Message 60465 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	doko
Recipients
Date	2004-02-22.09:29:59
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
[forwarded from http://bugs.debian.org/230572] In method docmodule() of class HTMLdoc, a href is produced to the source code of the current module. First of all, it is produced as a file: URL, so it is incorrect on any computer other than the server. Second, it is a minor security breach, because it displays information about the directory structure of the computer on which it is running. Now, normally, you'd run pydoc so that it would only serve files locally, and the current behavior is not too bad. However, the program ought to be made more flexible so that it can also be used in other ways. I'd suggest replacing this line: filelink = '<a href="file:%s">%s</a>' % (url, path) with a function call, so that the behavior of the program can be easily modified: filelink = source_code_link(url, path) def source_code_link(url, path): ... One could then make the behavior of source_code_link() controllable from the command line via a global variable, or just let people who want to modify the behavior simply replace source_code_link() with their own function.

[forwarded from http://bugs.debian.org/230572]

In method docmodule() of class HTMLdoc, a href is
produced to the source code of the current module.

First of all, it is produced as a file: URL, so it is
incorrect on any computer other than the server.

Second, it is a minor security breach, because it
displays information about the directory structure of
the computer on which it is running.

Now, normally, you'd run pydoc so that it would only
serve files locally, and the current behavior is not
too bad.  However, the program ought to be made more
flexible so that it can also be used in other ways.

I'd suggest replacing this line:

            filelink = '<a href="file:%s">%s</a>' %
(url, path)

with a function call, so that the behavior of the
program can be easily modified:

	    filelink = source_code_link(url, path)

def source_code_link(url, path):
	...

One could then make the behavior of source_code_link()
controllable from the command line via a global
variable, or just let people who want to modify the
behavior simply replace source_code_link() with their
own function.

History
Date	User	Action	Args
2008-01-20 09:56:45	admin	link	issue902061 messages
2008-01-20 09:56:45	admin	create