SimpleXMLRPCServer and DocXMLRPCServer don't look at
the path of the HTTP request at all; you can POST or
GET from / or /RPC2 or /blahblahblah with the same results.
Security scanners that look for /cgi-bin/phf will therefore report
lots of vulnerabilities.
Fix: add a .rpc_paths attribute to the SimpleXMLRPCServer class,
and report a 404 error if the path isn't on the allowed list.
Possibly-controversial aspect of this change: the default makes only
'/' and '/RPC2' legal. Maybe this will break people's applications
(though I doubt it). We could just set the default to an empty tuple,
which would exactly match the current behaviour.
are run in the order:
test_genexps (or any other doctest-based test)
test_struct
test_doctest
The `warnings` module needs an advertised way to save/restore
its internal filter list.
Renames functional extension module to _functools and adds a Python
functools module so that utility functions like update_wrapper can be
added easily.
Remove various dependencies on dictionary order in the standard library
tests, and one (clearly an oversight, potentially critical) in the
standard library itself - base64.py.
Remaining open issues:
* test_extcall is an output test, messy to make robust
* tarfile.py has a potential bug here, but I'm not familiar
enough with this code. Filed in as SF bug #1496501.
* urllib2.HTTPPasswordMgr() returns a random result if there is more
than one matching root path. I'm asking python-dev for
clarification...
invalid file paths for the built-in import machinery which leads to
fewer open calls on startup.
Also fix issue with PEP 302 style import hooks which lead to more open()
calls than necessary.
failures on Windows buildbots, but it's hard to know how since the regrtest
failure output is useless here, and it never fails when a buildbot slave runs
test_tarfile the second time in verbose mode.
The new split functions use a preallocated list. Added tests which exceed
the preallocation size, to exercise list appends/resizes.
Also added more edge case tests.
* Added socket.recv_buf() and socket.recvfrom_buf() methods, that use the buffer
protocol (send and sendto already did).
* Added struct.pack_to(), that is the corresponding buffer compatible method to
unpack_from().
* Fixed minor typos in arraymodule.
Tim Peters
Armin Rigo
Georg Brandl
Andrew M. Kuchling
Neal Norwitz
Fredrik Lundh
Bob Ippolito
Nick Coghlan
George Yoshida
Richard Jones
Martin v. Löwis
Andrew Dalke
Martin Blais