| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Patch #1599845: Add an option to disable the implicit calls to server_bind() ↵ | Collin Winter | 2007-03-10 | 1 | -2/+4 | 
| | | | | | and server_activate() in the constructors for TCPServer, SimpleXMLRPCServer and DocXMLRPCServer. | ||||
| * | [Bug #1473048] | Andrew M. Kuchling | 2006-05-31 | 1 | -0/+4 | 
| | | | | | | | | | | | | | | | | | SimpleXMLRPCServer and DocXMLRPCServer don't look at the path of the HTTP request at all; you can POST or GET from / or /RPC2 or /blahblahblah with the same results. Security scanners that look for /cgi-bin/phf will therefore report lots of vulnerabilities. Fix: add a .rpc_paths attribute to the SimpleXMLRPCServer class, and report a 404 error if the path isn't on the allowed list. Possibly-controversial aspect of this change: the default makes only '/' and '/RPC2' legal. Maybe this will break people's applications (though I doubt it). We could just set the default to an empty tuple, which would exactly match the current behaviour. | ||||
| * | Reduce the usage of the types module. | Raymond Hettinger | 2005-02-07 | 1 | -2/+1 | 
| | | |||||
| * | Use multi-line import | Andrew M. Kuchling | 2004-08-31 | 1 | -4/+4 | 
| | | |||||
| * | Patch #727805: Remove extra line ending from CGI responses. | Martin v. Löwis | 2003-05-01 | 1 | -1/+2 | 
| | | |||||
| * | Whitespace normalization. | Tim Peters | 2003-04-24 | 1 | -15/+15 | 
| | | |||||
| * | Patch #536883: SimpleXMLRPCServer auto-docing subclass. | Martin v. Löwis | 2003-04-18 | 1 | -0/+302 | 
