chiark
/
gitweb
/
~mdw
/
chopwood
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
{cgi,cmd-cgi,httpauth}.py: Check request methods on CGI commands.
[chopwood]
/
cgi.py
diff --git
a/cgi.py
b/cgi.py
index 6006062eddc5132ec5ba980b722ba2695f280007..cfa26f7725ec55faf0e13849ac5b0ef3fd2ce04e 100644
(file)
--- a/
cgi.py
+++ b/
cgi.py
@@
-453,6
+453,11
@@
class Subcommand (SC.Subcommand):
CGI parameters.
"""
CGI parameters.
"""
+ def __init__(me, name, contexts, desc, func,
+ methods = ['GET', 'POST'], *args, **kw):
+ super(Subcommand, me).__init__(name, contexts, desc, func, *args, **kw)
+ me.methods = set(methods)
+
def cgi(me, param, path):
"""
Invoke the subcommand given a collection of CGI parameters.
def cgi(me, param, path):
"""
Invoke the subcommand given a collection of CGI parameters.
@@
-484,6
+489,12
@@
class Subcommand (SC.Subcommand):
want = {}
kw = {}
want = {}
kw = {}
+ ## Check the request method against the permitted list.
+ meth = METHOD
+ if meth == 'HEAD': meth = 'GET'
+ if meth not in me.methods:
+ raise U.ExpectedError, (500, "Unexpected request method `%s'" % METHOD)
+
def set_value(k, v):
"""Set a simple value: we shouldn't see multiple values."""
if k in kw:
def set_value(k, v):
"""Set a simple value: we shouldn't see multiple values."""
if k in kw:
~mdw / chopwood / blobdiff