Blame - Lib/cgi.py - platform/external/python/cpython3

1996-03-06 07:20:06 +0000

[diff] [blame]

3

"""Support module for CGI (Common Gateway Interface) scripts.

Guido van Rossum

1c9daa8

1995-09-18 21:52:37 +0000

[diff] [blame]

4

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

5

This module defines a number of utilities for use by CGI scripts

6

written in Python.

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

7

8

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

Introduction

------------

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

12

A CGI script is invoked by an HTTP server, usually to process user

13

input submitted through an HTML <FORM> or <ISINPUT> element.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

14

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

15

Most often, CGI scripts live in the server's special cgi-bin

16

directory. The HTTP server places all sorts of information about the

17

request (such as the client's hostname, the requested URL, the query

18

string, and lots of other goodies) in the script's shell environment,

19

executes the script, and sends the script's output back to the client.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

20

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

21

The script's input is connected to the client too, and sometimes the

22

form data is read this way; at other times the form data is passed via

23

the "query string" part of the URL. This module (cgi.py) is intended

24

to take care of the different cases and provide a simpler interface to

25

the Python script. It also provides a number of utilities that help

26

in debugging scripts, and the latest addition is support for file

27

uploads from a form (if your browser supports it -- Grail 0.3 and

28

Netscape 2.0 do).

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

29

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

30

The output of a CGI script should consist of two sections, separated

31

by a blank line. The first section contains a number of headers,

32

telling the client what kind of data is following. Python code to

33

generate a minimal header section looks like this:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

34

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

35

print "Content-type: text/html" # HTML is following

36

print # blank line, end of headers

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

37

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

38

The second section is usually HTML, which allows the client software

39

to display nicely formatted text with header, in-line images, etc.

40

Here's Python code that prints a simple piece of HTML:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

41

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

42

print "<TITLE>CGI script output</TITLE>"

43

print "<H1>This is my first CGI script</H1>"

44

print "Hello, world!"

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

45

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

46

It may not be fully legal HTML according to the letter of the

47

standard, but any browser will understand it.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

Using the cgi module

--------------------

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

53

Begin by writing "import cgi". Don't use "from cgi import *" -- the

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

54

module defines all sorts of names for its own use or for backward

55

compatibility that you don't want in your namespace.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

56

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

57

It's best to use the FieldStorage class. The other classes define in this

58

module are provided mostly for backward compatibility. Instantiate it

59

exactly once, without arguments. This reads the form contents from

60

standard input or the environment (depending on the value of various

61

environment variables set according to the CGI standard). Since it may

62

consume standard input, it should be instantiated only once.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

63

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

64

The FieldStorage instance can be accessed as if it were a Python

65

dictionary. For instance, the following code (which assumes that the

66

Content-type header and blank line have already been printed) checks that

67

the fields "name" and "addr" are both set to a non-empty string:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

68

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

69

form = cgi.FieldStorage()

70

form_ok = 0

71

if form.has_key("name") and form.has_key("addr"):

72

if form["name"].value != "" and form["addr"].value != "":

73

form_ok = 1

74

if not form_ok:

75

print "<H1>Error</H1>"

76

print "Please fill in the name and addr fields."

77

return

78

...further form processing here...

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

79

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

80

Here the fields, accessed through form[key], are themselves instances

81

of FieldStorage (or MiniFieldStorage, depending on the form encoding).

