|
Andre Reitz
reitz at inworks.de
Thu Apr 11 17:05:59 EST 2002
On Wed, 10 Apr 2002 18:06:04 -0400 (EDT) "Gregory (Grisha) Trubetskoy" <grisha at modpython.org> wrote: > > I have released mod_python 2.7.7. > > This release (as far as I could tell adequately) addresses the security > issue whereby a module indirectly imported by a published module could > then be accessed via the publisher. > > It is highly recommended that you upgrade, especially if you use the > publisher. > > A quick way to upgrade is to just replace the apache.py file and restart > httpd - everything else is pretty much the same except for the verion > number. Windows users should still be able to use the 2.7.6 DLL with the > new apache.py. > > Grisha Did you forget to patch apache.py?? (The boo boo) def setup_cgi(req): """ Replace sys.stdin and stdout with an objects that read/write to the socket, as well as substitute the os.environ. Returns (environ, stdin, stdout) which you must save and then use with restore_nocgi(). """ # save env env = os.environ.copy() <------(1) si = sys.stdin so = sys.stdout env = build_cgi_env(req) for k in env.keys(): os.environ[k] = env[k] sys.stdout = CGIStdout(req) sys.stdin = CGIStdin(req) sys.argv = [] # keeps cgi.py happy return env, si, so <--------(2) > (1) : originalenv=os.environ.copy() (2) : return originalenv,si,so > > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://www.modpython.org/mailman/listinfo/mod_python -- _____________________________________________ inworks GmbH Andre Reitz Magirusstrasse 44 Tel. 0731/93 80 7-21 89077 Ulm http://www.inworks.de
|