source: trunk/essentials/dev-lang/python/Lib/CGIHTTPServer.py

Last change on this file was 3225, checked in by bird, 18 years ago

Python 2.5
File size: 11.6 KB
Line 
1"""CGI-savvy HTTP Server.
2
3This module builds on SimpleHTTPServer by implementing GET and POST
4requests to cgi-bin scripts.
5
6If the os.fork() function is not present (e.g. on Windows),
7os.popen2() is used as a fallback, with slightly altered semantics; if
8that function is not present either (e.g. on Macintosh), only Python
9scripts are supported, and they are executed by the current process.
10
11In all cases, the implementation is intentionally naive -- all
12requests are executed sychronously.
13
14SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL
15-- it may execute arbitrary Python code or external programs.
16
17Note that status code 200 is sent prior to execution of a CGI script, so
18scripts cannot send other status codes such as 302 (redirect).
19"""
20
21
22__version__ = "0.4"
23
24__all__ = ["CGIHTTPRequestHandler"]
25
26import os
27import sys
28import urllib
29import BaseHTTPServer
30import SimpleHTTPServer
31import select
32
33
34class CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
35
36 """Complete HTTP server with GET, HEAD and POST commands.
37
38 GET and HEAD also support running CGI scripts.
39
40 The POST command is *only* implemented for CGI scripts.
41
42 """
43
44 # Determine platform specifics
45 have_fork = hasattr(os, 'fork')
46 have_popen2 = hasattr(os, 'popen2')
47 have_popen3 = hasattr(os, 'popen3')
48
49 # Make rfile unbuffered -- we need to read one line and then pass
50 # the rest to a subprocess, so we can't use buffered input.
51 rbufsize = 0
52
53 def do_POST(self):
54 """Serve a POST request.
55
56 This is only implemented for CGI scripts.
57
58 """
59
60 if self.is_cgi():
61 self.run_cgi()
62 else:
63 self.send_error(501, "Can only POST to CGI scripts")
64
65 def send_head(self):
66 """Version of send_head that support CGI scripts"""
67 if self.is_cgi():
68 return self.run_cgi()
69 else:
70 return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self)
71
72 def is_cgi(self):
73 """Test whether self.path corresponds to a CGI script.
74
75 Return a tuple (dir, rest) if self.path requires running a
76 CGI script, None if not. Note that rest begins with a
77 slash if it is not empty.
78
79 The default implementation tests whether the path
80 begins with one of the strings in the list
81 self.cgi_directories (and the next character is a '/'
82 or the end of the string).
83
84 """
85
86 path = self.path
87
88 for x in self.cgi_directories:
89 i = len(x)
90 if path[:i] == x and (not path[i:] or path[i] == '/'):
91 self.cgi_info = path[:i], path[i+1:]
92 return True
93 return False
94
95 cgi_directories = ['/cgi-bin', '/htbin']
96
97 def is_executable(self, path):
98 """Test whether argument path is an executable file."""
99 return executable(path)
100
101 def is_python(self, path):
102 """Test whether argument path is a Python script."""
103 head, tail = os.path.splitext(path)
104 return tail.lower() in (".py", ".pyw")
105
106 def run_cgi(self):
107 """Execute a CGI script."""
108 dir, rest = self.cgi_info
109 i = rest.rfind('?')
110 if i >= 0:
111 rest, query = rest[:i], rest[i+1:]
112 else:
113 query = ''
114 i = rest.find('/')
115 if i >= 0:
116 script, rest = rest[:i], rest[i:]
117 else:
118 script, rest = rest, ''
119 scriptname = dir + '/' + script
120 scriptfile = self.translate_path(scriptname)
121 if not os.path.exists(scriptfile):
122 self.send_error(404, "No such CGI script (%r)" % scriptname)
123 return
124 if not os.path.isfile(scriptfile):
125 self.send_error(403, "CGI script is not a plain file (%r)" %
126 scriptname)
127 return
128 ispy = self.is_python(scriptname)
129 if not ispy:
130 if not (self.have_fork or self.have_popen2 or self.have_popen3):
131 self.send_error(403, "CGI script is not a Python script (%r)" %
132 scriptname)
133 return
134 if not self.is_executable(scriptfile):
135 self.send_error(403, "CGI script is not executable (%r)" %
136 scriptname)
137 return
138
139 # Reference: http://hoohoo.ncsa.uiuc.edu/cgi/env.html
140 # XXX Much of the following could be prepared ahead of time!
