From 4cfb7130a9b64d951b8e3367c67ca445f3eb296e Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Sat, 10 Jan 2009 12:44:55 -0800 Subject: - Fixed the admin Membership List Find member function so the 'letter' links to a chunked result would still be limited to the Find member search. SF patch #1532081. - Changed scripts/driver to return a 405 status for non GET, POST, HEAD methods. SF patch #1578756. --- scripts/driver | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) (limited to 'scripts') diff --git a/scripts/driver b/scripts/driver index ea43c40e..dbe219da 100644 --- a/scripts/driver +++ b/scripts/driver @@ -1,6 +1,6 @@ # -*- python -*- -# Copyright (C) 1998-2004 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2009 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -14,10 +14,12 @@ # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. # This better succeed. If this fails, Python is royally screwed so we might # as well let the Web server give us a fatal and obtrusive error. +import os import sys # From here on we are as bulletproof as possible! @@ -51,9 +53,10 @@ def websafe(s): # no way to catch that. Mailman's install procedure should make this highly # unlikely. # -# - The sys module could be royally screwed, probably we couldn't import it. -# This would indicate a serious problem with the Python installation, so -# it's also highly unlikely to occur. +# - The os or sys modules could be royally screwed, probably we couldn't +# import one or both of them. This would indicate a serious problem with +# the Python installation, so it's also highly unlikely to occur. + def run_main(): @@ -98,7 +101,15 @@ def run_main(): try: sys.stderr = logger sys.stdout = tempstdout - main() + # Check for a valid request method. + request_method = os.environ.get('REQUEST_METHOD') + if not request_method.lower() in ['get', 'post', 'head']: + print 'Status: 405 Method not allowed' + print 'Content-type: text/plain' + print + print '%s method is not allowed' % request_method + else: + main() sys.__stdout__.write(tempstdout.getvalue()) finally: sys.stderr = sys.__stderr__ -- cgit v1.2.3