Index: Lib/SimpleXMLRPCServer.py
===================================================================
RCS file: /cvsroot/python/python/dist/src/Lib/SimpleXMLRPCServer.py,v
retrieving revision 1.2
diff -c -r1.2 SimpleXMLRPCServer.py
*** Lib/SimpleXMLRPCServer.py	29 Sep 2001 04:54:33 -0000	1.2
--- Lib/SimpleXMLRPCServer.py	3 Feb 2005 05:34:18 -0000
***************
*** 161,167 ****
                      try:
                          func = _resolve_dotted_attribute(
                              self.server.instance,
!                             method
                              )
                      except AttributeError:
                          pass
--- 161,168 ----
                      try:
                          func = _resolve_dotted_attribute(
                              self.server.instance,
!                             method,
!                             self.allow_dotted_names
                              )
                      except AttributeError:
                          pass
***************
*** 178,188 ****
              BaseHTTPServer.BaseHTTPRequestHandler.log_request(self, code, size)
  
  
! def _resolve_dotted_attribute(obj, attr):
      """Resolves a dotted attribute name to an object.  Raises
      an AttributeError if any attribute in the chain starts with a '_'.
      """
!     for i in attr.split('.'):
          if i.startswith('_'):
              raise AttributeError(
                  'attempt to access private attribute "%s"' % i
--- 179,198 ----
              BaseHTTPServer.BaseHTTPRequestHandler.log_request(self, code, size)
  
  
! def _resolve_dotted_attribute(obj, attr, allow_dotted_names=True):
      """Resolves a dotted attribute name to an object.  Raises
      an AttributeError if any attribute in the chain starts with a '_'.
+ 
+     If the optional allow_dotted_names argument is false, dots are not
+     supported and this function operates similar to getattr(obj, attr).
      """
! 
!     if allow_dotted_names:
!         attrs = attr.split('.')
!     else:
!         attrs = [attr]
! 
!     for i in attrs:
          if i.startswith('_'):
              raise AttributeError(
                  'attempt to access private attribute "%s"' % i
***************
*** 206,212 ****
          self.instance = None
          SocketServer.TCPServer.__init__(self, addr, requestHandler)
  
!     def register_instance(self, instance):
          """Registers an instance to respond to XML-RPC requests.
  
          Only one instance can be installed at a time.
--- 216,222 ----
          self.instance = None
          SocketServer.TCPServer.__init__(self, addr, requestHandler)
  
!     def register_instance(self, instance, allow_dotted_names=False):
          """Registers an instance to respond to XML-RPC requests.
  
          Only one instance can be installed at a time.
***************
*** 225,233 ****
--- 235,257 ----
  
          If a registered function matches a XML-RPC request, then it
          will be called instead of the registered instance.
+ 
+         If the optional allow_dotted_names argument is true and the
+         instance does not have a _dispatch method, method names
+         containing dots are supported and resolved, as long as none of
+         the name segments start with an '_'.
+ 
+             *** SECURITY WARNING: ***
+ 
+             Enabling the allow_dotted_names options allows intruders
+             to access your module's global variables and may allow
+             intruders to execute arbitrary code on your machine.  Only
+             use this option on a secure, closed network.
+ 
          """
  
          self.instance = instance
+         self.allow_dotted_names = allow_dotted_names
  
      def register_function(self, function, name = None):
          """Registers a function to respond to XML-RPC requests.