^Rc@sdZdZdgZddlZddlZddlZddlZddlZddlZddl Z dej fdYZ dZ e adZdZe ejd Zed krendS( sCGI-savvy HTTP Server. This module builds on SimpleHTTPServer by implementing GET and POST requests to cgi-bin scripts. If the os.fork() function is not present (e.g. on Windows), os.popen2() is used as a fallback, with slightly altered semantics; if that function is not present either (e.g. on Macintosh), only Python scripts are supported, and they are executed by the current process. In all cases, the implementation is intentionally naive -- all requests are executed sychronously. SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL -- it may execute arbitrary Python code or external programs. Note that status code 200 is sent prior to execution of a CGI script, so scripts cannot send other status codes such as 302 (redirect). s0.4tCGIHTTPRequestHandleriNcBseZdZeedZeedZeedZdZdZ dZ dZ dd gZ d Z d Zd ZRS( sComplete HTTP server with GET, HEAD and POST commands. GET and HEAD also support running CGI scripts. The POST command is *only* implemented for CGI scripts. tforktpopen2tpopen3icCs-|jr|jn|jdddS(sRServe a POST request. This is only implemented for CGI scripts. isCan only POST to CGI scriptsN(tis_cgitrun_cgit send_error(tself((s#/usr/lib/python2.7/CGIHTTPServer.pytdo_POST6s  cCs*|jr|jStjj|SdS(s-Version of send_head that support CGI scriptsN(RRtSimpleHTTPServertSimpleHTTPRequestHandlert send_head(R((s#/usr/lib/python2.7/CGIHTTPServer.pyR Bs  cCs`t|j}|jdd}|| ||d}}||jkr\||f|_tStS(s2Test whether self.path corresponds to a CGI script. Returns True and updates the cgi_info attribute to the tuple (dir, rest) if self.path requires running a CGI script. Returns False otherwise. If any exception is raised, the caller should assume that self.path was rejected as invalid and act accordingly. The default implementation tests whether the normalized url path begins with one of the strings in self.cgi_directories (and the next character is a '/' or the end of the string). t/i(t_url_collapse_pathtpathtfindtcgi_directoriestcgi_infotTruetFalse(Rtcollapsed_pathtdir_septheadttail((s#/usr/lib/python2.7/CGIHTTPServer.pyRIss/cgi-bins/htbincCs t|S(s1Test whether argument path is an executable file.(t executable(RR((s#/usr/lib/python2.7/CGIHTTPServer.pyt is_executableascCs(tjj|\}}|jdkS(s.Test whether argument path is a Python script.s.pys.pyw(s.pys.pyw(tosRtsplitexttlower(RRRR((s#/usr/lib/python2.7/CGIHTTPServer.pyt is_pythonesc( Cs|j}|j\}}|jdt|d}xv|dkr|| }||d}|j|}tjj|r||}}|jdt|d}q7Pq7W|jd}|dkr|| ||d}}nd}|jd}|dkr|| ||} }n |d} }|d| } |j| } tjj| sq|j dd| dStjj | s|j d d | dS|j | } | s |j p|j p|js|j d d | dS|j| s |j d d | dSntjtj} |j| d <|jj| ddtj=|j3j>dtj?| || Wq|jj@|jA|jtjBd6qXnddlC}| g} |j | rItDjE}!|!j#jFd7r6|!d8 |!d9}!n|!d:g| } nd4|kre| j*|n|jGd;|jH| ytI|}"WntJtKfk rd}"nX|jL| d<|jMd=|jMd>|jMd?| }#|jj#d@kr|"dkr|j8j9|"}$nd}$xBt7j7|j8jNgggddr^|j8jNjOdsPqqW|#jP|$\}%}&|j3jQ|%|&r|j:dA|&n|#jRjS|#jTjS|#jU}'|'r|j:d5|'n |jGdBdS(DsExecute a CGI script.R iit?tisNo such CGI script (%r)Nis#CGI script is not a plain file (%r)s&CGI script is not a Python script (%r)s!CGI script is not executable (%r)tSERVER_SOFTWAREt SERVER_NAMEsCGI/1.1tGATEWAY_INTERFACEtSERVER_PROTOCOLt SERVER_PORTtREQUEST_METHODt PATH_INFOtPATH_TRANSLATEDt SCRIPT_NAMEt QUERY_STRINGt REMOTE_HOSTt REMOTE_ADDRt authorizationiit AUTH_TYPEtbasict:t REMOTE_USERt CONTENT_TYPEscontent-lengthtCONTENT_LENGTHtreferert HTTP_REFERERtaccepts it,t HTTP_ACCEPTs user-agenttHTTP_USER_AGENTtcookies, t HTTP_COOKIEisScript output followst+t t=sCGI script exit status %#xisw.exeiis-us command: %ststdintstdouttstderrtenvtposts%ssCGI script exited OK(R)R*R2R8R:R4(VRRRtlenttranslate_pathRtisdirtrfindtexistsRtisfileRt have_forkt have_popen2t have_popen3Rtcopytdeepcopytenvirontversion_stringtservert server_nametprotocol_versiontstrt server_porttcommandturllibtunquotetaddress_stringtclient_addresstheaderst getheadertsplittbase64tbinasciiRt decodestringtErrort typeheadertNonettypetgetallmatchingheaderstappendtstriptjointfiltert getheaderst setdefaultt send_responsetreplacet nobody_uidtwfiletflushRtwaitpidtselecttrfiletreadt log_errortsetuidterrortdup2tfilenotexecvet handle_errortrequestt_exitt subprocesstsysRtendswitht log_messaget list2cmdlinetintt TypeErrort ValueErrortPopentPIPEt_socktrecvt communicatetwriteR@tcloseR?t returncode((RRtdirtresttitnextdirtnextrestt scriptdirtquerytscriptt scriptnamet scriptfiletispyRAtuqrestthostR,R]R^tlengthR3R5tlinetuatcotkt decoded_querytargstnobodytpidtstsR}tcmdlinetinterptnbytestptdataR?R@tstatus((s#/usr/lib/python2.7/CGIHTTPServer.pyRjs8                             %          !(   (t__name__t __module__t__doc__thasattrRRIRJRKtrbufsizeRR RRRRR(((s#/usr/lib/python2.7/CGIHTTPServer.pyR#s     cCs|jd}g}xM|d D]A}|dkr?|jq |r |dkr |j|q q W|r|j}|r|dkr|jd}q|dkrd}qqnd}ddj||f}dj|}|S(s` Given a URL path, remove extra '/'s and '.' path elements and collapse any '..' references and returns a colllapsed path. Implements something akin to RFC-2396 5.2 step 6 to parse relative paths. The utility of this function is limited to is_cgi method and helps preventing some security attacks. Returns: A tuple of (head, tail) where tail is everything after the final / and head is everything before it. Head will always start with a '/' and, if it contains anything else, never have a trailing '/'. Raises: IndexError if too many '..' occur within the path. R is..t.R(R\tpopReRg(Rt path_partst head_partstpartt tail_partt splitpathR((s#/usr/lib/python2.7/CGIHTTPServer.pyR /s&       cCstr tSyddl}Wntk r.dSXy|jddaWn3tk r{dttd|janXtS(s$Internal routine to get nobody's uidiNRiicSs|dS(Ni((tx((s#/usr/lib/python2.7/CGIHTTPServer.pytgs(Rtpwdt ImportErrortgetpwnamtKeyErrortmaxtmaptgetpwall(R((s#/usr/lib/python2.7/CGIHTTPServer.pyRm[s  &cCs<ytj|}Wntjk r*tSX|jd@dkS(sTest for executable file.iIi(RtstatRvRtst_mode(Rtst((s#/usr/lib/python2.7/CGIHTTPServer.pyRks cCstj||dS(N(R ttest(t HandlerClasst ServerClass((s#/usr/lib/python2.7/CGIHTTPServer.pyRtst__main__(Rt __version__t__all__RR~RVtBaseHTTPServerR RqRLR RR RbRRmRt HTTPServerRR(((s#/usr/lib/python2.7/CGIHTTPServer.pyts&         *