search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Issue #5812: The two-argument form of the Fraction constructor
[python.git] / Lib / CGIHTTPServer.py
blob13bfcdd22f031330d70ef3b73d521936cc9c2ef3
1 """CGI-savvy HTTP Server.
2
3 This module builds on SimpleHTTPServer by implementing GET and POST
4 requests to cgi-bin scripts.
5
6 If the os.fork() function is not present (e.g. on Windows),
7 os.popen2() is used as a fallback, with slightly altered semantics; if
8 that function is not present either (e.g. on Macintosh), only Python
9 scripts are supported, and they are executed by the current process.
10
11 In all cases, the implementation is intentionally naive -- all
12 requests are executed sychronously.
13
14 SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL
15 -- it may execute arbitrary Python code or external programs.
16
17 Note that status code 200 is sent prior to execution of a CGI script, so
18 scripts cannot send other status codes such as 302 (redirect).
19 """
20
21
22 __version__ = "0.4"
23
24 __all__ = ["CGIHTTPRequestHandler"]
25
26 import os
27 import sys
28 import urllib
29 import BaseHTTPServer
30 import SimpleHTTPServer
31 import select
32
33
34 class CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
35
36 """Complete HTTP server with GET, HEAD and POST commands.
37
38 GET and HEAD also support running CGI scripts.
39
40 The POST command is *only* implemented for CGI scripts.
41
42 """
43
44 # Determine platform specifics
45 have_fork = hasattr(os, 'fork')
46 have_popen2 = hasattr(os, 'popen2')
47 have_popen3 = hasattr(os, 'popen3')
48
49 # Make rfile unbuffered -- we need to read one line and then pass
50 # the rest to a subprocess, so we can't use buffered input.
51 rbufsize = 0
52
53 def do_POST(self):
54 """Serve a POST request.
55
56 This is only implemented for CGI scripts.
57
58 """
59
60 if self.is_cgi():
61 self.run_cgi()
62 else:
63 self.send_error(501, "Can only POST to CGI scripts")
64
65 def send_head(self):
66 """Version of send_head that support CGI scripts"""
67 if self.is_cgi():
68 return self.run_cgi()
69 else:
70 return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self)
71
72 def is_cgi(self):
73 """Test whether self.path corresponds to a CGI script.
74
75 Returns True and updates the cgi_info attribute to the tuple
76 (dir, rest) if self.path requires running a CGI script.
77 Returns False otherwise.
78
79 The default implementation tests whether the normalized url
80 path begins with one of the strings in self.cgi_directories
81 (and the next character is a '/' or the end of the string).
82 """
83 splitpath = _url_collapse_path_split(self.path)
84 if splitpath[0] in self.cgi_directories:
85 self.cgi_info = splitpath
86 return True
87 return False
88
89 cgi_directories = ['/cgi-bin', '/htbin']
90
91 def is_executable(self, path):
92 """Test whether argument path is an executable file."""
93 return executable(path)
94
95 def is_python(self, path):
96 """Test whether argument path is a Python script."""
97 head, tail = os.path.splitext(path)
98 return tail.lower() in (".py", ".pyw")
99
100 def run_cgi(self):
101 """Execute a CGI script."""
102 path = self.path
103 dir, rest = self.cgi_info
104
105 i = path.find('/', len(dir) + 1)
106 while i >= 0:
107 nextdir = path[:i]
108 nextrest = path[i+1:]
109
110 scriptdir = self.translate_path(nextdir)
111 if os.path.isdir(scriptdir):
112 dir, rest = nextdir, nextrest
113 i = path.find('/', len(dir) + 1)
114 else:
115 break
116
117 # find an explicit query string, if present.
118 i = rest.rfind('?')
119 if i >= 0:
120 rest, query = rest[:i], rest[i+1:]
121 else:
122 query = ''
123
124 # dissect the part after the directory name into a script name &
125 # a possible additional path, to be stored in PATH_INFO.
126 i = rest.find('/')
127 if i >= 0:
128 script, rest = rest[:i], rest[i:]
129 else:
130 script, rest = rest, ''
131
132 scriptname = dir + '/' + script
133 scriptfile = self.translate_path(scriptname)
134 if not os.path.exists(scriptfile):
135 self.send_error(404, "No such CGI script (%r)" % scriptname)
136 return
137 if not os.path.isfile(scriptfile):
138 self.send_error(403, "CGI script is not a plain file (%r)" %
139 scriptname)
140 return
141 ispy = self.is_python(scriptname)
142 if not ispy:
143 if not (self.have_fork or self.have_popen2 or self.have_popen3):
144 self.send_error(403, "CGI script is not a Python script (%r)" %
145 scriptname)
146 return
147 if not self.is_executable(scriptfile):
148 self.send_error(403, "CGI script is not executable (%r)" %
149 scriptname)
150 return
151
152 # Reference: http://hoohoo.ncsa.uiuc.edu/cgi/env.html
153 # XXX Much of the following could be prepared ahead of time!
