ +    # Class attribute listing the accessible path components; +    # paths not on this list will result in a 404 error. +    rpc_paths = ('/', '/RPC2') + +    def is_rpc_path_valid(self): +        if self.rpc_paths: +            return self.path in self.rpc_paths +        else: +            # If .rpc_paths is empty, just assume all paths are legal +            return True +      def do_POST(self):          """Handles the HTTP POST request. @@ -430,6 +441,11 @@ class SimpleXMLRPCRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):          which are forwarded to the server's _dispatch method for handling.          """ +        # Check that the path is legal +        if not self.is_rpc_path_valid(): +            self.report_404() +            return +          try:              # Get arguments by reading body of request.              # We read this in chunks to avoid straining @@ -468,6 +484,18 @@ class SimpleXMLRPCRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):              self.wfile.flush()              self.connection.shutdown(1) +    def report_404 (self): +            # Report a 404 error +        self.send_response(404) +        response = 'No such page' +        self.send_header("Content-type", "text/plain") +        self.send_header("Content-length", str(len(response))) +        self.end_headers() +        self.wfile.write(response) +        # shut down the connection +        self.wfile.flush() +        self.connection.shutdown(1) +      def log_request(self, code='-', size='-'):          """Selectively log an accepted request.""" | 
