view MoinMoin/xmlrpc/putClientInfo.py @ 5910:7e7e1cbb9d3f

security: fix remote code execution vulnerability in twikidraw/anywikidraw actions We have wikiutil.taintfilename() to make user supplied filenames safe, so that they can't contain any "special" characters like path separators, etc. It is used at many places in moin, but wasn't used here. :|
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 29 Dec 2012 15:05:29 +0100
parents 01f05e74aa9c
children
line wrap: on
line source
"""
    This is a wiki xmlrpc plugin doing some usage logging.
    It enables server admins to see how many clients use xmlrpc how often.
    It also helps MoinMoin development team  to improve xmlrpc stuff and get
    some statistics about MoinMoin usage.

    @copyright: 2004 MoinMoin:ThomasWaldmann
    @license: GNU GPL, see COPYING for details.
"""

import os, time

def execute(xmlrpcobj, action, site):
    t = time.time()
    logentry = '%d %s %s\n' % (t, action, site)
    log = open(os.path.join(xmlrpcobj.request.cfg.data_dir, 'xmlrpc-log'), 'a')
    log.write(logentry)
    log.close()
    return 0