diff options
Diffstat (limited to 'module/web')
| -rw-r--r-- | module/web/ServerThread.py | 7 | ||||
| -rw-r--r-- | module/web/api_app.py | 10 |
2 files changed, 12 insertions, 5 deletions
diff --git a/module/web/ServerThread.py b/module/web/ServerThread.py index 84667e5f6..8b59ca01b 100644 --- a/module/web/ServerThread.py +++ b/module/web/ServerThread.py @@ -93,6 +93,13 @@ class WebServer(threading.Thread): webinterface.run_threaded(host=self.host, port=self.port, cert=self.cert, key=self.key) def start_fcgi(self): + + from flup.server.threadedserver import ThreadedServer + + def noop(*args, **kwargs): + pass + + ThreadedServer._installSignalHandlers = noop self.core.log.info(_("Starting fastcgi server: %(host)s:%(port)d") % {"host": self.host, "port": self.port}) webinterface.run_fcgi(host=self.host, port=self.port) diff --git a/module/web/api_app.py b/module/web/api_app.py index 160a984df..affcdb39a 100644 --- a/module/web/api_app.py +++ b/module/web/api_app.py @@ -25,16 +25,16 @@ class TBaseEncoder(json.JSONEncoder): # accepting positional arguments, as well as kwargs via post and get - -@route("/api/:func:args#[a-zA-Z0-9\-_/\"'\[\]%{}]*#") -@route("/api/:func:args#[a-zA-Z0-9\-_/\"'\[\]%{}]*#", method="POST") +# only forbidden path symbol are "?", which is used to seperate GET data and # +@route("/api/<func><args:re:[^#?]*>") +@route("/api/<func><args:re:[^#?]*>", method="POST") def call_api(func, args=""): response.headers.replace("Content-type", "application/json") response.headers.append("Cache-Control", "no-cache, must-revalidate") s = request.environ.get('beaker.session') if 'session' in request.POST: - # removes "' so it works on json strings + # removes "' so it works on json strings s = s.get_by_id(remove_chars(request.POST['session'], "'\"")) if not s or not s.get("authenticated", False): @@ -65,7 +65,7 @@ def callApi(func, *args, **kwargs): result = getattr(PYLOAD, func)(*[literal_eval(x) for x in args], **dict([(x, literal_eval(y)) for x, y in kwargs.iteritems()])) - # null is invalid json response + # null is invalid json response if result is None: result = True return json.dumps(result, cls=TBaseEncoder) |