141 env = {}
142 env['SERVER_SOFTWARE'] = self.version_string()
143 env['SERVER_NAME'] = self.server.server_name
144 env['GATEWAY_INTERFACE'] = 'CGI/1.1'
145 env['SERVER_PROTOCOL'] = self.protocol_version
146 env['SERVER_PORT'] = str(self.server.server_port)
147 env['REQUEST_METHOD'] = self.command
148 uqrest = urllib.unquote(rest)
149 env['PATH_INFO'] = uqrest
150 env['PATH_TRANSLATED'] = self.translate_path(uqrest)
151 env['SCRIPT_NAME'] = scriptname
152 if query:
153 env['QUERY_STRING'] = query
154 host = self.address_string()
155 if host != self.client_address[0]:
156 env['REMOTE_HOST'] = host
157 env['REMOTE_ADDR'] = self.client_address[0]
158 authorization = self.headers.getheader("authorization")
159 if authorization:
160 authorization = authorization.split()
161 if len(authorization) == 2:
162 import base64, binascii
163 env['AUTH_TYPE'] = authorization[0]
164 if authorization[0].lower() == "basic":
165 try:
166 authorization = base64.decodestring(authorization[1])
167 except binascii.Error:
168 pass
169 else:
170 authorization = authorization.split(':')
171 if len(authorization) == 2:
172 env['REMOTE_USER'] = authorization[0]
173 # XXX REMOTE_IDENT
174 if self.headers.typeheader is None:
175 env['CONTENT_TYPE'] = self.headers.type
176 else:
177 env['CONTENT_TYPE'] = self.headers.typeheader
178 length = self.headers.getheader('content-length')
179 if length:
180 env['CONTENT_LENGTH'] = length
181 accept = []
182 for line in self.headers.getallmatchingheaders('accept'):
183 if line[:1] in "\t\n\r ":
184 accept.append(line.strip())
185 else:
186 accept = accept + line[7:].split(',')
187 env['HTTP_ACCEPT'] = ','.join(accept)
188 ua = self.headers.getheader('user-agent')
189 if ua:
190 env['HTTP_USER_AGENT'] = ua
191 co = filter(None, self.headers.getheaders('cookie'))
192 if co:
193 env['HTTP_COOKIE'] = ', '.join(co)
194 # XXX Other HTTP_* headers
195 # Since we're setting the env in the parent, provide empty
196 # values to override previously set values
197 for k in ('QUERY_STRING', 'REMOTE_HOST', 'CONTENT_LENGTH',
198 'HTTP_USER_AGENT', 'HTTP_COOKIE'):
199 env.setdefault(k, "")
200 os.environ.update(env)
201
202 self.send_response(200, "Script output follows")
203
204 decoded_query = query.replace('+', ' ')
205
206 if self.have_fork:
207 # Unix -- fork as we should
208 args = [script]
209 if '=' not in decoded_query:
210 args.append(decoded_query)
211 nobody = nobody_uid()
212 self.wfile.flush() # Always flush before forking
213 pid = os.fork()
214 if pid != 0:
215 # Parent
216 pid, sts = os.waitpid(pid, 0)
217 # throw away additional data [see bug #427345]
218 while select.select([self.rfile], [], [], 0)[0]:
219 if not self.rfile.read(1):
220 break
221 if sts:
222 self.log_error("CGI script exit status %#x", sts)
223 return
224 # Child
225 try:
226 try:
227 os.setuid(nobody)
228 except os.error:
229 pass
230 os.dup2(self.rfile.fileno(), 0)
231 os.dup2(self.wfile.fileno(), 1)
232 os.execve(scriptfile, args, os.environ)
