You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mod_python-dev@quetz.apache.org by "Graham Dumpleton (JIRA)" <ji...@apache.org> on 2006/03/07 02:39:30 UTC
[jira] Resolved: (MODPYTHON-43) mod_python.publisher auth functions
access to globals
[ http://issues.apache.org/jira/browse/MODPYTHON-43?page=all ]
Graham Dumpleton resolved MODPYTHON-43:
---------------------------------------
Resolution: Fixed
> mod_python.publisher auth functions access to globals
> -----------------------------------------------------
>
> Key: MODPYTHON-43
> URL: http://issues.apache.org/jira/browse/MODPYTHON-43
> Project: mod_python
> Type: Improvement
> Components: publisher
> Versions: 3.1.4
> Reporter: Graham Dumpleton
> Assignee: Graham Dumpleton
> Priority: Minor
> Fix For: 3.3
> Attachments: grahamd_20060224_MP43_1.diff
>
> In the mod_python.publisher code, the code for performing basic authentication
> has in a few spots code of the form:
> if "__auth__" in func_code.co_names:
> i = list(func_code.co_names).index("__auth__")
> __auth__ = func_code.co_consts[i+1]
> if hasattr(__auth__, "co_name"):
> __auth__ = new.function(__auth__, globals())
> found_auth = 1
> What this does is that if the target of the request is a function and that function
> contains a nested function, which in this case is called "__auth__", then that
> nested function is turned into a callable object and is subsequently called to
> determine if the user is able to perform the request.
> In making the nested function callable, it uses "globals()". By using this though
> it is using the globals from the mod_python.publisher module and not the
> module which the nested function is contained within. This means that the
> following code will actually fail.
> import xxx
> def function(req):
> def __auth__(req,username,password):
> return xxx.auth(req,username,password)
> This is because the module "xxx" imported at global scope within the module isn't
> available to the nested function when it is called as it is seeing the globals of
> mod_python.publisher instead. To get around the problem, the import has to be
> local to the nested function.
> def function(req):
> def __auth__(req,username,password):
> import xxx
> return xxx.auth(req,username,password)
> Since in this case the auth function being called is a nested function, we know that
> we can actually grab the globals for the correct module by getting "func_globals"
> from the enclosing function.
> if "__auth__" in func_code.co_names:
> i = list(func_code.co_names).index("__auth__")
> __auth__ = func_code.co_consts[i+1]
> if hasattr(__auth__, "co_name"):
> __auth__ = new.function(__auth__, object.func_globals)
> found_auth = 1
> Ie., instead of "globals()", use "object.func_globals" where "object is the enclosing
> function object.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira