From a3457e01cefa5088e880a8217d9d6b0be2ea2415 Mon Sep 17 00:00:00 2001 From: David Glick Date: Tue, 26 Jun 2018 12:36:35 +0200 Subject: [PATCH 1/6] Re-add support for XML-RPC --- src/ZPublisher/HTTPRequest.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/ZPublisher/HTTPRequest.py b/src/ZPublisher/HTTPRequest.py index 7df0063962..13981f9938 100644 --- a/src/ZPublisher/HTTPRequest.py +++ b/src/ZPublisher/HTTPRequest.py @@ -497,8 +497,26 @@ def processInputs( environ['QUERY_STRING'] = '' meth = None - fs = ZopeFieldStorage( - fp=fp, environ=environ, keep_blank_values=1) + + # Workaround for https://bugs.python.org/issue27777: + # If Content-Length is nonzero, manufacture a Content-Disposition + # with a filename to make sure a binary file is opened. + headers = None + if 'CONTENT_LENGTH' in environ and environ['CONTENT_LENGTH'] != '0': + # In order to override content-disposition we need to + # specify the full headers; this is based on FileStorage.__init__ + headers = {} + if method == 'POST': + # Set default content-type for POST to what's traditional + headers['content-type'] = "application/x-www-form-urlencoded" + if 'CONTENT_TYPE' in environ: + headers['content-type'] = environ['CONTENT_TYPE'] + if 'QUERY_STRING' in environ: + self.qs_on_post = environ['QUERY_STRING'] + headers['content-length'] = environ['CONTENT_LENGTH'] + headers['content-disposition'] = 'inline; filename="stdin"' + fs = FieldStorage( + fp=fp, headers=headers, environ=environ, keep_blank_values=1) # Keep a reference to the FieldStorage. Otherwise it's # __del__ method is called too early and closing FieldStorage.file. From 078c338235ecacb078e112dbfdb993428cd41184 Mon Sep 17 00:00:00 2001 From: David Glick Date: Tue, 26 Jun 2018 21:35:26 +0200 Subject: [PATCH 2/6] Fix a couple cases --- src/ZPublisher/HTTPRequest.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/ZPublisher/HTTPRequest.py b/src/ZPublisher/HTTPRequest.py index 13981f9938..a7a3a957d8 100644 --- a/src/ZPublisher/HTTPRequest.py +++ b/src/ZPublisher/HTTPRequest.py @@ -505,14 +505,11 @@ def processInputs( if 'CONTENT_LENGTH' in environ and environ['CONTENT_LENGTH'] != '0': # In order to override content-disposition we need to # specify the full headers; this is based on FileStorage.__init__ - headers = {} - if method == 'POST': - # Set default content-type for POST to what's traditional - headers['content-type'] = "application/x-www-form-urlencoded" + headers = { + 'content-type': 'application/x-www-form-urlencoded' + } if 'CONTENT_TYPE' in environ: headers['content-type'] = environ['CONTENT_TYPE'] - if 'QUERY_STRING' in environ: - self.qs_on_post = environ['QUERY_STRING'] headers['content-length'] = environ['CONTENT_LENGTH'] headers['content-disposition'] = 'inline; filename="stdin"' fs = FieldStorage( From a45e2686349d4a5b76f93b6a3134036f3ef87b37 Mon Sep 17 00:00:00 2001 From: David Glick Date: Tue, 26 Jun 2018 22:09:55 +0200 Subject: [PATCH 3/6] We need a different approach to preserve query string parameters --- src/ZPublisher/HTTPRequest.py | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/src/ZPublisher/HTTPRequest.py b/src/ZPublisher/HTTPRequest.py index a7a3a957d8..7df0063962 100644 --- a/src/ZPublisher/HTTPRequest.py +++ b/src/ZPublisher/HTTPRequest.py @@ -497,23 +497,8 @@ def processInputs( environ['QUERY_STRING'] = '' meth = None - - # Workaround for https://bugs.python.org/issue27777: - # If Content-Length is nonzero, manufacture a Content-Disposition - # with a filename to make sure a binary file is opened. - headers = None - if 'CONTENT_LENGTH' in environ and environ['CONTENT_LENGTH'] != '0': - # In order to override content-disposition we need to - # specify the full headers; this is based on FileStorage.__init__ - headers = { - 'content-type': 'application/x-www-form-urlencoded' - } - if 'CONTENT_TYPE' in environ: - headers['content-type'] = environ['CONTENT_TYPE'] - headers['content-length'] = environ['CONTENT_LENGTH'] - headers['content-disposition'] = 'inline; filename="stdin"' - fs = FieldStorage( - fp=fp, headers=headers, environ=environ, keep_blank_values=1) + fs = ZopeFieldStorage( + fp=fp, environ=environ, keep_blank_values=1) # Keep a reference to the FieldStorage. Otherwise it's # __del__ method is called too early and closing FieldStorage.file. From fe246b9e68077be111e46b65e4d11cff584896e1 Mon Sep 17 00:00:00 2001 From: tschorr Date: Fri, 20 Jul 2018 10:35:48 +0200 Subject: [PATCH 4/6] call exception view before triggering _unaothorized, as proposed by lukasgraf in https://github.com/plone/plone.rest/pull/75#issuecomment-404971502 --- src/ZPublisher/WSGIPublisher.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ZPublisher/WSGIPublisher.py b/src/ZPublisher/WSGIPublisher.py index 38edc81803..ff6722421c 100644 --- a/src/ZPublisher/WSGIPublisher.py +++ b/src/ZPublisher/WSGIPublisher.py @@ -149,6 +149,10 @@ def transaction_pubevents(request, response, tm=transaction.manager): if request.environ.get('x-wsgiorg.throw_errors', False): reraise(*exc_info) + # Handle exception view + exc_view_created = _exc_view_created_response( + exc, request, response) + if isinstance(exc, Unauthorized): # _unauthorized modifies the response in-place. If this hook # is used, an exception view for Unauthorized has to merge @@ -157,10 +161,6 @@ def transaction_pubevents(request, response, tm=transaction.manager): response._unauthorized() response.setStatus(exc.getStatus()) - # Handle exception view - exc_view_created = _exc_view_created_response( - exc, request, response) - notify(pubevents.PubBeforeAbort( request, exc_info, request.supports_retry())) tm.abort() From fd3cbf80d1054dbd87c2e454019dc81329347af6 Mon Sep 17 00:00:00 2001 From: Thomas Schorr Date: Tue, 2 Oct 2018 10:38:59 +0200 Subject: [PATCH 5/6] Update CHANGES.rst --- CHANGES.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES.rst b/CHANGES.rst index 2412a02f92..e7e1cb2179 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -22,6 +22,9 @@ New features Bugfixes ++++++++ +- Call exception view before triggering _unauthorized. + (_`#304 `_) + - Fix ZMI upload of `DTMLMethod` and `DTMLDocument` to store the DTML as a native ``str`` on both Python versions. (`#265 `_) From 17fb1226e1bdfe05e79d4e4e53cffe2ce1c06f93 Mon Sep 17 00:00:00 2001 From: Thomas Schorr Date: Tue, 2 Oct 2018 10:39:58 +0200 Subject: [PATCH 6/6] Update CHANGES.rst --- CHANGES.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index e7e1cb2179..fa9dd753e4 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -23,7 +23,7 @@ Bugfixes ++++++++ - Call exception view before triggering _unauthorized. - (_`#304 `_) + (`#304 `_) - Fix ZMI upload of `DTMLMethod` and `DTMLDocument` to store the DTML as a native ``str`` on both Python versions.