Edit File by line
/home/barbar84/public_h.../wp-conte.../plugins/sujqvwi/ExeBy/smexe_ro.../lib64/python2....
File: CGIHTTPServer.py
"""CGI-savvy HTTP Server.
[0] Fix | Delete
[1] Fix | Delete
This module builds on SimpleHTTPServer by implementing GET and POST
[2] Fix | Delete
requests to cgi-bin scripts.
[3] Fix | Delete
[4] Fix | Delete
If the os.fork() function is not present (e.g. on Windows),
[5] Fix | Delete
os.popen2() is used as a fallback, with slightly altered semantics; if
[6] Fix | Delete
that function is not present either (e.g. on Macintosh), only Python
[7] Fix | Delete
scripts are supported, and they are executed by the current process.
[8] Fix | Delete
[9] Fix | Delete
In all cases, the implementation is intentionally naive -- all
[10] Fix | Delete
requests are executed sychronously.
[11] Fix | Delete
[12] Fix | Delete
SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL
[13] Fix | Delete
-- it may execute arbitrary Python code or external programs.
[14] Fix | Delete
[15] Fix | Delete
Note that status code 200 is sent prior to execution of a CGI script, so
[16] Fix | Delete
scripts cannot send other status codes such as 302 (redirect).
[17] Fix | Delete
"""
[18] Fix | Delete
[19] Fix | Delete
[20] Fix | Delete
__version__ = "0.4"
[21] Fix | Delete
[22] Fix | Delete
__all__ = ["CGIHTTPRequestHandler"]
[23] Fix | Delete
[24] Fix | Delete
import os
[25] Fix | Delete
import sys
[26] Fix | Delete
import urllib
[27] Fix | Delete
import BaseHTTPServer
[28] Fix | Delete
import SimpleHTTPServer
[29] Fix | Delete
import select
[30] Fix | Delete
import copy
[31] Fix | Delete
[32] Fix | Delete
[33] Fix | Delete
class CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
[34] Fix | Delete
[35] Fix | Delete
"""Complete HTTP server with GET, HEAD and POST commands.
[36] Fix | Delete
[37] Fix | Delete
GET and HEAD also support running CGI scripts.
[38] Fix | Delete
[39] Fix | Delete
The POST command is *only* implemented for CGI scripts.
[40] Fix | Delete
[41] Fix | Delete
"""
[42] Fix | Delete
[43] Fix | Delete
# Determine platform specifics
[44] Fix | Delete
have_fork = hasattr(os, 'fork')
[45] Fix | Delete
have_popen2 = hasattr(os, 'popen2')
[46] Fix | Delete
have_popen3 = hasattr(os, 'popen3')
[47] Fix | Delete
[48] Fix | Delete
# Make rfile unbuffered -- we need to read one line and then pass
[49] Fix | Delete
# the rest to a subprocess, so we can't use buffered input.
[50] Fix | Delete
rbufsize = 0
[51] Fix | Delete
[52] Fix | Delete
def do_POST(self):
[53] Fix | Delete
"""Serve a POST request.
[54] Fix | Delete
[55] Fix | Delete
This is only implemented for CGI scripts.
[56] Fix | Delete
[57] Fix | Delete
"""
[58] Fix | Delete
[59] Fix | Delete
if self.is_cgi():
[60] Fix | Delete
self.run_cgi()
[61] Fix | Delete
else:
[62] Fix | Delete
self.send_error(501, "Can only POST to CGI scripts")
[63] Fix | Delete
[64] Fix | Delete
def send_head(self):
[65] Fix | Delete
"""Version of send_head that support CGI scripts"""
[66] Fix | Delete
if self.is_cgi():
[67] Fix | Delete
return self.run_cgi()
[68] Fix | Delete
else:
[69] Fix | Delete
return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self)
[70] Fix | Delete
[71] Fix | Delete
def is_cgi(self):
[72] Fix | Delete
"""Test whether self.path corresponds to a CGI script.
[73] Fix | Delete
[74] Fix | Delete
Returns True and updates the cgi_info attribute to the tuple
[75] Fix | Delete
(dir, rest) if self.path requires running a CGI script.
[76] Fix | Delete
Returns False otherwise.
[77] Fix | Delete
[78] Fix | Delete
If any exception is raised, the caller should assume that
[79] Fix | Delete
self.path was rejected as invalid and act accordingly.
