form.py rest_admin.py rest_voter.py

humbedooh Sun, 22 Mar 2015 12:53:04 -0700

Author: humbedooh
Date: Sun Mar 22 19:52:17 2015
New Revision: 1668466

URL: http://svn.apache.org/r1668466
Log:
refactor CGI form fetching, sanitize a bit to avoid XSS


Added:
    steve/trunk/pytest/www/cgi-bin/lib/form.py
Modified:
    steve/trunk/pytest/www/cgi-bin/rest_admin.py
    steve/trunk/pytest/www/cgi-bin/rest_voter.py

Added: steve/trunk/pytest/www/cgi-bin/lib/form.py
URL: 
http://svn.apache.org/viewvc/steve/trunk/pytest/www/cgi-bin/lib/form.py?rev=1668466&view=auto
==============================================================================
--- steve/trunk/pytest/www/cgi-bin/lib/form.py (added)
+++ steve/trunk/pytest/www/cgi-bin/lib/form.py Sun Mar 22 19:52:17 2015
@@ -0,0 +1,12 @@
+import hashlib, json, random, os, sys, time
+from __main__ import homedir, config
+import cgi
+
+
+xform = cgi.FieldStorage();
+
+def getvalue(key):
+    val = xform.getvalue(key)
+    if val:
+        return val.replace("<", "&lt;")
+    
\ No newline at end of file

Modified: steve/trunk/pytest/www/cgi-bin/rest_admin.py
URL: 
http://svn.apache.org/viewvc/steve/trunk/pytest/www/cgi-bin/rest_admin.py?rev=1668466&r1=1668465&r2=1668466&view=diff
==============================================================================
--- steve/trunk/pytest/www/cgi-bin/rest_admin.py (original)
+++ steve/trunk/pytest/www/cgi-bin/rest_admin.py Sun Mar 22 19:52:17 2015
@@ -39,11 +39,11 @@ config.read(path + '/../../steve.cfg')
 # Some quick paths
 homedir = config.get("general", "homedir")
 pathinfo = os.environ['PATH_INFO'] if 'PATH_INFO' in os.environ else None
-form = cgi.FieldStorage();
+
 
 whoami = os.environ['REMOTE_USER'] if 'REMOTE_USER' in os.environ else None
 
-from lib import response, voter, election
+from lib import response, voter, election, form
 
 if not whoami:
     response.respond(403, {'message': 'Could not verify your identity: No auth 
scheme found'})

Modified: steve/trunk/pytest/www/cgi-bin/rest_voter.py
URL: 
http://svn.apache.org/viewvc/steve/trunk/pytest/www/cgi-bin/rest_voter.py?rev=1668466&r1=1668465&r2=1668466&view=diff
==============================================================================
--- steve/trunk/pytest/www/cgi-bin/rest_voter.py (original)
+++ steve/trunk/pytest/www/cgi-bin/rest_voter.py Sun Mar 22 19:52:17 2015
@@ -39,9 +39,8 @@ config.read(path + '/../../steve.cfg')
 # Some quick paths
 homedir = config.get("general", "homedir")
 pathinfo = os.environ['PATH_INFO'] if 'PATH_INFO' in os.environ else None
-form = cgi.FieldStorage();
 
-from lib import response, voter, election
+from lib import response, voter, election, form
 
 
 whoami = os.environ['REMOTE_USER'] if 'REMOTE_USER' in os.environ else None

svn commit: r1668466 - in /steve/trunk/pytest/www/cgi-bin: lib/form.py rest_admin.py rest_voter.py

Reply via email to