[
https://issues.apache.org/jira/browse/MODPYTHON-43?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Graham Dumpleton closed MODPYTHON-43.
-------------------------------------
> mod_python.publisher auth functions access to globals
> -----------------------------------------------------
>
> Key: MODPYTHON-43
> URL: https://issues.apache.org/jira/browse/MODPYTHON-43
> Project: mod_python
> Issue Type: Improvement
> Components: publisher
> Affects Versions: 3.1.4
> Reporter: Graham Dumpleton
> Assigned To: Graham Dumpleton
> Priority: Minor
> Fix For: 3.3
>
> Attachments: grahamd_20060224_MP43_1.diff
>
>
> In the mod_python.publisher code, the code for performing basic authentication
> has in a few spots code of the form:
> if "__auth__" in func_code.co_names:
> i = list(func_code.co_names).index("__auth__")
> __auth__ = func_code.co_consts[i+1]
> if hasattr(__auth__, "co_name"):
> __auth__ = new.function(__auth__, globals())
> found_auth = 1
> What this does is that if the target of the request is a function and that
> function
> contains a nested function, which in this case is called "__auth__", then that
> nested function is turned into a callable object and is subsequently called to
> determine if the user is able to perform the request.
> In making the nested function callable, it uses "globals()". By using this
> though
> it is using the globals from the mod_python.publisher module and not the
> module which the nested function is contained within. This means that the
> following code will actually fail.
> import xxx
> def function(req):
> def __auth__(req,username,password):
> return xxx.auth(req,username,password)
> This is because the module "xxx" imported at global scope within the module
> isn't
> available to the nested function when it is called as it is seeing the
> globals of
> mod_python.publisher instead. To get around the problem, the import has to be
> local to the nested function.
> def function(req):
> def __auth__(req,username,password):
> import xxx
> return xxx.auth(req,username,password)
> Since in this case the auth function being called is a nested function, we
> know that
> we can actually grab the globals for the correct module by getting
> "func_globals"
> from the enclosing function.
> if "__auth__" in func_code.co_names:
> i = list(func_code.co_names).index("__auth__")
> __auth__ = func_code.co_consts[i+1]
> if hasattr(__auth__, "co_name"):
> __auth__ = new.function(__auth__, object.func_globals)
> found_auth = 1
> Ie., instead of "globals()", use "object.func_globals" where "object is the
> enclosing
> function object.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