[80] Fix | Delete
[81] Fix | Delete
The default implementation tests whether the normalized url
[82] Fix | Delete
path begins with one of the strings in self.cgi_directories
[83] Fix | Delete
(and the next character is a '/' or the end of the string).
[84] Fix | Delete
"""
[85] Fix | Delete
collapsed_path = _url_collapse_path(self.path)
[86] Fix | Delete
dir_sep = collapsed_path.find('/', 1)
[87] Fix | Delete
head, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:]
[88] Fix | Delete
if head in self.cgi_directories:
[89] Fix | Delete
self.cgi_info = head, tail
[90] Fix | Delete
return True
[91] Fix | Delete
return False
[92] Fix | Delete
[93] Fix | Delete
cgi_directories = ['/cgi-bin', '/htbin']
[94] Fix | Delete
[95] Fix | Delete
def is_executable(self, path):
[96] Fix | Delete
"""Test whether argument path is an executable file."""
[97] Fix | Delete
return executable(path)
[98] Fix | Delete
[99] Fix | Delete
def is_python(self, path):
[100] Fix | Delete
"""Test whether argument path is a Python script."""
[101] Fix | Delete
head, tail = os.path.splitext(path)
[102] Fix | Delete
return tail.lower() in (".py", ".pyw")
[103] Fix | Delete
[104] Fix | Delete
def run_cgi(self):
[105] Fix | Delete
"""Execute a CGI script."""
[106] Fix | Delete
dir, rest = self.cgi_info
[107] Fix | Delete
path = dir + '/' + rest
[108] Fix | Delete
i = path.find('/', len(dir)+1)
[109] Fix | Delete
while i >= 0:
[110] Fix | Delete
nextdir = path[:i]
[111] Fix | Delete
nextrest = path[i+1:]
[112] Fix | Delete
[113] Fix | Delete
scriptdir = self.translate_path(nextdir)
[114] Fix | Delete
if os.path.isdir(scriptdir):
[115] Fix | Delete
dir, rest = nextdir, nextrest
[116] Fix | Delete
i = path.find('/', len(dir)+1)
[117] Fix | Delete
else:
[118] Fix | Delete
break
[119] Fix | Delete
[120] Fix | Delete
# find an explicit query string, if present.
[121] Fix | Delete
rest, _, query = rest.partition('?')
[122] Fix | Delete
[123] Fix | Delete
# dissect the part after the directory name into a script name &
[124] Fix | Delete
# a possible additional path, to be stored in PATH_INFO.
[125] Fix | Delete
i = rest.find('/')
[126] Fix | Delete
if i >= 0:
[127] Fix | Delete
script, rest = rest[:i], rest[i:]
[128] Fix | Delete
else:
[129] Fix | Delete
script, rest = rest, ''
[130] Fix | Delete
[131] Fix | Delete
scriptname = dir + '/' + script
[132] Fix | Delete
scriptfile = self.translate_path(scriptname)
[133] Fix | Delete
if not os.path.exists(scriptfile):
[134] Fix | Delete
self.send_error(404, "No such CGI script (%r)" % scriptname)
[135] Fix | Delete
return
[136] Fix | Delete
if not os.path.isfile(scriptfile):
[137] Fix | Delete
self.send_error(403, "CGI script is not a plain file (%r)" %
[138] Fix | Delete
scriptname)
[139] Fix | Delete
return
[140] Fix | Delete
ispy = self.is_python(scriptname)
[141] Fix | Delete
if not ispy:
[142] Fix | Delete
if not (self.have_fork or self.have_popen2 or self.have_popen3):
[143] Fix | Delete
self.send_error(403, "CGI script is not a Python script (%r)" %
[144] Fix | Delete
scriptname)
[145] Fix | Delete
return
[146] Fix | Delete
if not self.is_executable(scriptfile):
[147] Fix | Delete
self.send_error(403, "CGI script is not executable (%r)" %
[148] Fix | Delete
scriptname)
