Commit Graph

16 Commits

Author SHA1 Message Date
Gregory P. Smith a6e0f502ea typo fix 2007-01-05 07:22:29 +00:00
Andrew M. Kuchling 622f144175 [Bug #1473048]
SimpleXMLRPCServer and DocXMLRPCServer don't look at
the path of the HTTP request at all; you can POST or
GET from / or /RPC2 or /blahblahblah with the same results.
Security scanners that look for /cgi-bin/phf will therefore report
lots of vulnerabilities.

Fix: add a .rpc_paths attribute to the SimpleXMLRPCServer class,
and report a 404 error if the path isn't on the allowed list.

Possibly-controversial aspect of this change: the default makes only
'/' and '/RPC2' legal.  Maybe this will break people's applications
(though I doubt it).  We could just set the default to an empty tuple,
which would exactly match the current behaviour.
2006-05-31 14:08:48 +00:00
Fredrik Lundh 5b093a0b73 added a missing +\versionadded{2.2} tag 2006-01-11 00:18:43 +00:00
Andrew M. Kuchling 47a39b0112 [Bug #1041501] Fix example 2005-12-04 17:17:46 +00:00
Andrew M. Kuchling 427aedbbd4 [Patch #1039083] Add 'encoding' parameter to SimpleXMLRPCServer 2005-12-04 17:13:12 +00:00
Andrew M. Kuchling 10a16dea74 [Patch #893642] Add optional allow_none argument to SimpleXMLRPCServer, CGIXMLRPCRequestHandler 2005-12-04 16:34:40 +00:00
Walter Dörwald cca3af3b71 Fix typo (fixes SF bug #1263086). 2005-08-18 19:40:39 +00:00
Guido van Rossum d064142579 Security fix PSF-2005-001 for SimpleXMLRPCServer.py. 2005-02-03 15:01:24 +00:00
Andrew M. Kuchling ab807e8a0d Make the example server code clearer; add the corresponding example client. [Bugfix candidate] 2004-12-01 18:34:11 +00:00
Andrew M. Kuchling 293dc9d70f [Bug #1041501] Fix example code 2004-10-08 18:34:47 +00:00
Skip Montanaro 0bbf137fbd Make the api of the _dispatch() method more concrete. I have no idea if
this is the right way to document such things (Fred, help me out here :-),
but I got misled by the existing documentation and assumed the parameter
list was a *args sort of thing.
2004-09-03 00:04:05 +00:00
Fred Drake 42b567fce9 Fix a couple of markup errors. 2003-01-17 22:47:33 +00:00
Martin v. Löwis d69663d300 Patch #473586: Implement CGIXMLRPCRequestHandler. 2003-01-15 11:37:23 +00:00
Fred Drake 48704ee478 Add synopsis for the SimpleXMLRPCServer module; used in the chapter-level
list of modules.
2001-11-28 07:32:53 +00:00
Fred Drake 2b05ca3454 Minor markup improvement. 2001-09-29 05:01:59 +00:00
Fred Drake e486e0d066 Preliminary documentation for the SimpleXMLRPCServer module. 2001-09-28 22:02:21 +00:00