Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython2 / a4127173f8da2bd7474f3ae66257b97056e85c87 / . / Lib / CGIHTTPServer.py
blob: 71f03687856071af72aced72043bee07450b90a2 [file] [log] [blame]
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]1"""CGI-savvy HTTP Server.
2
3This module builds on SimpleHTTPServer by implementing GET and POST
4requests to cgi-bin scripts.
5
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]6If the os.fork() function is not present (e.g. on Windows),
7os.popen2() is used as a fallback, with slightly altered semantics; if
8that function is not present either (e.g. on Macintosh), only Python
9scripts are supported, and they are executed by the current process.
10
11In all cases, the implementation is intentionally naive -- all
12requests are executed sychronously.
13
14SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL
15-- it may execute arbitrary Python code or external programs.
Fred Drake40e84db1999-10-16 02:07:50 +0000[diff] [blame]16
Jeremy Hylton6414cd82004-12-22 14:19:09 +0000[diff] [blame]17Note that status code 200 is sent prior to execution of a CGI script, so
18scripts cannot send other status codes such as 302 (redirect).
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]19"""
20
21
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]22__version__ = "0.4"
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]23
Skip Montanaroe99d5ea2001-01-20 19:54:20 +0000[diff] [blame]24__all__ = ["CGIHTTPRequestHandler"]
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]25
26import os
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]27import sys
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]28import urllib
29import BaseHTTPServer
30import SimpleHTTPServer
Steve Holden8a978f72003-01-08 18:53:18 +0000[diff] [blame]31import select
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]32
33
34class CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
35
36 """Complete HTTP server with GET, HEAD and POST commands.
37
38 GET and HEAD also support running CGI scripts.
39
40 The POST command is *only* implemented for CGI scripts.
41
42 """
43
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]44 # Determine platform specifics
45 have_fork = hasattr(os, 'fork')
46 have_popen2 = hasattr(os, 'popen2')
Guido van Rossum8cb65402002-02-01 16:27:59 +0000[diff] [blame]47 have_popen3 = hasattr(os, 'popen3')
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]48
Guido van Rossum6aefd912000-09-01 03:27:34 +0000[diff] [blame]49 # Make rfile unbuffered -- we need to read one line and then pass
50 # the rest to a subprocess, so we can't use buffered input.
51 rbufsize = 0
52
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]53 def do_POST(self):
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]54 """Serve a POST request.
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]55
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]56 This is only implemented for CGI scripts.
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]57
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]58 """
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]59
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]60 if self.is_cgi():
61 self.run_cgi()
62 else:
63 self.send_error(501, "Can only POST to CGI scripts")
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]64
65 def send_head(self):
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]66 """Version of send_head that support CGI scripts"""
67 if self.is_cgi():
68 return self.run_cgi()
69 else:
70 return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self)
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]71
72 def is_cgi(self):
Georg Brandl4ed9be72008-07-16 22:09:17 +0000[diff] [blame]73 """Test whether self.path corresponds to a CGI script,
74 and return a boolean.
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]75
Georg Brandl4ed9be72008-07-16 22:09:17 +0000[diff] [blame]76 This function sets self.cgi_info to a tuple (dir, rest)
77 when it returns True, where dir is the directory part before
78 the CGI script name. Note that rest begins with a
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]79 slash if it is not empty.
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]80
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]81 The default implementation tests whether the path
82 begins with one of the strings in the list
83 self.cgi_directories (and the next character is a '/'
84 or the end of the string).
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]85 """
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]86
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]87 path = self.path
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]88
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]89 for x in self.cgi_directories:
90 i = len(x)
91 if path[:i] == x and (not path[i:] or path[i] == '/'):
92 self.cgi_info = path[:i], path[i+1:]
Tim Petersbc0e9102002-04-04 22:55:58 +0000[diff] [blame]93 return True
94 return False
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]95
96 cgi_directories = ['/cgi-bin', '/htbin']
97
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]98 def is_executable(self, path):
99 """Test whether argument path is an executable file."""
100 return executable(path)
101
102 def is_python(self, path):
103 """Test whether argument path is a Python script."""
104 head, tail = os.path.splitext(path)
105 return tail.lower() in (".py", ".pyw")
106
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]107 def run_cgi(self):
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]108 """Execute a CGI script."""
