search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Patch by Jeremy Katz (SF #1609407)
[python.git] / Lib / CGIHTTPServer.py
blob7a5c8190d82c689d8dd52293ad345be07de402ad
1 """CGI-savvy HTTP Server.
2
3 This module builds on SimpleHTTPServer by implementing GET and POST
4 requests to cgi-bin scripts.
5
6 If the os.fork() function is not present (e.g. on Windows),
7 os.popen2() is used as a fallback, with slightly altered semantics; if
8 that function is not present either (e.g. on Macintosh), only Python
9 scripts are supported, and they are executed by the current process.
10
11 In all cases, the implementation is intentionally naive -- all
12 requests are executed sychronously.
13
14 SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL
15 -- it may execute arbitrary Python code or external programs.
16
17 Note that status code 200 is sent prior to execution of a CGI script, so
18 scripts cannot send other status codes such as 302 (redirect).
19 """
20
21
22 __version__ = "0.4"
23
24 __all__ = ["CGIHTTPRequestHandler"]
25
26 import os
27 import sys
28 import urllib
29 import BaseHTTPServer
30 import SimpleHTTPServer
31 import select
32
33
34 class CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
35
36 """Complete HTTP server with GET, HEAD and POST commands.
37
38 GET and HEAD also support running CGI scripts.
39
40 The POST command is *only* implemented for CGI scripts.
41
42 """
43
44 # Determine platform specifics
45 have_fork = hasattr(os, 'fork')
46 have_popen2 = hasattr(os, 'popen2')
47 have_popen3 = hasattr(os, 'popen3')
48
49 # Make rfile unbuffered -- we need to read one line and then pass
50 # the rest to a subprocess, so we can't use buffered input.
51 rbufsize = 0
52
53 def do_POST(self):
54 """Serve a POST request.
55
56 This is only implemented for CGI scripts.
57
58 """
59
60 if self.is_cgi():
61 self.run_cgi()
62 else:
63 self.send_error(501, "Can only POST to CGI scripts")
64
65 def send_head(self):
66 """Version of send_head that support CGI scripts"""
67 if self.is_cgi():
68 return self.run_cgi()
69 else:
70 return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self)
71
72 def is_cgi(self):
73 """Test whether self.path corresponds to a CGI script.
74
75 Return a tuple (dir, rest) if self.path requires running a
76 CGI script, None if not. Note that rest begins with a
77 slash if it is not empty.
78
79 The default implementation tests whether the path
80 begins with one of the strings in the list
81 self.cgi_directories (and the next character is a '/'
82 or the end of the string).
83
84 """
85
86 path = self.path
87
88 for x in self.cgi_directories:
89 i = len(x)
90 if path[:i] == x and (not path[i:] or path[i] == '/'):
91 self.cgi_info = path[:i], path[i+1:]
92 return True
93 return False
94
95 cgi_directories = ['/cgi-bin', '/htbin']
96
97 def is_executable(self, path):
98 """Test whether argument path is an executable file."""
99 return executable(path)
100
101 def is_python(self, path):
102 """Test whether argument path is a Python script."""
103 head, tail = os.path.splitext(path)
104 return tail.lower() in (".py", ".pyw")
105
106 def run_cgi(self):
107 """Execute a CGI script."""
108 dir, rest = self.cgi_info
109 i = rest.rfind('?')
