view MoinMoin/auth/log.py @ 5910:7e7e1cbb9d3f

security: fix remote code execution vulnerability in twikidraw/anywikidraw actions We have wikiutil.taintfilename() to make user supplied filenames safe, so that they can't contain any "special" characters like path separators, etc. It is used at many places in moin, but wasn't used here. :|
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 29 Dec 2012 15:05:29 +0100
parents 70dfb3dea12d
children
line wrap: on
line source
# -*- coding: iso-8859-1 -*-
"""
    MoinMoin - logging auth plugin

    This does nothing except logging the auth parameters.
    Be careful with the logs, they contain sensitive data.
    Do not use this except for debugging auth problems.

    @copyright: 2006-2008 MoinMoin:ThomasWaldmann
    @license: GNU GPL, see COPYING for details.
"""

from MoinMoin import log
logging = log.getLogger(__name__)

from MoinMoin.auth import BaseAuth, ContinueLogin

class AuthLog(BaseAuth):
    """ just log the call, do nothing else """
    name = "log"

    def log(self, request, action, user_obj, kw):
        logging.info('%s: user_obj=%r kw=%r' % (action, user_obj, kw))

    def login(self, request, user_obj, **kw):
        self.log(request, 'login', user_obj, kw)
        return ContinueLogin(user_obj)

    def request(self, request, user_obj, **kw):
        self.log(request, 'session', user_obj, kw)
        return user_obj, True

    def logout(self, request, user_obj, **kw):
        self.log(request, 'logout', user_obj, kw)
        return user_obj, True