From 832bb6dffdbbbd3798ec3167f5419f07c55bb3bf Mon Sep 17 00:00:00 2001
From: tkikuchi
Date: Sun, 28 Aug 2005 05:59:08 +0000
Subject: backport from 2.1.6.
---
scripts/driver | 52 ++++++++++++++++++++++++++++++++++++----------------
1 file changed, 36 insertions(+), 16 deletions(-)
(limited to 'scripts/driver')
diff --git a/scripts/driver b/scripts/driver
index 8949e44e3..ea43c40eb 100644
--- a/scripts/driver
+++ b/scripts/driver
@@ -1,6 +1,6 @@
# -*- python -*-
-# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2004 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
@@ -22,6 +22,20 @@ import sys
# From here on we are as bulletproof as possible!
+# The driver script prints out a lot of information when a Mailman bug is
+# encountered. This really helps for development, but it also reveals
+# information about the host system that some administrators are not
+# comfortable with. By setting STEALTH_MODE to 1, you disable the printing of
+# this information to the web pages. This information is still, and always,
+# printed in the error logs.
+STEALTH_MODE = 1
+
+# This will be set to the entity escaper.
+def websafe(s):
+ return s
+
+
+�
# This standard driver script is used to run CGI programs, wrapped in code
# that catches errors, and displays them as HTML. This guarantees that
# (almost) any problem in the Mailman software doesn't result in a Web server
@@ -41,22 +55,31 @@ import sys
# This would indicate a serious problem with the Python installation, so
# it's also highly unlikely to occur.
-
�
def run_main():
+ global STEALTH_MODE, websafe
+
# These will ensure that even if something between now and the
# creation of the real logger below fails, we can still get
# *something* meaningful.
logger = None
try:
import paths
+ # When running in non-stealth mode, we need to escape entities,
+ # otherwise we're vulnerable to cross-site scripting attacks.
+ try:
+ if not STEALTH_MODE:
+ from Mailman.Utils import websafe
+ except:
+ STEALTH_MODE = 1
+ raise
# Map stderr to a logger, if possible.
from Mailman.Logging.StampedLogger import StampedLogger
logger = StampedLogger('error',
label='admin',
- manual_reprime=True,
- nofail=False,
- immediate=True)
+ manual_reprime=1,
+ nofail=0,
+ immediate=1)
# Collect stdout in a cStringIO so that if /any/ errors occur during
# printing it won't mess up our diagnostics page.
from cStringIO import StringIO
@@ -103,10 +126,9 @@ def print_traceback(logfp=None):
except ImportError:
traceback = None
try:
- from Mailman.mm_cfg import VERSION, STEALTH_MODE
+ from Mailman.mm_cfg import VERSION
except ImportError:
VERSION = '<undetermined>'
- STEALTH_MODE = False
# Write to the log file first.
print >> logfp, '@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
@@ -132,11 +154,13 @@ please email a copy of this page to the webmaster for this site with
a description of what happened. Thanks!
Traceback:
'''
+ exc_info = sys.exc_info()
if traceback:
- traceback.print_exc(file=sys.stdout)
+ for line in traceback.format_exception(*exc_info):
+ print websafe(line),
else:
print '[failed to import module traceback]'
- print '[exc: %s, var: %s]' % sys.exc_info()[0:2]
+ print '[exc: %s, var: %s]' % [websafe(x) for x in exc_info[0:2]]
print '\n\n '
else:
print '''