[mod_python] Re: [patch] vampire 1.1 remove unknown query variables

Graham Dumpleton grahamd at dscpl.com.au
Tue Oct 19 17:12:56 EDT 2004 

Thanks, this is good timing.

I was looking at that specific code yesterday so as to start changing 
it to
bring it inline with what mod_python 3.X does in publisher. 
Specifically,
to allow kwargs as last argument of handler to gobble up those which 
aren't
specifically defined as arguments.

Anyway, I have to run out the door right now so no time to even finish 
this
email properly. :-)

Thanks again.

On 20/10/2004, at 6:56 AM, Johannes Erdfelt wrote:

> I've been using vampire the last couple of days and I like it, but it
> has some problems some code I originally wrote didn't have.
>
> This patch fixes a problem where unknown query variables (form
> variables) could cause an internal server error.
>
> Generally, this shouldn't happen and on a well designed site, it's the
> users error for causing this to occur, but it causes some undue alarm
> when looking at the logs, so I wrote up this patch to remove unknown
> query variables before applying it to the called handler.
>
> It also prints out an error message if variables are required by the
> handler, but aren't given by the client (it doesn't have a default)
>
> It applies to vampire 1.1
>
> JE
>
> diff -ur vampire-1.1-20041009.orig/packages/vampire/apache.py 
> vampire-1.1-20041009/packages/vampire/apache.py
> --- vampire-1.1-20041009.orig/packages/vampire/apache.py	2004-10-08 
> 18:31:50.000000000 -0700
> +++ vampire-1.1-20041009/packages/vampire/apache.py	2004-10-19 
> 13:55:48.000000000 -0700
> @@ -171,4 +171,40 @@
>
>    # Execute the content handler.
>
> -  return apply(function,(req,),args)
> +  # Match up the arguments given by the client to the expected 
> arguments
> +  # from the method. We only remove non expected names and don't 
> check for
> +  # expected because the argument may have a default if not set. We 
> use
> +  # exceptions to catch the case where an argument does not have a 
> default.
> +  fc = function.func_code
> +  expected = fc.co_varnames[0:fc.co_argcount]
> +
> +  # Silently remove any unexpected arguments if we need to
> +  if not fc.co_flags & 0x000C:  # CO_VARARGS | CO_VARKEYWORDS
> +    for name in args.keys():
> +      if name not in expected:
> +        del args[name]
> +
> +  try:
> +    return apply(function,(req,),args)
> +  except TypeError, vars:
> +    missing = []
> +
> +    # Don't worry about the arguments with defaults
> +    argcount = fc.co_argcount
> +    if function.func_defaults:
> +      argcount = argcount - len(function.func_defaults)
> +    # Skip the first argument, which is the req
> +    for name in fc.co_varnames[1:argcount]:
> +      if name not in args:
> +        missing.append(name)
> +
> +    if not len(missing):
> +      raise
> +
> +    # We definately had some missing variables, let's let the user 
> know
> +    req.content_type = "text/plain"
> +    req.status = apache.HTTP_INTERNAL_SERVER_ERROR
> +    req.send_http_header()
> +    req.write("Call is missing these variables: %s\n" % ", 
> ".join(missing))
> +
> +    return apache.OK

More information about the Mod_python mailing list