Mercurial > p > roundup > code
comparison roundup/cgi/wsgi_handler.py @ 5945:40f5b20d1e70
issue2551047: Fix crashes in DELETE, OPTIONS, PATCH
The wsgi handler parses the form data.
This is a partial patch that fixes some crashes and allows OPTIONS to
be passed through the system. Before it was rejected with a 501 error.
Other modes (cgi, roundup-server) use the code in the __init__method
of the Client class in client.py to parse the input form. The Client
code has been modified to parse and pass json input data. I think
these changes have to be included in the wsgi handler as well.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 22 Oct 2019 23:36:10 -0400 |
| parents | 883c9e90b403 |
| children | 82816000aef3 |
comparison
equal
deleted
inserted
replaced
| 5944:d7e6bcde5cbe | 5945:40f5b20d1e70 |
|---|---|
| 12 | 12 |
| 13 import roundup.instance | 13 import roundup.instance |
| 14 from roundup.cgi import TranslationService | 14 from roundup.cgi import TranslationService |
| 15 from roundup.anypy import http_ | 15 from roundup.anypy import http_ |
| 16 from roundup.anypy.strings import s2b, bs2b | 16 from roundup.anypy.strings import s2b, bs2b |
| 17 | |
| 18 from roundup.cgi.client import BinaryFieldStorage | |
| 19 | |
| 17 BaseHTTPRequestHandler = http_.server.BaseHTTPRequestHandler | 20 BaseHTTPRequestHandler = http_.server.BaseHTTPRequestHandler |
| 18 DEFAULT_ERROR_MESSAGE = http_.server.DEFAULT_ERROR_MESSAGE | 21 DEFAULT_ERROR_MESSAGE = http_.server.DEFAULT_ERROR_MESSAGE |
| 19 | 22 |
| 20 class Headers(object): | 23 class Headers(object): |
| 21 """ Idea more or less stolen from the 'apache.py' in same directory. | 24 """ Idea more or less stolen from the 'apache.py' in same directory. |
| 67 request.wfile = Writer(request) | 70 request.wfile = Writer(request) |
| 68 request.__wfile = None | 71 request.__wfile = None |
| 69 request.headers = Headers(environ) | 72 request.headers = Headers(environ) |
| 70 | 73 |
| 71 if environ ['REQUEST_METHOD'] == 'OPTIONS': | 74 if environ ['REQUEST_METHOD'] == 'OPTIONS': |
| 72 code = 501 | 75 if environ["PATH_INFO"][:5] == "/rest": |
| 73 message, explain = BaseHTTPRequestHandler.responses[code] | 76 # rest does support options |
| 74 request.start_response([('Content-Type', 'text/html'), | 77 # This I hope will result in self.form=None |
| 75 ('Connection', 'close')], code) | 78 environ['CONTENT_LENGTH'] = 0 |
| 76 request.wfile.write(s2b(DEFAULT_ERROR_MESSAGE % locals())) | 79 else: |
| 77 return [] | 80 code = 501 |
| 78 | 81 message, explain = BaseHTTPRequestHandler.responses[code] |
| 82 request.start_response([('Content-Type', 'text/html'), | |
| 83 ('Connection', 'close')], code) | |
| 84 request.wfile.write(s2b(DEFAULT_ERROR_MESSAGE % locals())) | |
| 85 return [] | |
| 86 | |
| 79 tracker = roundup.instance.open(self.home, not self.debug) | 87 tracker = roundup.instance.open(self.home, not self.debug) |
| 80 | 88 |
| 81 # need to strip the leading '/' | 89 # need to strip the leading '/' |
| 82 environ["PATH_INFO"] = environ["PATH_INFO"][1:] | 90 environ["PATH_INFO"] = environ["PATH_INFO"][1:] |
| 83 if request.timing: | 91 if request.timing: |
| 84 environ["CGI_SHOW_TIMING"] = request.timing | 92 environ["CGI_SHOW_TIMING"] = request.timing |
| 85 | 93 |
| 86 form = cgi.FieldStorage(fp=environ['wsgi.input'], environ=environ) | 94 form = BinaryFieldStorage(fp=environ['wsgi.input'], environ=environ) |
| 95 | |
| 96 if environ ['REQUEST_METHOD'] in ("OPTIONS", "DELETE"): | |
| 97 # these methods have no data. When we init tracker.Client | |
| 98 # set form to None and request.rfile to None to get a | |
| 99 # properly initialized empty form. | |
| 100 form = None | |
| 101 request.rfile = None | |
| 87 | 102 |
| 88 client = tracker.Client(tracker, request, environ, form, | 103 client = tracker.Client(tracker, request, environ, form, |
| 89 request.translator) | 104 request.translator) |
| 90 try: | 105 try: |
| 91 client.main() | 106 client.main() |