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

82

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

83

If the submitted form data contains more than one field with the same

84

name, the object retrieved by form[key] is not a (Mini)FieldStorage

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

85

instance but a list of such instances. If you are expecting this

86

possibility (i.e., when your HTML form comtains multiple fields with

87

the same name), use the type() function to determine whether you have

88

a single instance or a list of instances. For example, here's code

89

that concatenates any number of username fields, separated by commas:

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

90

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

91

username = form["username"]

92

if type(username) is type([]):

93

# Multiple username fields specified

94

usernames = ""

95

for item in username:

96

if usernames:

97

# Next item -- insert comma

98

usernames = usernames + "," + item.value

99

else:

100

# First item -- don't insert comma

101

usernames = item.value

102

else:

103

# Single username field specified

104

usernames = username.value

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

105

106

If a field represents an uploaded file, the value attribute reads the

107

entire file in memory as a string. This may not be what you want. You can

108

test for an uploaded file by testing either the filename attribute or the

109

file attribute. You can then read the data at leasure from the file

110

attribute:

111

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

112

fileitem = form["userfile"]

113

if fileitem.file:

114

# It's an uploaded file; count lines

115

linecount = 0

116

while 1:

117

line = fileitem.file.readline()

118

if not line: break

119

linecount = linecount + 1

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

120

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

121

The file upload draft standard entertains the possibility of uploading

122

multiple files from one field (using a recursive multipart/*

123

encoding). When this occurs, the item will be a dictionary-like

124

FieldStorage item. This can be determined by testing its type

125

attribute, which should have the value "multipart/form-data" (or

126

perhaps another string beginning with "multipart/"). It this case, it

127

can be iterated over recursively just like the top-level form object.

128

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

129

When a form is submitted in the "old" format (as the query string or as a

130

single data part of type application/x-www-form-urlencoded), the items

131

will actually be instances of the class MiniFieldStorage. In this case,

132

the list, file and filename attributes are always None.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

133

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

134

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

135

Old classes

136

-----------

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

137

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

138

These classes, present in earlier versions of the cgi module, are still

Guido van Rossum

16d5b11

1996-10-24 14:44:32 +0000

[diff] [blame]

139

supported for backward compatibility. New applications should use the

140

FieldStorage class.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

141

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

142

SvFormContentDict: single value form content as dictionary; assumes each

143

field name occurs in the form only once.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

144

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

145

FormContentDict: multiple value form content as dictionary (the form

146

items are lists of values). Useful if your form contains multiple

147

fields with the same name.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

148

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

149

Other classes (FormContent, InterpFormContentDict) are present for

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

150

backwards compatibility with really old applications only. If you still

151

use these and would be inconvenienced when they disappeared from a next

152

version of this module, drop me a note.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

153

154

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

155

Functions

156

---------

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

157

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

158

These are useful if you want more control, or if you want to employ

159

some of the algorithms implemented in this module in other

160

circumstances.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

161

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

162

parse(fp, [environ, [keep_blank_values, [strict_parsing]]]): parse a

163

form into a Python dictionary.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

164

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

165

parse_qs(qs, [keep_blank_values, [strict_parsing]]): parse a query

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

166

string (data of type application/x-www-form-urlencoded). Data are

167

returned as a dictionary. The dictionary keys are the unique query

168

variable names and the values are lists of vales for each name.

169

170

parse_qsl(qs, [keep_blank_values, [strict_parsing]]): parse a query

171

string (data of type application/x-www-form-urlencoded). Data are

172

returned as a list of (name, value) pairs.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

173

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

174

parse_multipart(fp, pdict): parse input of type multipart/form-data (for

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

175

file uploads).

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

176

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

177

parse_header(string): parse a header like Content-type into a main

178

value and a dictionary of parameters.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

179

180

test(): complete test program.

181

182

print_environ(): format the shell environment in HTML.

183

184

print_form(form): format a form in HTML.

185

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

186

print_environ_usage(): print a list of useful environment variables in

187

HTML.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

188

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

189

escape(): convert the characters "&", "<" and ">" to HTML-safe

190

sequences. Use this if you need to display text that might contain

191

such characters in HTML. To translate URLs for inclusion in the HREF

192

attribute of an <A> tag, use urllib.quote().

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

193

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

194

log(fmt, ...): write a line to a log file; see docs for initlog().

195

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

196

197

Caring about security

198

---------------------

199

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

200

There's one important rule: if you invoke an external program (e.g.

