]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - plugins/proxy.py
Reference CVE-2016-4561 in 3.20141016.3 changelog
[git.ikiwiki.info.git] / plugins / proxy.py
index 51364cb31998727db91539766f5d82a429b09c61..b61eb466c8d47ef839fc24e5d0ba54be3a9b23fa 100755 (executable)
@@ -43,7 +43,10 @@ try:  # Python 3
     import xmlrpc.client as _xmlrpc_client
 except ImportError:  # Python 2
     import xmlrpclib as _xmlrpc_client
     import xmlrpc.client as _xmlrpc_client
 except ImportError:  # Python 2
     import xmlrpclib as _xmlrpc_client
-from SimpleXMLRPCServer import SimpleXMLRPCDispatcher
+try:  # Python 3
+    import xmlrpc.server as _xmlrpc_server
+except ImportError:  # Python 2
+    import SimpleXMLRPCServer as _xmlrpc_server
 
 
 class ParseError (Exception):
 
 
 class ParseError (Exception):
@@ -66,15 +69,16 @@ class AlreadyImported (Exception):
     pass
 
 
     pass
 
 
-class _IkiWikiExtPluginXMLRPCDispatcher(SimpleXMLRPCDispatcher):
+class _IkiWikiExtPluginXMLRPCDispatcher(_xmlrpc_server.SimpleXMLRPCDispatcher):
 
     def __init__(self, allow_none=False, encoding=None):
         try:
 
     def __init__(self, allow_none=False, encoding=None):
         try:
-            SimpleXMLRPCDispatcher.__init__(self, allow_none, encoding)
+            _xmlrpc_server.SimpleXMLRPCDispatcher.__init__(
+                self, allow_none, encoding)
         except TypeError:
             # see http://bugs.debian.org/470645
             # python2.4 and before only took one argument
         except TypeError:
             # see http://bugs.debian.org/470645
             # python2.4 and before only took one argument
-            SimpleXMLRPCDispatcher.__init__(self)
+            _xmlrpc_server.SimpleXMLRPCDispatcher.__init__(self)
 
     def dispatch(self, method, params):
         return self._dispatch(method, params)
 
     def dispatch(self, method, params):
         return self._dispatch(method, params)
@@ -102,7 +106,7 @@ class XMLStreamParser(object):
         top = self._stack.pop()
         if top != tag:
             raise ParseError(
         top = self._stack.pop()
         if top != tag:
             raise ParseError(
-                'expected {} closing tag, got {}'.format(top, tag))
+                'expected {0} closing tag, got {1}'.format(top, tag))
 
     def _request_complete(self):
         return self._first_tag_received and len(self._stack) == 0
 
     def _request_complete(self):
         return self._first_tag_received and len(self._stack) == 0
@@ -152,16 +156,26 @@ class _IkiWikiExtPluginXMLRPCHandler(object):
                 return ret
 
     def send_rpc(self, cmd, in_fd, out_fd, *args, **kwargs):
                 return ret
 
     def send_rpc(self, cmd, in_fd, out_fd, *args, **kwargs):
-        xml = _xmlrpc_client.dumps(sum(kwargs.iteritems(), args), cmd)
-        self._debug_fn("calling ikiwiki procedure `{}': [{}]".format(cmd, xml))
-        _IkiWikiExtPluginXMLRPCHandler._write(out_fd, xml)
+        xml = _xmlrpc_client.dumps(sum(kwargs.items(), args), cmd)
+        self._debug_fn(
+            "calling ikiwiki procedure `{0}': [{1}]".format(cmd, repr(xml)))
+        # ensure that encoded is a str (bytestring in Python 2, Unicode in 3)
+        if str is bytes and not isinstance(xml, str):
+            encoded = xml.encode('utf8')
+        else:
+            encoded = xml
+        _IkiWikiExtPluginXMLRPCHandler._write(out_fd, encoded)
 
         self._debug_fn('reading response from ikiwiki...')
 
 
         self._debug_fn('reading response from ikiwiki...')
 
-        xml = _IkiWikiExtPluginXMLRPCHandler._read(in_fd)
+        response = _IkiWikiExtPluginXMLRPCHandler._read(in_fd)
+        if str is bytes and not isinstance(response, str):
+            xml = response.encode('utf8')
+        else:
+            xml = response
         self._debug_fn(
         self._debug_fn(
-            'read response to procedure {} from ikiwiki: [{}]'.format(
-                cmd, xml))
+            'read response to procedure {0} from ikiwiki: [{1}]'.format(
+                cmd, repr(xml)))
         if xml is None:
             # ikiwiki is going down
             self._debug_fn('ikiwiki is going down, and so are we...')
         if xml is None:
             # ikiwiki is going down
             self._debug_fn('ikiwiki is going down, and so are we...')
@@ -169,8 +183,8 @@ class _IkiWikiExtPluginXMLRPCHandler(object):
 