[149] Fix | Delete
return
[150] Fix | Delete
[151] Fix | Delete
# Reference: http://hoohoo.ncsa.uiuc.edu/cgi/env.html
[152] Fix | Delete
# XXX Much of the following could be prepared ahead of time!
[153] Fix | Delete
env = copy.deepcopy(os.environ)
[154] Fix | Delete
env['SERVER_SOFTWARE'] = self.version_string()
[155] Fix | Delete
env['SERVER_NAME'] = self.server.server_name
[156] Fix | Delete
env['GATEWAY_INTERFACE'] = 'CGI/1.1'
[157] Fix | Delete
env['SERVER_PROTOCOL'] = self.protocol_version
[158] Fix | Delete
env['SERVER_PORT'] = str(self.server.server_port)
[159] Fix | Delete
env['REQUEST_METHOD'] = self.command
[160] Fix | Delete
uqrest = urllib.unquote(rest)
[161] Fix | Delete
env['PATH_INFO'] = uqrest
[162] Fix | Delete
env['PATH_TRANSLATED'] = self.translate_path(uqrest)
[163] Fix | Delete
env['SCRIPT_NAME'] = scriptname
[164] Fix | Delete
if query:
[165] Fix | Delete
env['QUERY_STRING'] = query
[166] Fix | Delete
host = self.address_string()
[167] Fix | Delete
if host != self.client_address[0]:
[168] Fix | Delete
env['REMOTE_HOST'] = host
[169] Fix | Delete
env['REMOTE_ADDR'] = self.client_address[0]
[170] Fix | Delete
authorization = self.headers.getheader("authorization")
[171] Fix | Delete
if authorization:
[172] Fix | Delete
authorization = authorization.split()
[173] Fix | Delete
if len(authorization) == 2:
[174] Fix | Delete
import base64, binascii
[175] Fix | Delete
env['AUTH_TYPE'] = authorization[0]
[176] Fix | Delete
if authorization[0].lower() == "basic":
[177] Fix | Delete
try:
[178] Fix | Delete
authorization = base64.decodestring(authorization[1])
[179] Fix | Delete
except binascii.Error:
[180] Fix | Delete
pass
[181] Fix | Delete
else:
[182] Fix | Delete
authorization = authorization.split(':')
[183] Fix | Delete
if len(authorization) == 2:
[184] Fix | Delete
env['REMOTE_USER'] = authorization[0]
[185] Fix | Delete
# XXX REMOTE_IDENT
[186] Fix | Delete
if self.headers.typeheader is None:
[187] Fix | Delete
env['CONTENT_TYPE'] = self.headers.type
[188] Fix | Delete
else:
[189] Fix | Delete
env['CONTENT_TYPE'] = self.headers.typeheader
[190] Fix | Delete
length = self.headers.getheader('content-length')
[191] Fix | Delete
if length:
[192] Fix | Delete
env['CONTENT_LENGTH'] = length
[193] Fix | Delete
referer = self.headers.getheader('referer')
[194] Fix | Delete
if referer:
[195] Fix | Delete
env['HTTP_REFERER'] = referer
[196] Fix | Delete
accept = []
[197] Fix | Delete
for line in self.headers.getallmatchingheaders('accept'):
[198] Fix | Delete
if line[:1] in "\t\n\r ":
[199] Fix | Delete
accept.append(line.strip())
[200] Fix | Delete
else:
[201] Fix | Delete
accept = accept + line[7:].split(',')
[202] Fix | Delete
env['HTTP_ACCEPT'] = ','.join(accept)
[203] Fix | Delete
ua = self.headers.getheader('user-agent')
[204] Fix | Delete
if ua:
[205] Fix | Delete
env['HTTP_USER_AGENT'] = ua
[206] Fix | Delete
co = filter(None, self.headers.getheaders('cookie'))
[207] Fix | Delete
if co:
[208] Fix | Delete
env['HTTP_COOKIE'] = ', '.join(co)
[209] Fix | Delete
# XXX Other HTTP_* headers
[210] Fix | Delete
# Since we're setting the env in the parent, provide empty
[211] Fix | Delete
# values to override previously set values
[212] Fix | Delete
for k in ('QUERY_STRING', 'REMOTE_HOST', 'CONTENT_LENGTH',
[213] Fix | Delete
'HTTP_USER_AGENT', 'HTTP_COOKIE', 'HTTP_REFERER'):
[214] Fix | Delete
env.setdefault(k, "")
[215] Fix | Delete
[216] Fix | Delete
self.send_response(200, "Script output follows")
[217] Fix | Delete
[218] Fix | Delete
