Don't mask authorization exceptions for XML-RPC calls, slightly modified

patch from Brad Clements (fixes Zope Collector issue #525).

Don't mask authorization exceptions for XML-RPC calls, slightly modified
patch from Brad Clements (fixes Zope Collector issue #525).
36d238e3 · Martijn Pieters · cd906440 · 36d238e3
Commit 36d238e3 authored Aug 29, 2002 by Martijn Pieters
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 1 deletion

lib/python/ZPublisher/xmlrpc.py lib/python/ZPublisher/xmlrpc.py +10 -1

No files found.
--- a/lib/python/ZPublisher/xmlrpc.py
+++ b/lib/python/ZPublisher/xmlrpc.py
@@ -19,10 +19,12 @@ See http://www.xmlrpc.com/ and http://linux.userland.com/ for more
 information about XML-RPC and Zope.
 """

-import sys
+import sys, types
 from HTTPResponse import HTTPResponse
 import xmlrpclib

+from zExceptions import Unauthorized
+
 def parse_input(data):
    """Parse input data and return a method path and argument tuple

@@ -120,6 +122,13 @@ class Response:
        if type(info) is type(()) and len(info)==3: t,v,tb = info
        else: t,v,tb = sys.exc_info()

+        # Don't mask 404 respnses, as some XML-RPC libraries rely on the HTTP
+        # mechanisms for detecting when authentication is required. Fixes Zope
+        # Collector issue 525.
+        if t == 'Unauthorized' or (isinstance(t, types.ClassType)
+                                   and issubclass(t, Unauthorized)):
+            return self._real.exception(fatal=fatal, info=info)
+
        # Create an appropriate Fault object. Unfortunately, we throw away
        # most of the debugging information. More useful error reporting is
        # left as an exercise for the reader.