201

via the os.system() or os.popen() functions), make very sure you don't

202

pass arbitrary strings received from the client to the shell. This is

203

a well-known security hole whereby clever hackers anywhere on the web

204

can exploit a gullible CGI script to invoke arbitrary shell commands.

205

Even parts of the URL or field names cannot be trusted, since the

206

request doesn't have to come from your form!

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

207

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

208

To be on the safe side, if you must pass a string gotten from a form

209

to a shell command, you should make sure the string contains only

210

alphanumeric characters, dashes, underscores, and periods.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

211

212

213

Installing your CGI script on a Unix system

214

-------------------------------------------

215

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

216

Read the documentation for your HTTP server and check with your local

217

system administrator to find the directory where CGI scripts should be

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

218

installed; usually this is in a directory cgi-bin in the server tree.

219

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

220

Make sure that your script is readable and executable by "others"; the

221

Unix file mode should be 755 (use "chmod 755 filename"). Make sure

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

222

that the first line of the script contains #! starting in column 1

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

223

followed by the pathname of the Python interpreter, for instance:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

224

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

225

#! /usr/local/bin/python

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

226

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

227

Make sure the Python interpreter exists and is executable by "others".

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

228

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

229

Note that it's probably not a good idea to use #! /usr/bin/env python

Guido van Rossum

f06ee5f

1996-11-27 19:52:01 +0000

[diff] [blame]

230

here, since the Python interpreter may not be on the default path

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

231

given to CGI scripts!!!

Guido van Rossum

f06ee5f

1996-11-27 19:52:01 +0000

[diff] [blame]

232

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

233

Make sure that any files your script needs to read or write are

234

readable or writable, respectively, by "others" -- their mode should

235

be 644 for readable and 666 for writable. This is because, for

236

security reasons, the HTTP server executes your script as user

237

"nobody", without any special privileges. It can only read (write,

238

execute) files that everybody can read (write, execute). The current

239

directory at execution time is also different (it is usually the

240

server's cgi-bin directory) and the set of environment variables is

241

also different from what you get at login. in particular, don't count

242

on the shell's search path for executables ($PATH) or the Python

243

module search path ($PYTHONPATH) to be set to anything interesting.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

244

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

245

If you need to load modules from a directory which is not on Python's

246

default module search path, you can change the path in your script,

247

before importing other modules, e.g.:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

248

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

249

import sys

250

sys.path.insert(0, "/usr/home/joe/lib/python")

251

sys.path.insert(0, "/usr/local/lib/python")

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

252

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

253

This way, the directory inserted last will be searched first!

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

254

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

255

Instructions for non-Unix systems will vary; check your HTTP server's

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

256

documentation (it will usually have a section on CGI scripts).

257

258

259

Testing your CGI script

260

-----------------------

261

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

262

Unfortunately, a CGI script will generally not run when you try it

263

from the command line, and a script that works perfectly from the

264

command line may fail mysteriously when run from the server. There's

265

one reason why you should still test your script from the command

266

line: if it contains a syntax error, the python interpreter won't

267

execute it at all, and the HTTP server will most likely send a cryptic

268

error to the client.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

269

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

270

Assuming your script has no syntax errors, yet it does not work, you

271

have no choice but to read the next section:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

272

273

274

Debugging CGI scripts

275

---------------------

276

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

277

First of all, check for trivial installation errors -- reading the

278

section above on installing your CGI script carefully can save you a

279

lot of time. If you wonder whether you have understood the

280

installation procedure correctly, try installing a copy of this module

281

file (cgi.py) as a CGI script. When invoked as a script, the file

282

will dump its environment and the contents of the form in HTML form.

