You are running Zope in debug mode (with the -D switch in the "start" file). This is the default. Please try running Zope in non-debug mode (remove the -D switch) and try this again.
----- Original Message ----- From: "Rossen Raykov" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, April 02, 2002 2:33 PM Subject: [Zope] isecure XML-RPC handling. > Zope is not handling correct XML-RPC request. > > Even the example from http://www.zope.org/Members/Amos/XML-RPC is not > working. > > Even worst if a request like this one in the quoted example is send to the > web server it will report information about the local server installation > and the internal network. > > Included are a request and response to www.zope.org. > > As one may see the server is installed in > /usr/local/base/Zope-2.3.2-modified/ > and it rely on 10.0.11.3:1380 for request processing. > > All this may be useful debug information but it is not acceptable for a > production server! > > I'm not familiar with Zope and I cannot say is it only a configuration > problem or it is a problem in the code. > > I do not have time to investigate that but a similar result may be achieved > with the distribution offered for download. > > Please let me know if I have to send this bug information to some one else. > > I would like to be informed and when this issue is resolved so I can > announce it on Bug-Traq. > > Regards, > Rossen Raykov > > <cut here> > $ telnet www.zope.org 80 > Trying 63.102.49.33... > Connected to www.zope.org. > Escape character is '^]'. > POST /Foo/Bar/MyFolder HTTP/1.0 > Content-Type: text/xml > Content-length: 95 > > <?xml version="1.0"?> > <methodCall> > <methodName>objectIds</methodName> > <params/> > </methodCall> > > > HTTP/1.0 500 Internal Server Error > Server: Zope/Zope 2.3.2 (source release, python 1.5.2, linux2) ZServer/1.1b1 > Date: Sat, 23 Mar 2002 03:09:14 GMT > Bobo-Exception-File: /var/tmp/python/python-root/usr/lib/python1.5/xmllib.py > Content-Type: text/html > Bobo-Exception-Type: RuntimeError > Bobo-Exception-Value: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 > Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd";<HTML> > <HEAD <TITLE>Welcometo Zope.org</TITLE <link rel="stylesheet" > href="http://10.0.11.3:1380/zope_css"; type="text/css" </HEAD <BOD > Content-Length: 6864 > Bobo-Exception-Line: 748 > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > "http://www.w3.org/TR/REC-html40/loose.dtd";> > <HTML> > <HEAD> > <TITLE>Welcome to Zope.org</TITLE> > <link rel="stylesheet" href="http://10.0.11.3:1380/zope_css"; > type="text/css"> > > </HEAD> > > > <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#000066" VLINK="#606060" > TOPMARGIN="0" LEFTMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0"> > <BASEFONT FACE="Verdana, Arial, Helvetica, sans-serif" SIZE="2"> > > <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" > > <TR> > <TD WIDTH="10" BGCOLOR="#6699cc" ALIGN=CENTER> </TD> > <TD COLSPAN="2" BGCOLOR="#6699CC" VALIGN="TOP" WIDTH="165"><A > HREF="/"><IMGSRC="/Images/zopecom.gif" ALT="Zope" ALIGN="ABSMIDDLE" > WIDTH="150" HEIGHT="63" BORDER="0"></A></TD> > <TD BGCOLOR="#6699CC" VALIGN="TOP" ALIGN="RIGHT" xWIDTH="99%" > CLASS="welcome"> > <p class="welcome"> > <a class="globalmenu" href="http://www.zope.com";>Business Services</A> > | <A CLASS="globalmenu" HREF="/SiteIndex/searchForm">Search</A> > | <a CLASS="globalmenu" href="/Products">Download</a> > | <a CLASS="globalmenu" href="/Documentation">Documentation</a> > | <a CLASS="globalmenu" href="/Resources">Resources</a> > | <a class="globalmenu" href="http://dev.zope.org";>Development</a> > <BR> > > > <FORM ACTION="/SiteIndex/search" METHOD="GET" name="search"> > Search > <INPUT TYPE="text" NAME="text_content" SIZE="15"> > > <INPUT TYPE="IMAGE" SRC="/Images/go.gif" ALT="Go Button!" > ALIGN="ABSMIDDLE" BORDER="0" WIDTH="20" HEIGHT="20"> > </FORM> > </p> > </TD> > <TD WIDTH="10" BGCOLOR="#6699CC" ALIGN="RIGHT" VALIGN="BOTTOM"><IMG > SRC="/Images/blue-rounder1.gif" WIDTH="14" HEIGHT="20" BORDER="0"></TD> > </TR> > > <TR> > <TD WIDTH="10" BGCOLOR="#6699cc"> </td> > > > <TD WIDTH="150" BGCOLOR="#6699CC" VALIGN=TOP> > <H2 CLASS="lefttitle"> Guest</H2> > <p class="sidemenu"> > <A CLASS="sidemenu" HREF="/Register/register.html">Join Zope.org</A> > <BR> > <A CLASS="sidemenu" > HREF="/login.html?came_from=http://10.0.11.3:1380";>Log in</A> > </p> > > > > <HR NOSHADE SIZE="0.5" WIDTH="95%"> > > <H2 CLASS="lefttitle"> Zope Exits</H2> > <p class="sidemenu"> > <A CLASS="sidemenu" HREF="http://dev.zope.org/";>dev.zope.org</A><BR> > <A CLASS="sidemenu" HREF="http://cmf.zope.org/";>CMF Dogbowl</A><BR> > <A CLASS="sidemenu" HREF="http://collector.zope.org/Zope";>Zope > Collector</A><BR> > <A CLASS="sidemenu" HREF="http://cvs.zope.org/";>Zope CVS</A><BR> > <A CLASS="sidemenu" HREF="http://www.zopezen.org/";>ZopeZen</A><BR> > <A CLASS="sidemenu" HREF="http://www.zopenewbies.net/";>Zope > Newbies</A><BR> > <a class="sidemenu" href="http://www.zopelabs.com/";>Zope Labs</a><br /> > <A CLASS="sidemenu" HREF="http://www.eurozope.org/";>EuroZope</A><BR> > <A CLASS="sidemenu" HREF="http://www.zopera.org/";>Zopera</A><BR> > <A CLASS="sidemenu" HREF="http://zdp.zope.org";>ZDP</A><BR> > <A CLASS="sidemenu" HREF="http://www.freezope.org";>FreeZope</A><BR> > <a CLASS="sidemenu" href="http://www.nipltd.net/Free";>NIP Free Zope > Hosting</a> > > </p> > <HR NOSHADE SIZE="0.5" WIDTH="95%"> > > <p><a href="http://www.amazon.com/exec/obidos/ASIN/0735711372/zopeorg-20";> > <img src="http://www.zope.org/Images/zopebook.png"; alt="The Zope Book" > height="140" width="109" border="0" /></a> > </p> > > > <p><a href="http://python.org/"; alt="Python Powered!" ><img > src="http://www.zope.org/Images/python.gif"; border="0"></a></p> > </TD> > <TD COLSPAN="2" VALIGN=TOP> > <table cellpadding="10" cellspacing="0" border="0" width="100%"> > <tr valign="top"> > <td> > > > > > <TABLE BORDER="0" WIDTH="100%"> > <TR> > <TD WIDTH="10%" ALIGN="CENTER"> > <STRONG><FONT SIZE="+6" COLOR="#77003B">!</FONT></STRONG> > </TD> > <TD WIDTH="90%"><BR> > <FONT SIZE="+2">System Unavailable</FONT> > <P>This site is currently experiencing technical difficulties. > Please contact the site administrator for more information. For > additional technical information, please refer to the HTML source for this > page. Thank you for your patience.</P> > </TD> > </TR> > </TABLE> > <pre> > Error type: RuntimeError > Error value: Syntax error at line 5: bogus `<' > </pre> > <p align="center"> > <form> > <input type="button" value="More Information..." > onClick='window.location = "view-source:" + window.location.href'> > </form> > </p> > > </td> > </tr> > </table> > > > </TD> > <TD WIDTH="10" ALIGN=CENTER> </TD> > </TR> > <TR><TD WIDTH="10" BGCOLOR="#6699cc"ALIGN=CENTER> </TD> > <TD WIDTH="150" BGCOLOR="#6699CC" ALIGN=RIGHT VALIGN=BOTTOM><IMG > SRC="/Images/blue-rounder2.gif" WIDTH="142" HEIGHT="20" BORDER="0" > ALT=""></TD> > <TD COLSPAN="2" ALIGN=CENTER CLASS="plain"><HR NOSHADE SIZE="0" > WIDTH="95%"> > <a href="/privacy.html">Privacy policy</a> > > > <A HREF="http://10.0.11.3:1380?pp=1";>Printable Page</A> > > > <A > HREF="/Members//feedback_form?came_from=http://10.0.11.3:1380";>Feedback to > this page's author</a> > > <A > HREF="http://10.0.11.3:1380/feedback_site_form?whats_up=Welcome%20to%20Zope. > org&origin_url=http://10.0.11.3:1380";>Feedback about Zope.org</A> > > <A > HREF="http://10.0.11.3:1380/view_source";>DTML Source</A> > > </TD> > <TD WIDTH="10" ALIGN=CENTER> </TD> > </TR> > <TR> > <TD WIDTH="10"> </TD> > <TD WIDTH="150"> > <p style="font-size: 60%; color: #cfcfcf;">served by app2</p></TD> > <TD WIDTH="150"> </TD> > <TD> </TD> > <TD WIDTH="10"> </TD> > </TR> > </TABLE> > > > <P CLASS="copyright">© 2002 > <a href="http://www.zope.com/";>Zope Corporation</aAll rights reserved.</P> > > </BODY> > </HTML> > > <!-- > Traceback (innermost last): > File /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/Publish.py, > line 223, in publish_module > File /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/Publish.py, > line 187, in publish > File /usr/local/base/Zope-2.3.2-modified/lib/python/Zope/__init__.py, line > 221, in zpublisher_exception_hook > (Object: ApplicationDefaultPermissions) > File /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/Publish.py, > line 136, in publish > File > /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/HTTPRequest.py, > line 414, in processInputs > File /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/xmlrpc.py, > line 120, in parse_input > File /usr/local/base/Zope-2.3.2-modified/lib/python/xmlrpclib.py, line > 531, in loads > File /var/tmp/python/python-root/usr/lib/python1.5/xmllib.py, line 153, in > close > File /var/tmp/python/python-root/usr/lib/python1.5/xmllib.py, line 365, in > goahead > File /var/tmp/python/python-root/usr/lib/python1.5/xmllib.py, line 748, in > syntax_error > RuntimeError: (see above) > > --> > Connection closed by foreign host. > > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > _______________________________________________ > Zope maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope-dev ) > _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
![http://www.zope.org/Images/zopebook.png"](http://www.zope.org/Images/zopebook.png"){kind=link}
![http://www.zope.org/Images/python.gif"](http://www.zope.org/Images/python.gif"){kind=link}