decoded_query = query.replace('+', ' ')
[219] Fix | Delete
[220] Fix | Delete
if self.have_fork:
[221] Fix | Delete
# Unix -- fork as we should
[222] Fix | Delete
args = [script]
[223] Fix | Delete
if '=' not in decoded_query:
[224] Fix | Delete
args.append(decoded_query)
[225] Fix | Delete
nobody = nobody_uid()
[226] Fix | Delete
self.wfile.flush() # Always flush before forking
[227] Fix | Delete
pid = os.fork()
[228] Fix | Delete
if pid != 0:
[229] Fix | Delete
# Parent
[230] Fix | Delete
pid, sts = os.waitpid(pid, 0)
[231] Fix | Delete
# throw away additional data [see bug #427345]
[232] Fix | Delete
while select.select([self.rfile], [], [], 0)[0]:
[233] Fix | Delete
if not self.rfile.read(1):
[234] Fix | Delete
break
[235] Fix | Delete
if sts:
[236] Fix | Delete
self.log_error("CGI script exit status %#x", sts)
[237] Fix | Delete
return
[238] Fix | Delete
# Child
[239] Fix | Delete
try:
[240] Fix | Delete
try:
[241] Fix | Delete
os.setuid(nobody)
[242] Fix | Delete
except os.error:
[243] Fix | Delete
pass
[244] Fix | Delete
os.dup2(self.rfile.fileno(), 0)
[245] Fix | Delete
os.dup2(self.wfile.fileno(), 1)
[246] Fix | Delete
os.execve(scriptfile, args, env)
[247] Fix | Delete
except:
[248] Fix | Delete
self.server.handle_error(self.request, self.client_address)
[249] Fix | Delete
os._exit(127)
[250] Fix | Delete
[251] Fix | Delete
else:
[252] Fix | Delete
# Non Unix - use subprocess
[253] Fix | Delete
import subprocess
[254] Fix | Delete
cmdline = [scriptfile]
[255] Fix | Delete
if self.is_python(scriptfile):
[256] Fix | Delete
interp = sys.executable
[257] Fix | Delete
if interp.lower().endswith("w.exe"):
[258] Fix | Delete
# On Windows, use python.exe, not pythonw.exe
[259] Fix | Delete
interp = interp[:-5] + interp[-4:]
[260] Fix | Delete
cmdline = [interp, '-u'] + cmdline
[261] Fix | Delete
if '=' not in query:
[262] Fix | Delete
cmdline.append(query)
[263] Fix | Delete
[264] Fix | Delete
self.log_message("command: %s", subprocess.list2cmdline(cmdline))
[265] Fix | Delete
try:
[266] Fix | Delete
nbytes = int(length)
[267] Fix | Delete
except (TypeError, ValueError):
[268] Fix | Delete
nbytes = 0
[269] Fix | Delete
p = subprocess.Popen(cmdline,
[270] Fix | Delete
stdin = subprocess.PIPE,
[271] Fix | Delete
stdout = subprocess.PIPE,
[272] Fix | Delete
stderr = subprocess.PIPE,
[273] Fix | Delete
env = env
[274] Fix | Delete
)
[275] Fix | Delete
if self.command.lower() == "post" and nbytes > 0:
[276] Fix | Delete
data = self.rfile.read(nbytes)
[277] Fix | Delete
else:
[278] Fix | Delete
data = None
[279] Fix | Delete
# throw away additional data [see bug #427345]
[280] Fix | Delete
while select.select([self.rfile._sock], [], [], 0)[0]:
[281] Fix | Delete
if not self.rfile._sock.recv(1):
[282] Fix | Delete
break
[283] Fix | Delete
stdout, stderr = p.communicate(data)
[284] Fix | Delete
self.wfile.write(stdout)
[285] Fix | Delete
if stderr:
[286] Fix | Delete
self.log_error('%s', stderr)
[287] Fix | Delete
p.stderr.close()
[288] Fix | Delete
p.stdout.close()
[289] Fix | Delete
status = p.returncode
[290] Fix | Delete
if status:
[291] Fix | Delete
self.log_error("CGI script exit status %#x", status)
[292] Fix | Delete
else:
[293] Fix | Delete
self.log_message("CGI script exited OK")
[294] Fix | Delete
[295] Fix | Delete
[296] Fix | Delete
def _url_collapse_path(path):
[297] Fix | Delete
"""
[298] Fix | Delete
Given a URL path, remove extra '/'s and '.' path elements and collapse
[299] Fix | Delete
any '..' references and returns a colllapsed path.