233 except:
234 self.server.handle_error(self.request, self.client_address)
235 os._exit(127)
236
237 elif self.have_popen2 or self.have_popen3:
238 # Windows -- use popen2 or popen3 to create a subprocess
239 import shutil
240 if self.have_popen3:
241 popenx = os.popen3
242 else:
243 popenx = os.popen2
244 cmdline = scriptfile
245 if self.is_python(scriptfile):
246 interp = sys.executable
247 if interp.lower().endswith("w.exe"):
248 # On Windows, use python.exe, not pythonw.exe
249 interp = interp[:-5] + interp[-4:]
250 cmdline = "%s -u %s" % (interp, cmdline)
251 if '=' not in query and '"' not in query:
252 cmdline = '%s "%s"' % (cmdline, query)
253 self.log_message("command: %s", cmdline)
254 try:
255 nbytes = int(length)
256 except (TypeError, ValueError):
257 nbytes = 0
258 files = popenx(cmdline, 'b')
259 fi = files[0]
260 fo = files[1]
261 if self.have_popen3:
262 fe = files[2]
263 if self.command.lower() == "post" and nbytes > 0:
264 data = self.rfile.read(nbytes)
265 fi.write(data)
266 # throw away additional data [see bug #427345]
267 while select.select([self.rfile._sock], [], [], 0)[0]:
268 if not self.rfile._sock.recv(1):
269 break
270 fi.close()
271 shutil.copyfileobj(fo, self.wfile)
272 if self.have_popen3:
273 errors = fe.read()
274 fe.close()
275 if errors:
276 self.log_error('%s', errors)
277 sts = fo.close()
278 if sts:
279 self.log_error("CGI script exit status %#x", sts)
280 else:
281 self.log_message("CGI script exited OK")
282
283 else:
284 # Other O.S. -- execute script in this process
285 save_argv = sys.argv
286 save_stdin = sys.stdin
287 save_stdout = sys.stdout
288 save_stderr = sys.stderr
289 try:
290 save_cwd = os.getcwd()
291 try:
292 sys.argv = [scriptfile]
293 if '=' not in decoded_query:
294 sys.argv.append(decoded_query)
295 sys.stdout = self.wfile
296 sys.stdin = self.rfile
297 execfile(scriptfile, {"__name__": "__main__"})
298 finally:
299 sys.argv = save_argv
300 sys.stdin = save_stdin
301 sys.stdout = save_stdout
302 sys.stderr = save_stderr
303 os.chdir(save_cwd)
304 except SystemExit, sts:
305 self.log_error("CGI script exit status %s", str(sts))
306 else:
307 self.log_message("CGI script exited OK")
308
309
310nobody = None
311
312def nobody_uid():
313 """Internal routine to get nobody's uid"""
314 global nobody
315 if nobody:
316 return nobody
317 try:
318 import pwd
319 except ImportError:
320 return -1
321 try:
322 nobody = pwd.getpwnam('nobody')[2]
323 except KeyError:
324 nobody = 1 + max(map(lambda x: x[2], pwd.getpwall()))
325 return nobody
326
327
328def executable(path):
329 """Test for executable file."""
330 try:
331 st = os.stat(path)
332 except os.error:
333 return False
334 return st.st_mode & 0111 != 0
335
336
337def test(HandlerClass = CGIHTTPRequestHandler,
338 ServerClass = BaseHTTPServer.HTTPServer):
339 SimpleHTTPServer.test(HandlerClass, ServerClass)
340
341
342if __name__ == '__main__':
343 test()
Note: See TracBrowser for help on using the repository browser.