quetz-mod_python-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Graham Dumpleton (JIRA)" <j...@apache.org>
Subject [jira] Updated: (MODPYTHON-5) Bug in setting interpreter name with PythonInterpPerDirectory.
Date Sun, 05 Mar 2006 02:46:41 GMT
     [ http://issues.apache.org/jira/browse/MODPYTHON-5?page=all ]

Graham Dumpleton updated MODPYTHON-5:
-------------------------------------

    Fix Version: 3.2.7
                     (was: 3.1.3)
    Description: 
The code in this case is in select_interp_name() and it too is wrong, although
it has a couple of problems and gives slightly undesirable results on UNIX
platforms as well in certain cirsumstances.

Consider a publisher based content handler containing:

  def index(req):
    return req.interpreter

If you do not have the PythonInterPerDirectory diective turned on, accessing
that page will generate the virtual/actual host of the web server. Eg.

  grumpy.company.com

If you turn on the PythonInterpPerDirectory and access the page explicitly
as for example:

  http://localhost:8080/~grahamd/publisher/index.py

You get something like:

  /Users/grahamd/Sites/publisher/

The trailing slash "/" is put there by the select_interp_name() function. If this
were on Win32, you probably end up with:

  /Users/grahamd/Sites/publisher\

Now, if the actual directory is accessed instead and the automagic mapping to
the index() method in the file is relied upon, ie., request as:

  http://localhost:8080/~grahamd/publisher

You first get redirected to:

  http://localhost:8080/~grahamd/publisher/

and the result you get back is:

  /Users/grahamd/Sites/publisher//

Again, the final trailing '/' is put there by select_interp_name(). On Win32, this is
thus likely to be:

  /Users/grahamd/Sites/publisher/\

In summary, there are two problems here.

First is that on Win32 it is most likely going to use '\' even though rest of the path
uses POSIX naming style.

Second is that the code doesn't check to see if there already is a trailing slash with
the result that although access to the directory and the file should result in the
same interpreter name, it doesn't.

This latter problem means that the same index() method can get executed within
the context of two different interpreters dependent on which URL you used. This
shouldn't be the case and could cause problems in some applications.

I haven't worked out the actual patch required in this case because of there being
two issues and because I haven't looked through the code enough to know where
to look to see if there already is a trailing slash. At the minimum, the use of SLASH_S
should be changed to "/" in that part of the select_interp_name() method.

For further discussion on this issue see mailing list thread at:

  http://www.modpython.org/pipermail/mod_python/2004-November/016788.html

  was:
The code in this case is in select_interp_name() and it too is wrong, although
it has a couple of problems and gives slightly undesirable results on UNIX
platforms as well in certain cirsumstances.

Consider a publisher based content handler containing:

  def index(req):
    return req.interpreter

If you do not have the PythonInterPerDirectory diective turned on, accessing
that page will generate the virtual/actual host of the web server. Eg.

  grumpy.company.com

If you turn on the PythonInterpPerDirectory and access the page explicitly
as for example:

  http://localhost:8080/~grahamd/publisher/index.py

You get something like:

  /Users/grahamd/Sites/publisher/

The trailing slash "/" is put there by the select_interp_name() function. If this
were on Win32, you probably end up with:

  /Users/grahamd/Sites/publisher\

Now, if the actual directory is accessed instead and the automagic mapping to
the index() method in the file is relied upon, ie., request as:

  http://localhost:8080/~grahamd/publisher

You first get redirected to:

  http://localhost:8080/~grahamd/publisher/

and the result you get back is:

  /Users/grahamd/Sites/publisher//

Again, the final trailing '/' is put there by select_interp_name(). On Win32, this is
thus likely to be:

  /Users/grahamd/Sites/publisher/\

In summary, there are two problems here.

First is that on Win32 it is most likely going to use '\' even though rest of the path
uses POSIX naming style.

Second is that the code doesn't check to see if there already is a trailing slash with
the result that although access to the directory and the file should result in the
same interpreter name, it doesn't.

This latter problem means that the same index() method can get executed within
the context of two different interpreters dependent on which URL you used. This
shouldn't be the case and could cause problems in some applications.

I haven't worked out the actual patch required in this case because of there being
two issues and because I haven't looked through the code enough to know where
to look to see if there already is a trailing slash. At the minimum, the use of SLASH_S
should be changed to "/" in that part of the select_interp_name() method.

For further discussion on this issue see mailing list thread at:

  http://www.modpython.org/pipermail/mod_python/2004-November/016788.html

        Version: 3.1.4
                 2.7.10

> Bug in setting interpreter name with PythonInterpPerDirectory.
> --------------------------------------------------------------
>
>          Key: MODPYTHON-5
>          URL: http://issues.apache.org/jira/browse/MODPYTHON-5
>      Project: mod_python
>         Type: Bug
>     Versions: 3.1.4, 2.7.10
>  Environment: UNIX/Win32
>     Reporter: Graham Dumpleton
>     Assignee: Nicolas Lehuen
>      Fix For: 3.2.7

>
> The code in this case is in select_interp_name() and it too is wrong, although
> it has a couple of problems and gives slightly undesirable results on UNIX
> platforms as well in certain cirsumstances.
> Consider a publisher based content handler containing:
>   def index(req):
>     return req.interpreter
> If you do not have the PythonInterPerDirectory diective turned on, accessing
> that page will generate the virtual/actual host of the web server. Eg.
>   grumpy.company.com
> If you turn on the PythonInterpPerDirectory and access the page explicitly
> as for example:
>   http://localhost:8080/~grahamd/publisher/index.py
> You get something like:
>   /Users/grahamd/Sites/publisher/
> The trailing slash "/" is put there by the select_interp_name() function. If this
> were on Win32, you probably end up with:
>   /Users/grahamd/Sites/publisher\
> Now, if the actual directory is accessed instead and the automagic mapping to
> the index() method in the file is relied upon, ie., request as:
>   http://localhost:8080/~grahamd/publisher
> You first get redirected to:
>   http://localhost:8080/~grahamd/publisher/
> and the result you get back is:
>   /Users/grahamd/Sites/publisher//
> Again, the final trailing '/' is put there by select_interp_name(). On Win32, this is
> thus likely to be:
>   /Users/grahamd/Sites/publisher/\
> In summary, there are two problems here.
> First is that on Win32 it is most likely going to use '\' even though rest of the path
> uses POSIX naming style.
> Second is that the code doesn't check to see if there already is a trailing slash with
> the result that although access to the directory and the file should result in the
> same interpreter name, it doesn't.
> This latter problem means that the same index() method can get executed within
> the context of two different interpreters dependent on which URL you used. This
> shouldn't be the case and could cause problems in some applications.
> I haven't worked out the actual patch required in this case because of there being
> two issues and because I haven't looked through the code enough to know where
> to look to see if there already is a trailing slash. At the minimum, the use of SLASH_S
> should be changed to "/" in that part of the select_interp_name() method.
> For further discussion on this issue see mailing list thread at:
>   http://www.modpython.org/pipermail/mod_python/2004-November/016788.html

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message