283

Give it the right mode etc, and send it a request. If it's installed

284

in the standard cgi-bin directory, it should be possible to send it a

285

request by entering a URL into your browser of the form:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

286

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

287

http://yourhostname/cgi-bin/cgi.py?name=Joe+Blow&addr=At+Home

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

288

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

289

If this gives an error of type 404, the server cannot find the script

290

-- perhaps you need to install it in a different directory. If it

291

gives another error (e.g. 500), there's an installation problem that

292

you should fix before trying to go any further. If you get a nicely

293

formatted listing of the environment and form content (in this

294

example, the fields should be listed as "addr" with value "At Home"

295

and "name" with value "Joe Blow"), the cgi.py script has been

296

installed correctly. If you follow the same procedure for your own

297

script, you should now be able to debug it.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

298

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

299

The next step could be to call the cgi module's test() function from

300

your script: replace its main code with the single statement

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

301

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

302

cgi.test()

303

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

304

This should produce the same results as those gotten from installing

305

the cgi.py file itself.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

306

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

307

When an ordinary Python script raises an unhandled exception (e.g.,

308

because of a typo in a module name, a file that can't be opened,

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

309

etc.), the Python interpreter prints a nice traceback and exits.

310

While the Python interpreter will still do this when your CGI script

311

raises an exception, most likely the traceback will end up in one of

312

the HTTP server's log file, or be discarded altogether.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

313

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

314

Fortunately, once you have managed to get your script to execute

315

*some* code, it is easy to catch exceptions and cause a traceback to

316

be printed. The test() function below in this module is an example.

317

Here are the rules:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

318

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

319

1. Import the traceback module (before entering the

320

try-except!)

321

322

2. Make sure you finish printing the headers and the blank

323

line early

324

325

3. Assign sys.stderr to sys.stdout

326

327

3. Wrap all remaining code in a try-except statement

328

329

4. In the except clause, call traceback.print_exc()

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

For example:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

333

import sys

334

import traceback

335

print "Content-type: text/html"

336

print

337

sys.stderr = sys.stdout

try:

...your code here...

except:

print "\n\n<PRE>"

traceback.print_exc()

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

343

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

344

Notes: The assignment to sys.stderr is needed because the traceback

345

prints to sys.stderr. The print "\n\n<PRE>" statement is necessary to

346

disable the word wrapping in HTML.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

347

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

348

If you suspect that there may be a problem in importing the traceback

349

module, you can use an even more robust approach (which only uses

350

built-in modules):

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

351

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

352

import sys

353

sys.stderr = sys.stdout

354

print "Content-type: text/plain"

355

print

356

...your code here...

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

357

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

358

This relies on the Python interpreter to print the traceback. The

359

content type of the output is set to plain text, which disables all

360

HTML processing. If your script works, the raw HTML will be displayed

361

by your client. If it raises an exception, most likely after the

362

first two lines have been printed, a traceback will be displayed.

363

Because no HTML interpretation is going on, the traceback will

364

readable.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

365

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

366

When all else fails, you may want to insert calls to log() to your

367

program or even to a copy of the cgi.py file. Note that this requires

368

you to set cgi.logfile to the name of a world-writable file before the

369

first call to log() is made!

370

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

Good luck!

Common problems and solutions

375

-----------------------------

376

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

377

- Most HTTP servers buffer the output from CGI scripts until the

378

script is completed. This means that it is not possible to display a

379

progress report on the client's display while the script is running.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

380

381

- Check the installation instructions above.

382

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

383

- Check the HTTP server's log files. ("tail -f logfile" in a separate

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

384

window may be useful!)

385

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

386

- Always check a script for syntax errors first, by doing something

387

like "python script.py".

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

388

389

- When using any of the debugging techniques, don't forget to add

390

"import sys" to the top of the script.

391

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

392

- When invoking external programs, make sure they can be found.