Andrew M. Kuchlingb29069d2006-12-22 13:25:02 +0000[diff] [blame]109 path = self.path
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]110 dir, rest = self.cgi_info
Tim Petersf733abb2007-01-30 03:03:46 +0000[diff] [blame]111
Andrew M. Kuchlingb29069d2006-12-22 13:25:02 +0000[diff] [blame]112 i = path.find('/', len(dir) + 1)
113 while i >= 0:
114 nextdir = path[:i]
115 nextrest = path[i+1:]
116
117 scriptdir = self.translate_path(nextdir)
118 if os.path.isdir(scriptdir):
119 dir, rest = nextdir, nextrest
120 i = path.find('/', len(dir) + 1)
121 else:
122 break
123
124 # find an explicit query string, if present.
Eric S. Raymond6b71e742001-02-09 08:56:30 +0000[diff] [blame]125 i = rest.rfind('?')
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]126 if i >= 0:
127 rest, query = rest[:i], rest[i+1:]
128 else:
129 query = ''
Andrew M. Kuchlingb29069d2006-12-22 13:25:02 +0000[diff] [blame]130
131 # dissect the part after the directory name into a script name &
132 # a possible additional path, to be stored in PATH_INFO.
Eric S. Raymond6b71e742001-02-09 08:56:30 +0000[diff] [blame]133 i = rest.find('/')
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]134 if i >= 0:
135 script, rest = rest[:i], rest[i:]
136 else:
137 script, rest = rest, ''
Andrew M. Kuchlingb29069d2006-12-22 13:25:02 +0000[diff] [blame]138
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]139 scriptname = dir + '/' + script
140 scriptfile = self.translate_path(scriptname)
141 if not os.path.exists(scriptfile):
Walter Dörwald70a6b492004-02-12 17:35:32 +0000[diff] [blame]142 self.send_error(404, "No such CGI script (%r)" % scriptname)
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]143 return
144 if not os.path.isfile(scriptfile):
Tim Peters27f49612004-03-20 21:51:12 +0000[diff] [blame]145 self.send_error(403, "CGI script is not a plain file (%r)" %
Walter Dörwald70a6b492004-02-12 17:35:32 +0000[diff] [blame]146 scriptname)
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]147 return
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]148 ispy = self.is_python(scriptname)
149 if not ispy:
Guido van Rossum8cb65402002-02-01 16:27:59 +0000[diff] [blame]150 if not (self.have_fork or self.have_popen2 or self.have_popen3):
Walter Dörwald70a6b492004-02-12 17:35:32 +0000[diff] [blame]151 self.send_error(403, "CGI script is not a Python script (%r)" %
152 scriptname)
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]153 return
154 if not self.is_executable(scriptfile):
Walter Dörwald70a6b492004-02-12 17:35:32 +0000[diff] [blame]155 self.send_error(403, "CGI script is not executable (%r)" %
156 scriptname)
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]157 return
158
159 # Reference: http://hoohoo.ncsa.uiuc.edu/cgi/env.html
160 # XXX Much of the following could be prepared ahead of time!
161 env = {}
162 env['SERVER_SOFTWARE'] = self.version_string()
163 env['SERVER_NAME'] = self.server.server_name
164 env['GATEWAY_INTERFACE'] = 'CGI/1.1'
165 env['SERVER_PROTOCOL'] = self.protocol_version
166 env['SERVER_PORT'] = str(self.server.server_port)
167 env['REQUEST_METHOD'] = self.command
168 uqrest = urllib.unquote(rest)
169 env['PATH_INFO'] = uqrest
170 env['PATH_TRANSLATED'] = self.translate_path(uqrest)
171 env['SCRIPT_NAME'] = scriptname
172 if query:
173 env['QUERY_STRING'] = query
174 host = self.address_string()
175 if host != self.client_address[0]:
176 env['REMOTE_HOST'] = host
177 env['REMOTE_ADDR'] = self.client_address[0]
Martin v. Löwisa28b3e62004-08-29 16:53:26 +0000[diff] [blame]178 authorization = self.headers.getheader("authorization")
179 if authorization:
180 authorization = authorization.split()
181 if len(authorization) == 2:
182 import base64, binascii
183 env['AUTH_TYPE'] = authorization[0]
184 if authorization[0].lower() == "basic":
185 try:
186 authorization = base64.decodestring(authorization[1])
187 except binascii.Error:
188 pass
189 else:
190 authorization = authorization.split(':')
191 if len(authorization) == 2:
192 env['REMOTE_USER'] = authorization[0]
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]193 # XXX REMOTE_IDENT
194 if self.headers.typeheader is None:
195 env['CONTENT_TYPE'] = self.headers.type
196 else:
