Code

Changes between Version 8 and Version 9 of Simplistic_json_rpc-dispatcher


Ignore:
Timestamp:
08/06/11 03:24:08 (3 years ago)
Author:
anonymous
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Simplistic_json_rpc-dispatcher

    v8 v9  
    1 == A simplistic json-rpc dispatcher-function for Django in 15 lines == 
     1= A simplistic json-rpc dispatcher-function for Django in 15 lines = 
    22 
     3== Security warning == 
     4This code contains a security issue! It uses eval() on the json data coming from the client without first cleaning it. This makes it possible for an attacker to run arbitrary code on the server. 
     5 
     6== The code == 
    37{{{ 
    48  ### myproj/myapp/views.py 
     
    1317      sub_eval = str(rpc_inputs['method']) + '(rpc_inputs["params"])' 
    1418      if rpc_inputs['method'] in jsonrpc_methods: 
     19         # WARNING: Executing eval() on untrusted data 
    1520         result = eval(sub_eval) 
    1621         json_retur = json.dumps({'result': result['result'], 'error': result['error'], 'id': rpc_inputs['id']})