Http get command with admin/pass

Ryan,

Here's the relevant code for the event ghost webserver plugin.


def Authenticate(self):
# only authenticate, if set
if self.authString is None:
return True

# do Basic HTTP-Authentication
authHeader = self.headers.get('authorization')
if authHeader is not None:
authType, authString = authHeader.split(' ', 2)
if authType.lower() == 'basic' and authString == self.authString:
return True

self.sendresponse(401)
self.sendheader('WWW-Authenticate','Basic realm="%s"' % self.authRealm)
self.sendheader('Content-type', 'text/html')
self.endheaders()
return False


def SendContent(self, path):
fsPath = self.translatepath(path)
if isdir(fsPath):
if not path.endswith('/'):
# redirect browser - doing basically what apache does
self.sendresponse(301)
self.sendheader("Location", path + "/")
self.endheaders()
return None
for index in ("index.html", "index.htm"):
index = join(fsPath, index)
if exists(index):
fsPath = index
break
else:
return self.listdirectory(path)
extension = splitext(fsPath)[1].lower()
if extension not in (".htm", ".html"):
f = self.sendhead()
if f:
self.wfile.write(f.read())
f.close()
return
try:
template = self.environment.gettemplate(fsPath)
except TemplateNotFound:
self.senderror(404, "File not found")
return
content = template.render()
self.endrequest(content)


def endrequest(self, content, case = 'text/html'):
content=content.encode("UTF-8")
self.sendresponse(200)
self.sendheader("Content-type", case)
self.sendheader("Content-Length", len(content))
self.endheaders()
self.wfile.write(content)
self.wfile.close()


def do_POST(self):
"""Serve a POST request."""
# First do Basic HTTP-Authentication, if set
if not self.Authenticate():
return
contentLength = int(self.headers.get('content-length'))
content = self.rfile.read(contentLength)
plugin = self.plugin
try:
data = loads(content)
except: