changeset 2799:eab2cd188ca6

added 'xmlrpc' to actions_excluded default value, return Fault if xmlrpc action is excluded
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Wed, 05 Sep 2007 15:43:00 +0200
parents 473826ac22a4
children 2b6fd7098531
files MoinMoin/config/multiconfig.py MoinMoin/xmlrpc/__init__.py
diffstat 2 files changed, 11 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Wed Sep 05 13:18:33 2007 +0200
+++ b/MoinMoin/config/multiconfig.py	Wed Sep 05 15:43:00 2007 +0200
@@ -219,7 +219,7 @@
     acl_rights_valid = ['read', 'write', 'delete', 'revert', 'admin']
     acl_hierarchic = False
 
-    actions_excluded = [] # ['DeletePage', 'AttachFile', 'RenamePage', 'test', ]
+    actions_excluded = ['xmlrpc'] # ['DeletePage', 'AttachFile', 'RenamePage', 'test', ]
     allow_xslt = False
     antispam_master_url = "http://moinmaster.wikiwikiweb.de:8000/?action=xmlrpc2"
     attachments = None # {'dir': path, 'url': url-prefix}
--- a/MoinMoin/xmlrpc/__init__.py	Wed Sep 05 13:18:33 2007 +0200
+++ b/MoinMoin/xmlrpc/__init__.py	Wed Sep 05 15:43:00 2007 +0200
@@ -113,15 +113,18 @@
     def process(self):
         """ xmlrpc v1 and v2 dispatcher """
         try:
-            data = self.request.read()
-            params, method = xmlrpclib.loads(data)
+            if 'xmlrpc' in self.request.cfg.actions_excluded:
+                # we do not handle xmlrpc v1 and v2 differently
+                response = xmlrpclib.Fault(1, "This moin wiki does not allow xmlrpc method calls.")
+            else:
+                data = self.request.read()
+                params, method = xmlrpclib.loads(data)
 
-            if _debug:
-                sys.stderr.write('- XMLRPC ' + '-' * 70 + '\n')
-                sys.stderr.write('%s(%s)\n\n' % (method, repr(params)))
+                if _debug:
+                    sys.stderr.write('- XMLRPC ' + '-' * 70 + '\n')
+                    sys.stderr.write('%s(%s)\n\n' % (method, repr(params)))
 
-            response = self.dispatch(method, params)
-
+                response = self.dispatch(method, params)
         except:
             # report exception back to server
             response = xmlrpclib.dumps(xmlrpclib.Fault(1, self._dump_exc()))