|
Gregory (Grisha) Trubetskoy
grisha at modpython.org
Thu Apr 11 13:07:51 EST 2002
My appologies - I must have forgotten to check it in after the patch or something... On Thu, 11 Apr 2002, Andre Reitz wrote: > On Wed, 10 Apr 2002 18:06:04 -0400 (EDT) > "Gregory (Grisha) Trubetskoy" <grisha at modpython.org> wrote: > > > > > I have released mod_python 2.7.7. > > > > This release (as far as I could tell adequately) addresses the security > > issue whereby a module indirectly imported by a published module could > > then be accessed via the publisher. > > > > It is highly recommended that you upgrade, especially if you use the > > publisher. > > > > A quick way to upgrade is to just replace the apache.py file and restart > > httpd - everything else is pretty much the same except for the verion > > number. Windows users should still be able to use the 2.7.6 DLL with the > > new apache.py. > > > > Grisha > > Did you forget to patch apache.py?? (The boo boo) > > > def setup_cgi(req): > """ > Replace sys.stdin and stdout with an objects that read/write to > the socket, as well as substitute the os.environ. > Returns (environ, stdin, stdout) which you must save and then use > with restore_nocgi(). > """ > > # save env > env = os.environ.copy() <------(1) > > si = sys.stdin > so = sys.stdout > > env = build_cgi_env(req) > > for k in env.keys(): > os.environ[k] = env[k] > > sys.stdout = CGIStdout(req) > sys.stdin = CGIStdin(req) > > sys.argv = [] # keeps cgi.py happy > > return env, si, so <--------(2) > > > > (1) : originalenv=os.environ.copy() > (2) : return originalenv,si,so > > > > > > > > _______________________________________________ > > Mod_python mailing list > > Mod_python at modpython.org > > http://www.modpython.org/mailman/listinfo/mod_python > > > -- > _____________________________________________ > inworks GmbH Andre Reitz > Magirusstrasse 44 Tel. 0731/93 80 7-21 > 89077 Ulm http://www.inworks.de >
|