Ticket #547: xmlrpc.3.patch

File xmlrpc.3.patch, 2.7 KB (added by upadhyay@…, 10 years ago)

SimpleXMLRPCServer is better than xmlrpclib.SimpleXMLRPCServer!

  • contrib/xmlrpc.py

     
     1from SimpleXMLRPCServer import SimpleXMLRPCDispatcher, resolve_dotted_attribute
     2from django.utils.httpwrappers import HttpResponseServerError, HttpResponse
     3
     4
     5class SimpleXMLRPCView(SimpleXMLRPCDispatcher):
     6    def __call__(self, request):
     7        """ SimpleXMLRPCView is callable so it can be installed as a view.
     8
     9            Django calls it with 'request', which is a HttpRequest           
     10        """
     11
     12        if request.META['REQUEST_METHOD'] != 'POST':
     13            return HttpResponseServerError('Non POST methods not allowed.')
     14       
     15        try:
     16            # get arguments
     17            data = request.raw_post_data
     18            response = self._marshaled_dispatch(
     19                    data, getattr(self, '_dispatch', None)
     20                )
     21        except:
     22            # internal error, report as HTTP server error
     23            return HttpResponseServerError('internal error')
     24        else:
     25            # got a valid XML RPC response
     26            return HttpResponse(response, mimetype="text/xml")
     27   
     28class SafeXMLRPCView(SimpleXMLRPCView):
     29    """ class SafeXMLRPCView
     30
     31        Checks for "public" attribute on callables before calling them.   
     32    """   
     33    def _dispatch(self, method, params):
     34        """Dispatches the XML-RPC method.
     35
     36            Overwriting to put some extra checks before calling a method.
     37        """
     38
     39        func = None
     40        try:
     41            # check to see if a matching function has been registered
     42            func = self.funcs[method]
     43        except KeyError:
     44            if self.instance is not None:
     45                # check for a _dispatch method
     46                if hasattr(self.instance, '_dispatch'):
     47                    return apply(
     48                        getattr(self.instance,'_dispatch'),
     49                        (method, params)
     50                        )
     51                else:
     52                    # call instance method directly
     53                    try:
     54                        func = resolve_dotted_attribute(
     55                            self.instance,
     56                            method
     57                            )
     58                    except AttributeError:
     59                        pass
     60
     61        if func is not None and hasattr(func, 'public') and func.public:
     62            return apply(func, params)
     63        else:
     64            raise Exception('method "%s" is not supported' % method)
Back to Top