197 env['CONTENT_TYPE'] = self.headers.typeheader
198 length = self.headers.getheader('content-length')
199 if length:
200 env['CONTENT_LENGTH'] = length
Collin Winter83b2bf62007-03-09 03:15:56 +0000[diff] [blame]201 referer = self.headers.getheader('referer')
202 if referer:
203 env['HTTP_REFERER'] = referer
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]204 accept = []
205 for line in self.headers.getallmatchingheaders('accept'):
Eric S. Raymond7e642e82001-02-09 12:10:26 +0000[diff] [blame]206 if line[:1] in "\t\n\r ":
Eric S. Raymond6b71e742001-02-09 08:56:30 +0000[diff] [blame]207 accept.append(line.strip())
Guido van Rossum01fc65d1998-05-13 20:13:24 +0000[diff] [blame]208 else:
Eric S. Raymond6b71e742001-02-09 08:56:30 +0000[diff] [blame]209 accept = accept + line[7:].split(',')
210 env['HTTP_ACCEPT'] = ','.join(accept)
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]211 ua = self.headers.getheader('user-agent')
212 if ua:
213 env['HTTP_USER_AGENT'] = ua
214 co = filter(None, self.headers.getheaders('cookie'))
215 if co:
Eric S. Raymond6b71e742001-02-09 08:56:30 +0000[diff] [blame]216 env['HTTP_COOKIE'] = ', '.join(co)
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]217 # XXX Other HTTP_* headers
Guido van Rossum70ec0b42004-03-20 22:18:03 +0000[diff] [blame]218 # Since we're setting the env in the parent, provide empty
219 # values to override previously set values
220 for k in ('QUERY_STRING', 'REMOTE_HOST', 'CONTENT_LENGTH',
Collin Winter83b2bf62007-03-09 03:15:56 +0000[diff] [blame]221 'HTTP_USER_AGENT', 'HTTP_COOKIE', 'HTTP_REFERER'):
Guido van Rossum70ec0b42004-03-20 22:18:03 +0000[diff] [blame]222 env.setdefault(k, "")
Guido van Rossume3ec2962002-08-20 20:07:10 +0000[diff] [blame]223 os.environ.update(env)
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]224
225 self.send_response(200, "Script output follows")
226
Eric S. Raymond6b71e742001-02-09 08:56:30 +0000[diff] [blame]227 decoded_query = query.replace('+', ' ')
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]228
229 if self.have_fork:
230 # Unix -- fork as we should
231 args = [script]
232 if '=' not in decoded_query:
233 args.append(decoded_query)
234 nobody = nobody_uid()
235 self.wfile.flush() # Always flush before forking
236 pid = os.fork()
237 if pid != 0:
238 # Parent
239 pid, sts = os.waitpid(pid, 0)
Steve Holden8a978f72003-01-08 18:53:18 +0000[diff] [blame]240 # throw away additional data [see bug #427345]
241 while select.select([self.rfile], [], [], 0)[0]:
Raymond Hettingere2f18372003-06-29 05:06:56 +0000[diff] [blame]242 if not self.rfile.read(1):
243 break
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]244 if sts:
245 self.log_error("CGI script exit status %#x", sts)
246 return
247 # Child
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]248 try:
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]249 try:
250 os.setuid(nobody)
251 except os.error:
252 pass
253 os.dup2(self.rfile.fileno(), 0)
254 os.dup2(self.wfile.fileno(), 1)
Raymond Hettinger92f200b2003-07-14 06:56:32 +0000[diff] [blame]255 os.execve(scriptfile, args, os.environ)
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]256 except:
257 self.server.handle_error(self.request, self.client_address)
258 os._exit(127)
259
Guido van Rossum8cb65402002-02-01 16:27:59 +0000[diff] [blame]260 elif self.have_popen2 or self.have_popen3:
261 # Windows -- use popen2 or popen3 to create a subprocess
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]262 import shutil
Guido van Rossum8cb65402002-02-01 16:27:59 +0000[diff] [blame]263 if self.have_popen3:
264 popenx = os.popen3
265 else:
266 popenx = os.popen2
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]267 cmdline = scriptfile
268 if self.is_python(scriptfile):
269 interp = sys.executable
270 if interp.lower().endswith("w.exe"):
Guido van Rossum0afde132001-10-26 03:38:46 +0000[diff] [blame]271 # On Windows, use python.exe, not pythonw.exe
272 interp = interp[:-5] + interp[-4:]
Guido van Rossum16fd3382001-08-07 19:55:10 +0000[diff] [blame]273 cmdline = "%s -u %s" % (interp, cmdline)
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]274 if '=' not in query and '"' not in query:
275 cmdline = '%s "%s"' % (cmdline, query)
