[jira] Resolved: (MODPYTHON-43) mod_python.publisher auth functions access to globals

Mon, 06 Mar 2006 17:39:51 -0800 

     [ http://issues.apache.org/jira/browse/MODPYTHON-43?page=all ]
     
Graham Dumpleton resolved MODPYTHON-43:
---------------------------------------

    Resolution: Fixed

> mod_python.publisher auth functions access to globals
> -----------------------------------------------------
>
>          Key: MODPYTHON-43
>          URL: http://issues.apache.org/jira/browse/MODPYTHON-43
>      Project: mod_python
>         Type: Improvement
>   Components: publisher
>     Versions: 3.1.4
>     Reporter: Graham Dumpleton
>     Assignee: Graham Dumpleton
>     Priority: Minor
>      Fix For: 3.3
>  Attachments: grahamd_20060224_MP43_1.diff
>
> In the mod_python.publisher code, the code for performing basic authentication
> has in a few spots code of the form:
>             if "__auth__" in func_code.co_names: 
>                 i = list(func_code.co_names).index("__auth__")
>                 __auth__ = func_code.co_consts[i+1]
>                 if hasattr(__auth__, "co_name"):
>                     __auth__ = new.function(__auth__, globals())
>                 found_auth = 1
> What this does is that if the target of the request is a function and that 
> function
> contains a nested function, which in this case is called "__auth__", then that
> nested function is turned into a callable object and is subsequently called to
> determine if the user is able to perform the request.
> In making the nested function callable, it uses "globals()". By using this 
> though
> it is using the globals from the mod_python.publisher module and not the
> module which the nested function is contained within. This means that the
> following code will actually fail.
>   import xxx
>   def function(req):
>     def __auth__(req,username,password):
>       return xxx.auth(req,username,password)
> This is because the module "xxx" imported at global scope within the module 
> isn't
> available to the nested function when it is called as it is seeing the 
> globals of
> mod_python.publisher instead. To get around the problem, the import has to be
> local to the nested function.
>   def function(req):
>     def __auth__(req,username,password):
>       import xxx
>       return xxx.auth(req,username,password)
> Since in this case the auth function being called is a nested function, we 
> know that
> we can actually grab the globals for the correct module by getting 
> "func_globals"
> from the enclosing function.
>             if "__auth__" in func_code.co_names: 
>                 i = list(func_code.co_names).index("__auth__")
>                 __auth__ = func_code.co_consts[i+1]
>                 if hasattr(__auth__, "co_name"):
>                     __auth__ = new.function(__auth__, object.func_globals)
>                 found_auth = 1
> Ie., instead of "globals()", use "object.func_globals" where "object is the 
> enclosing
> function object.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to