154 env = {}
155 env['SERVER_SOFTWARE'] = self.version_string()
156 env['SERVER_NAME'] = self.server.server_name
157 env['GATEWAY_INTERFACE'] = 'CGI/1.1'
158 env['SERVER_PROTOCOL'] = self.protocol_version
159 env['SERVER_PORT'] = str(self.server.server_port)
160 env['REQUEST_METHOD'] = self.command
161 uqrest = urllib.unquote(rest)
162 env['PATH_INFO'] = uqrest
163 env['PATH_TRANSLATED'] = self.translate_path(uqrest)
164 env['SCRIPT_NAME'] = scriptname
165 if query:
166 env['QUERY_STRING'] = query
167 host = self.address_string()
168 if host != self.client_address[0]:
169 env['REMOTE_HOST'] = host
170 env['REMOTE_ADDR'] = self.client_address[0]
171 authorization = self.headers.getheader("authorization")
172 if authorization:
173 authorization = authorization.split()
174 if len(authorization) == 2:
175 import base64, binascii
176 env['AUTH_TYPE'] = authorization[0]
177 if authorization[0].lower() == "basic":
178 try:
179 authorization = base64.decodestring(authorization[1])
180 except binascii.Error:
181 pass
182 else:
183 authorization = authorization.split(':')
184 if len(authorization) == 2:
185 env['REMOTE_USER'] = authorization[0]
186 # XXX REMOTE_IDENT
187 if self.headers.typeheader is None:
188 env['CONTENT_TYPE'] = self.headers.type
189 else:
190 env['CONTENT_TYPE'] = self.headers.typeheader
191 length = self.headers.getheader('content-length')
192 if length:
193 env['CONTENT_LENGTH'] = length
194 referer = self.headers.getheader('referer')
195 if referer:
196 env['HTTP_REFERER'] = referer
197 accept = []
198 for line in self.headers.getallmatchingheaders('accept'):
199 if line[:1] in "\t\n\r ":
200 accept.append(line.strip())
201 else:
202 accept = accept + line[7:].split(',')
203 env['HTTP_ACCEPT'] = ','.join(accept)
204 ua = self.headers.getheader('user-agent')
205 if ua:
206 env['HTTP_USER_AGENT'] = ua
207 co = filter(None, self.headers.getheaders('cookie'))
208 if co:
209 env['HTTP_COOKIE'] = ', '.join(co)
210 # XXX Other HTTP_* headers
211 # Since we're setting the env in the parent, provide empty
212 # values to override previously set values
213 for k in ('QUERY_STRING', 'REMOTE_HOST', 'CONTENT_LENGTH',
214 'HTTP_USER_AGENT', 'HTTP_COOKIE', 'HTTP_REFERER'):
215 env.setdefault(k, "")
216 os.environ.update(env)
217
218 self.send_response(200, "Script output follows")
219
220 decoded_query = query.replace('+', ' ')
221
222 if self.have_fork:
223 # Unix -- fork as we should
224 args = [script]
225 if '=' not in decoded_query:
226 args.append(decoded_query)
227 nobody = nobody_uid()
228 self.wfile.flush() # Always flush before forking
229 pid = os.fork()
230 if pid != 0:
231 # Parent
232 pid, sts = os.waitpid(pid, 0)
233 # throw away additional data [see bug #427345]
234 while select.select([self.rfile], [], [], 0)[0]:
235 if not self.rfile.read(1):
236 break
237 if sts:
238 self.log_error("CGI script exit status %#x", sts)
239 return
240 # Child
241 try:
242 try:
243 os.setuid(nobody)
244 except os.error:
245 pass
246 os.dup2(self.rfile.fileno(), 0)
247 os.dup2(self.wfile.fileno(), 1)
248 os.execve(scriptfile, args, os.environ)
249 except:
250 self.server.handle_error(self.request, self.client_address)
251 os._exit(127)
252
253 elif self.have_popen2 or self.have_popen3:
254 # Windows -- use popen2 or popen3 to create a subprocess
255 import shutil
256 if self.have_popen3:
257 popenx = os.popen3
258 else:
259 popenx = os.popen2
260 cmdline = scriptfile
261 if self.is_python(scriptfile):
262 interp = sys.executable
263 if interp.lower().endswith("w.exe"):
264 # On Windows, use python.exe, not pythonw.exe
265 interp = interp[:-5] + interp[-4:]
266 cmdline = "%s -u %s" % (interp, cmdline)
267 if '=' not in query and '"' not in query:
268 cmdline = '%s "%s"' % (cmdline, query)
269 self.log_message("command: %s", cmdline)
270 try:
271 nbytes = int(length)
272 except (TypeError, ValueError):
273 nbytes = 0
274 files = popenx(cmdline, 'b')
275 fi = files[0]
276 fo = files[1]
277 if self.have_popen3:
278 fe = files[2]
279 if self.command.lower() == "post" and nbytes > 0:
280 data = self.rfile.read(nbytes)
281 fi.write(data)
282 # throw away additional data [see bug #427345]
283 while select.select([self.rfile._sock], [], [], 0)[0]:
284 if not self.rfile._sock.recv(1):
285 break
286 fi.close()
287 shutil.copyfileobj(fo, self.wfile)
288 if self.have_popen3:
289 errors = fe.read()
290 fe.close()
291 if errors:
292 self.log_error('%s', errors)
293 sts = fo.close()
294 if sts:
295 self.log_error("CGI script exit status %#x", sts)
296 else:
297 self.log_message("CGI script exited OK")
298
299 else:
300 # Other O.S. -- execute script in this process
301 save_argv = sys.argv
302 save_stdin = sys.stdin
303 save_stdout = sys.stdout
304 save_stderr = sys.stderr
305 try:
306 save_cwd = os.getcwd()
307 try:
308 sys.argv = [scriptfile]
309 if '=' not in decoded_query:
310 sys.argv.append(decoded_query)
311 sys.stdout = self.wfile
312 sys.stdin = self.rfile
313 execfile(scriptfile, {"__name__": "__main__"})
314 finally:
315 sys.argv = save_argv
316 sys.stdin = save_stdin
317 sys.stdout = save_stdout
318 sys.stderr = save_stderr
319 os.chdir(save_cwd)
320 except SystemExit, sts:
321 self.log_error("CGI script exit status %s", str(sts))
322 else:
323 self.log_message("CGI script exited OK")
324
325
326 # TODO(gregory.p.smith): Move this into an appropriate library.
327 def _url_collapse_path_split(path):
328 """
329 Given a URL path, remove extra '/'s and '.' path elements and collapse
330 any '..' references.
331
332 Implements something akin to RFC-2396 5.2 step 6 to parse relative paths.
333
334 Returns: A tuple of (head, tail) where tail is everything after the final /
335 and head is everything before it. Head will always start with a '/' and,
336 if it contains anything else, never have a trailing '/'.
337
338 Raises: IndexError if too many '..' occur within the path.
339 """
340 # Similar to os.path.split(os.path.normpath(path)) but specific to URL
341 # path semantics rather than local operating system semantics.
342 path_parts = []
343 for part in path.split('/'):
344 if part == '.':
345 path_parts.append('')
346 else:
347 path_parts.append(part)
348 # Filter out blank non trailing parts before consuming the '..'.
349 path_parts = [part for part in path_parts[:-1] if part] + path_parts[-1:]
350 if path_parts:
351 tail_part = path_parts.pop()
352 else:
353 tail_part = ''
354 head_parts = []
355 for part in path_parts:
356 if part == '..':
357 head_parts.pop()
358 else:
359 head_parts.append(part)
360 if tail_part and tail_part == '..':
361 head_parts.pop()
362 tail_part = ''
363 return ('/' + '/'.join(head_parts), tail_part)
364
365
366 nobody = None
367
368 def nobody_uid():
369 """Internal routine to get nobody's uid"""
370 global nobody
371 if nobody:
372 return nobody
373 try:
374 import pwd
375 except ImportError:
376 return -1
377 try:
378 nobody = pwd.getpwnam('nobody')[2]
379 except KeyError:
380 nobody = 1 + max(map(lambda x: x[2], pwd.getpwall()))
381 return nobody
382
383
384 def executable(path):
385 """Test for executable file."""
386 try:
387 st = os.stat(path)
388 except os.error:
389 return False
390 return st.st_mode & 0111 != 0
391
392
393 def test(HandlerClass = CGIHTTPRequestHandler,
394 ServerClass = BaseHTTPServer.HTTPServer):
395 SimpleHTTPServer.test(HandlerClass, ServerClass)
396
397
398 if __name__ == '__main__':
399 test()
python git mirror