Changes between Version 8 and Version 9 of Simplistic_json_rpc-dispatcher
- Timestamp:
- Aug 6, 2011, 5:24:08 AM (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Simplistic_json_rpc-dispatcher
v8 v9 1 = = A simplistic json-rpc dispatcher-function for Django in 15 lines ==1 = A simplistic json-rpc dispatcher-function for Django in 15 lines = 2 2 3 == Security warning == 4 This code contains a security issue! It uses eval() on the json data coming from the client without first cleaning it. This makes it possible for an attacker to run arbitrary code on the server. 5 6 == The code == 3 7 {{{ 4 8 ### myproj/myapp/views.py … … 13 17 sub_eval = str(rpc_inputs['method']) + '(rpc_inputs["params"])' 14 18 if rpc_inputs['method'] in jsonrpc_methods: 19 # WARNING: Executing eval() on untrusted data 15 20 result = eval(sub_eval) 16 21 json_retur = json.dumps({'result': result['result'], 'error': result['error'], 'id': rpc_inputs['id']})