Author doko
Recipients
Date 2004-02-22.09:29:59
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to
Content
[forwarded from http://bugs.debian.org/230572]

In method docmodule() of class HTMLdoc, a href is
produced to the source code of the current module.

First of all, it is produced as a file: URL, so it is
incorrect on any computer other than the server.

Second, it is a minor security breach, because it
displays information about the directory structure of
the computer on which it is running.

Now, normally, you'd run pydoc so that it would only
serve files locally, and the current behavior is not
too bad.  However, the program ought to be made more
flexible so that it can also be used in other ways.

I'd suggest replacing this line:

            filelink = '<a href="file:%s">%s</a>' %
(url, path)

with a function call, so that the behavior of the
program can be easily modified:

	    filelink = source_code_link(url, path)

def source_code_link(url, path):
	...

One could then make the behavior of source_code_link()
controllable from the command line via a global
variable, or just let people who want to modify the
behavior simply replace source_code_link() with their
own function.
History
Date User Action Args
2008-01-20 09:56:45adminlinkissue902061 messages
2008-01-20 09:56:45admincreate