         data = _xmlrpc_client.loads(xml)[0][0]
         self._debug_fn(
 
         data = _xmlrpc_client.loads(xml)[0][0]
         self._debug_fn(
-            'parsed data from response to procedure {}: [{}]'.format(
-                cmd, data))
+            'parsed data from response to procedure {0}: [{1}]'.format(
+                cmd, repr(data)))
         return data
 
     def handle_rpc(self, in_fd, out_fd):
         return data
 
     def handle_rpc(self, in_fd, out_fd):
@@ -182,12 +196,12 @@ class _IkiWikiExtPluginXMLRPCHandler(object):
             raise GoingDown()
 
         self._debug_fn(
             raise GoingDown()
 
         self._debug_fn(
-            'received procedure call from ikiwiki: [{}]'.format(xml))
+            'received procedure call from ikiwiki: [{0}]'.format(xml))
         params, method = _xmlrpc_client.loads(xml)
         ret = self._dispatcher.dispatch(method, params)
         xml = _xmlrpc_client.dumps((ret,), methodresponse=True)
         self._debug_fn(
         params, method = _xmlrpc_client.loads(xml)
         ret = self._dispatcher.dispatch(method, params)
         xml = _xmlrpc_client.dumps((ret,), methodresponse=True)
         self._debug_fn(
-                'sending procedure response to ikiwiki: [{}]'.format(xml))
+                'sending procedure response to ikiwiki: [{0}]'.format(xml))
         _IkiWikiExtPluginXMLRPCHandler._write(out_fd, xml)
         return ret
 
         _IkiWikiExtPluginXMLRPCHandler._write(out_fd, xml)
         return ret
 
@@ -223,7 +237,7 @@ class IkiWikiProcedureProxy(object):
                     yield i
 
         args = list(subst_none(args))
                     yield i
 
         args = list(subst_none(args))
-        kwargs = dict(zip(kwargs.keys(), list(subst_none(kwargs.itervalues()))))
+        kwargs = dict(zip(kwargs.keys(), list(subst_none(kwargs.values()))))
         ret = self._xmlrpc_handler.send_rpc(cmd, self._in_fd, self._out_fd,
                                             *args, **kwargs)
         if ret == IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL:
         ret = self._xmlrpc_handler.send_rpc(cmd, self._in_fd, self._out_fd,
                                             *args, **kwargs)
         if ret == IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL:
@@ -245,10 +259,10 @@ class IkiWikiProcedureProxy(object):
 #            kwargs = dict([args[i:i+2] for i in xrange(1, len(args), 2)])
             ret = function(self, *args)
             self._debug_fn(
 #            kwargs = dict([args[i:i+2] for i in xrange(1, len(args), 2)])
             ret = function(self, *args)
             self._debug_fn(
-                    "{} hook `{}' returned: [{}]".format(type, name, ret))
+                    "{0} hook `{1}' returned: [{2}]".format(type, name, repr(ret)))
             if ret == IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL:
                 raise InvalidReturnValue(
             if ret == IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL:
                 raise InvalidReturnValue(
-                    'hook functions are not allowed to return {}'.format(
+                    'hook functions are not allowed to return {0}'.format(
                         IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL))
             if ret is None:
                 ret = IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL
                         IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL))
             if ret is None:
                 ret = IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL
@@ -308,18 +322,18 @@ class IkiWikiProcedureProxy(object):
 
         except Exception as e:
             import traceback
 
         except Exception as e:
             import traceback
-            self.error('uncaught exception: {}\n{}'.format(
-                        e, traceback.format_exc(sys.exc_info()[2])))
+            tb = traceback.format_exc()
+            self.error('uncaught exception: {0}\n{1}'.format(e, tb))
             return
 
     def _importme(self):
         self._debug_fn('importing...')
         for id, type, function, last in self._hooks:
             return
 
     def _importme(self):
         self._debug_fn('importing...')
         for id, type, function, last in self._hooks:
-            self._debug_fn('hooking {}/{} into {} chain...'.format(
+            self._debug_fn('hooking {0}/{1} into {2} chain...'.format(
                     id, function, type))
             self.rpc('hook', id=id, type=type, call=function, last=last)
         for rname, function, memoize in self._functions:
                     id, function, type))
             self.rpc('hook', id=id, type=type, call=function, last=last)
         for rname, function, memoize in self._functions:
-            self._debug_fn('injecting {} as {}...'.format(function, rname))
+            self._debug_fn('injecting {0} as {1}...'.format(function, rname))
             self.rpc('inject', name=rname, call=function, memoize=memoize)
         self._imported = True
         return IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL
             self.rpc('inject', name=rname, call=function, memoize=memoize)
         self._imported = True
         return IkiWikiProcedureProxy._IKIWIKI_NIL_SENTINEL