Guido van Rossumbcbdc952001-10-17 06:45:56 +0000[diff] [blame]276 self.log_message("command: %s", cmdline)
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]277 try:
278 nbytes = int(length)
Guido van Rossumb3903152002-10-17 16:21:35 +0000[diff] [blame]279 except (TypeError, ValueError):
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]280 nbytes = 0
Guido van Rossum8cb65402002-02-01 16:27:59 +0000[diff] [blame]281 files = popenx(cmdline, 'b')
282 fi = files[0]
283 fo = files[1]
284 if self.have_popen3:
285 fe = files[2]
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]286 if self.command.lower() == "post" and nbytes > 0:
287 data = self.rfile.read(nbytes)
288 fi.write(data)
Steve Holden8a978f72003-01-08 18:53:18 +0000[diff] [blame]289 # throw away additional data [see bug #427345]
290 while select.select([self.rfile._sock], [], [], 0)[0]:
Raymond Hettingere2f18372003-06-29 05:06:56 +0000[diff] [blame]291 if not self.rfile._sock.recv(1):
292 break
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]293 fi.close()
294 shutil.copyfileobj(fo, self.wfile)
Guido van Rossum8cb65402002-02-01 16:27:59 +0000[diff] [blame]295 if self.have_popen3:
296 errors = fe.read()
297 fe.close()
298 if errors:
299 self.log_error('%s', errors)
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]300 sts = fo.close()
301 if sts:
302 self.log_error("CGI script exit status %#x", sts)
303 else:
Guido van Rossumbcbdc952001-10-17 06:45:56 +0000[diff] [blame]304 self.log_message("CGI script exited OK")
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]305
306 else:
307 # Other O.S. -- execute script in this process
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]308 save_argv = sys.argv
309 save_stdin = sys.stdin
310 save_stdout = sys.stdout
311 save_stderr = sys.stderr
312 try:
Tim Peters27f49612004-03-20 21:51:12 +0000[diff] [blame]313 save_cwd = os.getcwd()
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]314 try:
315 sys.argv = [scriptfile]
316 if '=' not in decoded_query:
317 sys.argv.append(decoded_query)
318 sys.stdout = self.wfile
319 sys.stdin = self.rfile
320 execfile(scriptfile, {"__name__": "__main__"})
321 finally:
322 sys.argv = save_argv
323 sys.stdin = save_stdin
324 sys.stdout = save_stdout
325 sys.stderr = save_stderr
Tim Peters27f49612004-03-20 21:51:12 +0000[diff] [blame]326 os.chdir(save_cwd)
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]327 except SystemExit, sts:
328 self.log_error("CGI script exit status %s", str(sts))
329 else:
Guido van Rossumbcbdc952001-10-17 06:45:56 +0000[diff] [blame]330 self.log_message("CGI script exited OK")
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]331
332
333nobody = None
334
335def nobody_uid():
336 """Internal routine to get nobody's uid"""
337 global nobody
338 if nobody:
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]339 return nobody
Guido van Rossume7d6b0a2000-09-19 04:01:01 +0000[diff] [blame]340 try:
341 import pwd
342 except ImportError:
343 return -1
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]344 try:
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]345 nobody = pwd.getpwnam('nobody')[2]
Guido van Rossum630b8111999-04-28 12:21:47 +0000[diff] [blame]346 except KeyError:
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]347 nobody = 1 + max(map(lambda x: x[2], pwd.getpwall()))
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]348 return nobody
349
350
351def executable(path):
352 """Test for executable file."""
353 try:
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]354 st = os.stat(path)
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]355 except os.error:
Guido van Rossum8ca162f2002-04-07 06:36:23 +0000[diff] [blame]356 return False
Raymond Hettinger32200ae2002-06-01 19:51:15 +0000[diff] [blame]357 return st.st_mode & 0111 != 0
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]358
359
360def test(HandlerClass = CGIHTTPRequestHandler,
Guido van Rossum45e2fbc1998-03-26 21:13:24 +0000[diff] [blame]361 ServerClass = BaseHTTPServer.HTTPServer):
Guido van Rossume7e578f1995-08-04 04:00:20 +0000[diff] [blame]362 SimpleHTTPServer.test(HandlerClass, ServerClass)
363
364
365if __name__ == '__main__':
366 test()