110 if i >= 0:
111 rest, query = rest[:i], rest[i+1:]
112 else:
113 query = ''
114 i = rest.find('/')
115 if i >= 0:
116 script, rest = rest[:i], rest[i:]
117 else:
118 script, rest = rest, ''
119 scriptname = dir + '/' + script
120 scriptfile = self.translate_path(scriptname)
121 if not os.path.exists(scriptfile):
122 self.send_error(404, "No such CGI script (%r)" % scriptname)
123 return
124 if not os.path.isfile(scriptfile):
125 self.send_error(403, "CGI script is not a plain file (%r)" %
126 scriptname)
127 return
128 ispy = self.is_python(scriptname)
129 if not ispy:
130 if not (self.have_fork or self.have_popen2 or self.have_popen3):
131 self.send_error(403, "CGI script is not a Python script (%r)" %
132 scriptname)
133 return
134 if not self.is_executable(scriptfile):
135 self.send_error(403, "CGI script is not executable (%r)" %
136 scriptname)
137 return
138
139 # Reference: http://hoohoo.ncsa.uiuc.edu/cgi/env.html
140 # XXX Much of the following could be prepared ahead of time!
141 env = {}
142 env['SERVER_SOFTWARE'] = self.version_string()
143 env['SERVER_NAME'] = self.server.server_name
144 env['GATEWAY_INTERFACE'] = 'CGI/1.1'
145 env['SERVER_PROTOCOL'] = self.protocol_version
146 env['SERVER_PORT'] = str(self.server.server_port)
147 env['REQUEST_METHOD'] = self.command
148 uqrest = urllib.unquote(rest)
149 env['PATH_INFO'] = uqrest
150 env['PATH_TRANSLATED'] = self.translate_path(uqrest)
151 env['SCRIPT_NAME'] = scriptname
152 if query:
153 env['QUERY_STRING'] = query
154 host = self.address_string()
155 if host != self.client_address[0]:
156 env['REMOTE_HOST'] = host
157 env['REMOTE_ADDR'] = self.client_address[0]
158 authorization = self.headers.getheader("authorization")
159 if authorization:
160 authorization = authorization.split()
161 if len(authorization) == 2:
162 import base64, binascii
163 env['AUTH_TYPE'] = authorization[0]
164 if authorization[0].lower() == "basic":
165 try:
166 authorization = base64.decodestring(authorization[1])
167 except binascii.Error:
168 pass
169 else:
170 authorization = authorization.split(':')
171 if len(authorization) == 2:
172 env['REMOTE_USER'] = authorization[0]
173 # XXX REMOTE_IDENT
174 if self.headers.typeheader is None:
175 env['CONTENT_TYPE'] = self.headers.type
176 else:
177 env['CONTENT_TYPE'] = self.headers.typeheader
178 length = self.headers.getheader('content-length')
179 if length:
180 env['CONTENT_LENGTH'] = length
181 accept = []
182 for line in self.headers.getallmatchingheaders('accept'):
183 if line[:1] in "\t\n\r ":
184 accept.append(line.strip())
185 else:
186 accept = accept + line[7:].split(',')
187 env['HTTP_ACCEPT'] = ','.join(accept)
188 ua = self.headers.getheader('user-agent')
189 if ua:
190 env['HTTP_USER_AGENT'] = ua
191 co = filter(None, self.headers.getheaders('cookie'))
192 if co:
193 env['HTTP_COOKIE'] = ', '.join(co)
194 # XXX Other HTTP_* headers
195 # Since we're setting the env in the parent, provide empty
196 # values to override previously set values
197 for k in ('QUERY_STRING', 'REMOTE_HOST', 'CONTENT_LENGTH',
198 'HTTP_USER_AGENT', 'HTTP_COOKIE'):
199 env.setdefault(k, "")
200 os.environ.update(env)
201
202 self.send_response(200, "Script output follows")
203
204 decoded_query = query.replace('+', ' ')
205
206 if self.have_fork:
207 # Unix -- fork as we should
208 args = [script]
209 if '=' not in decoded_query:
210 args.append(decoded_query)
211 nobody = nobody_uid()
212 self.wfile.flush() # Always flush before forking