[300] Fix | Delete
[301] Fix | Delete
Implements something akin to RFC-2396 5.2 step 6 to parse relative paths.
[302] Fix | Delete
The utility of this function is limited to is_cgi method and helps
[303] Fix | Delete
preventing some security attacks.
[304] Fix | Delete
[305] Fix | Delete
Returns: The reconstituted URL, which will always start with a '/'.
[306] Fix | Delete
[307] Fix | Delete
Raises: IndexError if too many '..' occur within the path.
[308] Fix | Delete
[309] Fix | Delete
"""
[310] Fix | Delete
# Query component should not be involved.
[311] Fix | Delete
path, _, query = path.partition('?')
[312] Fix | Delete
path = urllib.unquote(path)
[313] Fix | Delete
[314] Fix | Delete
# Similar to os.path.split(os.path.normpath(path)) but specific to URL
[315] Fix | Delete
# path semantics rather than local operating system semantics.
[316] Fix | Delete
path_parts = path.split('/')
[317] Fix | Delete
head_parts = []
[318] Fix | Delete
for part in path_parts[:-1]:
[319] Fix | Delete
if part == '..':
[320] Fix | Delete
head_parts.pop() # IndexError if more '..' than prior parts
[321] Fix | Delete
elif part and part != '.':
[322] Fix | Delete
head_parts.append( part )
[323] Fix | Delete
if path_parts:
[324] Fix | Delete
tail_part = path_parts.pop()
[325] Fix | Delete
if tail_part:
[326] Fix | Delete
if tail_part == '..':
[327] Fix | Delete
head_parts.pop()
[328] Fix | Delete
tail_part = ''
[329] Fix | Delete
elif tail_part == '.':
[330] Fix | Delete
tail_part = ''
[331] Fix | Delete
else:
[332] Fix | Delete
tail_part = ''
[333] Fix | Delete
[334] Fix | Delete
if query:
[335] Fix | Delete
tail_part = '?'.join((tail_part, query))
[336] Fix | Delete
[337] Fix | Delete
splitpath = ('/' + '/'.join(head_parts), tail_part)
[338] Fix | Delete
collapsed_path = "/".join(splitpath)
[339] Fix | Delete
[340] Fix | Delete
return collapsed_path
[341] Fix | Delete
[342] Fix | Delete
[343] Fix | Delete
nobody = None
[344] Fix | Delete
[345] Fix | Delete
def nobody_uid():
[346] Fix | Delete
"""Internal routine to get nobody's uid"""
[347] Fix | Delete
global nobody
[348] Fix | Delete
if nobody:
[349] Fix | Delete
return nobody
[350] Fix | Delete
try:
[351] Fix | Delete
import pwd
[352] Fix | Delete
except ImportError:
[353] Fix | Delete
return -1
[354] Fix | Delete
try:
[355] Fix | Delete
nobody = pwd.getpwnam('nobody')[2]
[356] Fix | Delete
except KeyError:
[357] Fix | Delete
nobody = 1 + max(map(lambda x: x[2], pwd.getpwall()))
[358] Fix | Delete
return nobody
[359] Fix | Delete
[360] Fix | Delete
[361] Fix | Delete
def executable(path):
[362] Fix | Delete
"""Test for executable file."""
[363] Fix | Delete
try:
[364] Fix | Delete
st = os.stat(path)
[365] Fix | Delete
except os.error:
[366] Fix | Delete
return False
[367] Fix | Delete
return st.st_mode & 0111 != 0
[368] Fix | Delete
[369] Fix | Delete
[370] Fix | Delete
def test(HandlerClass = CGIHTTPRequestHandler,
[371] Fix | Delete
ServerClass = BaseHTTPServer.HTTPServer):
[372] Fix | Delete
SimpleHTTPServer.test(HandlerClass, ServerClass)
[373] Fix | Delete
[374] Fix | Delete
[375] Fix | Delete
if __name__ == '__main__':
[376] Fix | Delete
test()
[377] Fix | Delete
[378] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function