03-05-06 07:46 AM
[ http://issues.apache.org/jira/brows...HON-43?page=all ]
Graham Dumpleton updated MODPYTHON-43:
--------------------------------------
Fix Version: 3.3
Description:
In the mod_python.publisher code, the code for performing basic authenticati
on
has in a few spots code of the form:
if "__auth__" in func_code.co_names:
i = list(func_code.co_names).index("__auth__")
__auth__ = func_code.co_consts[i+1]
if hasattr(__auth__, "co_name"):
__auth__ = new.function(__auth__, globals())
found_auth = 1
What this does is that if the target of the request is a function and that f
unction
contains a nested function, which in this case is called "__auth__", then th
at
nested function is turned into a callable object and is subsequently called
to
determine if the user is able to perform the request.
In making the nested function callable, it uses "globals()". By using this t
hough
it is using the globals from the mod_python.publisher module and not the
module which the nested function is contained within. This means that the
following code will actually fail.
import xxx
def function(req):
def __auth__(req,username,password):
return xxx.auth(req,username,password)
This is because the module "xxx" imported at global scope within the module
isn't
available to the nested function when it is called as it is seeing the globa
ls of
mod_python.publisher instead. To get around the problem, the import has to b
e
local to the nested function.
def function(req):
def __auth__(req,username,password):
import xxx
return xxx.auth(req,username,password)
Since in this case the auth function being called is a nested function, we k
now that
we can actually grab the globals for the correct module by getting "func_glo
bals"
from the enclosing function.
if "__auth__" in func_code.co_names:
i = list(func_code.co_names).index("__auth__")
__auth__ = func_code.co_consts[i+1]
if hasattr(__auth__, "co_name"):
__auth__ = new.function(__auth__, object.func_globals)
found_auth = 1
Ie., instead of "globals()", use "object.func_globals" where "object is the
enclosing
function object.
was:
In the mod_python.publisher code, the code for performing basic authenticati
on
has in a few spots code of the form:
if "__auth__" in func_code.co_names:
i = list(func_code.co_names).index("__auth__")
__auth__ = func_code.co_consts[i+1]
if hasattr(__auth__, "co_name"):
__auth__ = new.function(__auth__, globals())
found_auth = 1
What this does is that if the target of the request is a function and that f
unction
contains a nested function, which in this case is called "__auth__", then th
at
nested function is turned into a callable object and is subsequently called
to
determine if the user is able to perform the request.
In making the nested function callable, it uses "globals()". By using this t
hough
it is using the globals from the mod_python.publisher module and not the
module which the nested function is contained within. This means that the
following code will actually fail.
import xxx
def function(req):
def __auth__(req,username,password):
return xxx.auth(req,username,password)
This is because the module "xxx" imported at global scope within the module
isn't
available to the nested function when it is called as it is seeing the globa
ls of
mod_python.publisher instead. To get around the problem, the import has to b
e
local to the nested function.
def function(req):
def __auth__(req,username,password):
import xxx
return xxx.auth(req,username,password)
Since in this case the auth function being called is a nested function, we k
now that
we can actually grab the globals for the correct module by getting "func_glo
bals"
from the enclosing function.
if "__auth__" in func_code.co_names:
i = list(func_code.co_names).index("__auth__")
__auth__ = func_code.co_consts[i+1]
if hasattr(__auth__, "co_name"):
__auth__ = new.function(__auth__, object.func_globals)
found_auth = 1
Ie., instead of "globals()", use "object.func_globals" where "object is the
enclosing
function object.
Environment:
Assign To: Graham Dumpleton
> mod_python.publisher auth functions access to globals
> -----------------------------------------------------
>
> Key: MODPYTHON-43
> URL: http://issues.apache.org/jira/browse/MODPYTHON-43
> Project: mod_python
> Type: Improvement
> Components: publisher
> Versions: 3.1.4
> Reporter: Graham Dumpleton
> Assignee: Graham Dumpleton
> Priority: Minor
> Fix For: 3.3
> Attachments: grahamd_20060224_MP43_1.diff
>
> In the mod_python.publisher code, the code for performing basic authentica
tion
> has in a few spots code of the form:
> if "__auth__" in func_code.co_names:
> i = list(func_code.co_names).index("__auth__")
> __auth__ = func_code.co_consts[i+1]
> if hasattr(__auth__, "co_name"):
> __auth__ = new.function(__auth__, globals())
> found_auth = 1
> What this does is that if the target of the request is a function and that
function
> contains a nested function, which in this case is called "__auth__", then
that
> nested function is turned into a callable object and is subsequently calle
d to
> determine if the user is able to perform the request.
> In making the nested function callable, it uses "globals()". By using this
though
> it is using the globals from the mod_python.publisher module and not the
> module which the nested function is contained within. This means that the
> following code will actually fail.
> import xxx
> def function(req):
> def __auth__(req,username,password):
> return xxx.auth(req,username,password)
> This is because the module "xxx" imported at global scope within the modul
e isn't
> available to the nested function when it is called as it is seeing the glo
bals of
> mod_python.publisher instead. To get around the problem, the import has to
be
> local to the nested function.
> def function(req):
> def __auth__(req,username,password):
> import xxx
> return xxx.auth(req,username,password)
> Since in this case the auth function being called is a nested function, we
know that
> we can actually grab the globals for the correct module by getting "func_g
lobals"
> from the enclosing function.
> if "__auth__" in func_code.co_names:
> i = list(func_code.co_names).index("__auth__")
> __auth__ = func_code.co_consts[i+1]
> if hasattr(__auth__, "co_name"):
> __auth__ = new.function(__auth__, object.func_globals)
> found_auth = 1
> Ie., instead of "globals()", use "object.func_globals" where "object is th
e enclosing
> function object.
[ Post a follow-up to this message ]
|