213 pid = os.fork()
214 if pid != 0:
215 # Parent
216 pid, sts = os.waitpid(pid, 0)
217 # throw away additional data [see bug #427345]
218 while select.select([self.rfile], [], [], 0)[0]:
219 if not self.rfile.read(1):
220 break
221 if sts:
222 self.log_error("CGI script exit status %#x", sts)
223 return
224 # Child
225 try:
226 try:
227 os.setuid(nobody)
228 except os.error:
229 pass
230 os.dup2(self.rfile.fileno(), 0)
231 os.dup2(self.wfile.fileno(), 1)
232 os.execve(scriptfile, args, os.environ)
233 except:
234 self.server.handle_error(self.request, self.client_address)
235 os._exit(127)
236
237 elif self.have_popen2 or self.have_popen3:
238 # Windows -- use popen2 or popen3 to create a subprocess
239 import shutil
240 if self.have_popen3:
241 popenx = os.popen3
242 else:
243 popenx = os.popen2
244 cmdline = scriptfile
245 if self.is_python(scriptfile):
246 interp = sys.executable
247 if interp.lower().endswith("w.exe"):
248 # On Windows, use python.exe, not pythonw.exe
249 interp = interp[:-5] + interp[-4:]
250 cmdline = "%s -u %s" % (interp, cmdline)
251 if '=' not in query and '"' not in query:
252 cmdline = '%s "%s"' % (cmdline, query)
253 self.log_message("command: %s", cmdline)
254 try:
255 nbytes = int(length)
256 except (TypeError, ValueError):
257 nbytes = 0
258 files = popenx(cmdline, 'b')
259 fi = files[0]
260 fo = files[1]
261 if self.have_popen3:
262 fe = files[2]
263 if self.command.lower() == "post" and nbytes > 0:
264 data = self.rfile.read(nbytes)
265 fi.write(data)
266 # throw away additional data [see bug #427345]
267 while select.select([self.rfile._sock], [], [], 0)[0]:
268 if not self.rfile._sock.recv(1):
269 break
270 fi.close()
271 shutil.copyfileobj(fo, self.wfile)
272 if self.have_popen3:
273 errors = fe.read()
274 fe.close()
275 if errors:
276 self.log_error('%s', errors)
277 sts = fo.close()
278 if sts:
279 self.log_error("CGI script exit status %#x", sts)
280 else:
281 self.log_message("CGI script exited OK")
282
283 else:
284 # Other O.S. -- execute script in this process
285 save_argv = sys.argv
286 save_stdin = sys.stdin
287 save_stdout = sys.stdout
288 save_stderr = sys.stderr
289 try:
290 save_cwd = os.getcwd()
291 try:
292 sys.argv = [scriptfile]
293 if '=' not in decoded_query:
294 sys.argv.append(decoded_query)
295 sys.stdout = self.wfile
296 sys.stdin = self.rfile
297 execfile(scriptfile, {"__name__": "__main__"})
298 finally:
299 sys.argv = save_argv
300 sys.stdin = save_stdin
301 sys.stdout = save_stdout
302 sys.stderr = save_stderr
303 os.chdir(save_cwd)
304 except SystemExit, sts:
305 self.log_error("CGI script exit status %s", str(sts))
306 else:
307 self.log_message("CGI script exited OK")
308
309
310 nobody = None
311
312 def nobody_uid():
313 """Internal routine to get nobody's uid"""
314 global nobody
315 if nobody:
316 return nobody
317 try:
318 import pwd
319 except ImportError:
320 return -1
321 try:
322 nobody = pwd.getpwnam('nobody')[2]
323 except KeyError:
324 nobody = 1 + max(map(lambda x: x[2], pwd.getpwall()))
325 return nobody
326
327
328 def executable(path):
329 """Test for executable file."""
330 try:
331 st = os.stat(path)
332 except os.error:
333 return False
334 return st.st_mode & 0111 != 0
335
336
337 def test(HandlerClass = CGIHTTPRequestHandler,
338 ServerClass = BaseHTTPServer.HTTPServer):
339 SimpleHTTPServer.test(HandlerClass, ServerClass)
340
341
342 if __name__ == '__main__':
343 test()
python git mirror