[mod_python] Announce: 2.7.7

Andre Reitz reitz at inworks.de
Thu Apr 11 17:05:59 EST 2002


On Wed, 10 Apr 2002 18:06:04 -0400 (EDT)
"Gregory (Grisha) Trubetskoy" <grisha at modpython.org> wrote:

> 
> I have released mod_python 2.7.7.
> 
> This release (as far as I could tell adequately) addresses the security
> issue whereby a module indirectly imported by a published module could
> then be accessed via the publisher.
> 
> It is highly recommended that you upgrade, especially if you use the
> publisher.
> 
> A quick way to upgrade is to just replace the apache.py file and restart
> httpd - everything else is pretty much the same except for the verion
> number. Windows users should still be able to use the 2.7.6 DLL with the
> new apache.py.
> 
> Grisha

Did you forget to patch apache.py?? (The boo boo)


def setup_cgi(req):
    """
    Replace sys.stdin and stdout with an objects that read/write to
    the socket, as well as substitute the os.environ.
    Returns (environ, stdin, stdout) which you must save and then use
    with restore_nocgi().
    """

    # save env
    env = os.environ.copy()            <------(1)
    
    si = sys.stdin
    so = sys.stdout

    env = build_cgi_env(req)
 
    for k in env.keys():
        os.environ[k] = env[k]

    sys.stdout = CGIStdout(req)
    sys.stdin = CGIStdin(req)

    sys.argv = [] # keeps cgi.py happy

    return env, si, so		<--------(2)
> 

(1) : originalenv=os.environ.copy()
(2) : return originalenv,si,so




> 
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://www.modpython.org/mailman/listinfo/mod_python


-- 
_____________________________________________
inworks GmbH            Andre Reitz		
Magirusstrasse 44	Tel. 0731/93 80 7-21
89077 Ulm		http://www.inworks.de




More information about the Mod_python mailing list