393

Usually, this means using absolute path names -- $PATH is usually not

394

set to a very useful value in a CGI script.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

395

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

396

- When reading or writing external files, make sure they can be read

397

or written by every user on the system.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

398

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

399

- Don't try to give a CGI script a set-uid mode. This doesn't work on

400

most systems, and is a security liability as well.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

401

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

402

"""

403

Guido van Rossum

98d9fd3

2000-02-28 15:12:25 +0000

[diff] [blame]

404

# XXX The module is getting pretty heavy with all those docstrings.

405

# Perhaps there should be a slimmed version that doesn't contain all those

406

# backwards compatible and debugging classes and functions?

# History

# -------

#

# Michael McLay started this module. Steve Majewski changed the

412

# interface to SvFormContentDict and FormContentDict. The multipart

413

# parsing was inspired by code submitted by Andreas Paepcke. Guido van

414

# Rossum rewrote, reformatted and documented the module and is currently

415

# responsible for its maintenance.

416

#

417

Guido van Rossum

5f32248

1997-04-11 18:20:42 +0000

[diff] [blame]

418

__version__ = "2.2"

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

419

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

# Imports

# =======

import string

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

425

import sys

426

import os

Guido van Rossum

a5e9fb6

1997-08-12 18:18:13 +0000

[diff] [blame]

427

import urllib

Guido van Rossum

a5e9fb6

1997-08-12 18:18:13 +0000

[diff] [blame]

428

import mimetools

429

import rfc822

430

from StringIO import StringIO

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

431

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

# Logging support

# ===============

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

436

logfile = "" # Filename to log to, if not empty

437

logfp = None # File object to log to, if not None

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

438

439

def initlog(*allargs):

440

"""Write a log message, if there is a log file.

441

442

Even though this function is called initlog(), you should always

443

use log(); log is a variable that is set either to initlog

444

(initially), to dolog (once the log file has been opened), or to

445

nolog (when logging is disabled).

446

447

The first argument is a format string; the remaining arguments (if

448

any) are arguments to the % operator, so e.g.

449

log("%s: %s", "a", "b")

450

will write "a: b" to the log file, followed by a newline.

451

452

If the global logfp is not None, it should be a file object to

453

which log data is written.

454

455

If the global logfp is None, the global logfile may be a string

456

giving a filename to open, in append mode. This file should be

457

world writable!!! If the file can't be opened, logging is

458

silently disabled (since there is no safe place where we could

459

send an error message).

"""

global logfp, log

if logfile and not logfp:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

464

try:

465

logfp = open(logfile, "a")

466

except IOError:

467

pass

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

468

if not logfp:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

469

log = nolog

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

470

else:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

471

log = dolog

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

472

apply(log, allargs)

473

474

def dolog(fmt, *args):

475

"""Write a log message to the log file. See initlog() for docs."""

476

logfp.write(fmt%args + "\n")

477

478

def nolog(*allargs):

479

"""Dummy function, assigned to log when logging is disabled."""

480

pass

481

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

482

log = initlog # The current logging function

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

483

484

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

# Parsing functions

# =================

Guido van Rossum

1997-05-13 19:03:23 +0000

[diff] [blame]

488

# Maximum input we will accept when REQUEST_METHOD is POST

489

# 0 ==> unlimited input

490

maxlen = 0

491

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

492

def parse(fp=None, environ=os.environ, keep_blank_values=0, strict_parsing=0):

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

493

"""Parse a query in the environment or from a file (default stdin)

494

495

Arguments, all optional:

496

497

fp : file pointer; default: sys.stdin

498

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

499

environ : environment dictionary; default: os.environ

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

500

501

keep_blank_values: flag indicating whether blank values in

502

URL encoded forms should be treated as blank strings.

503

A true value inicates that blanks should be retained as

504

blank strings. The default false value indicates that

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

505

blank values are to be ignored and treated as if they were

506

not included.

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

507

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

508

strict_parsing: flag indicating what to do with parsing errors.

509

If false (the default), errors are silently ignored.

510

If true, errors raise a ValueError exception.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

511

"""

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

512

if not fp:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

513

fp = sys.stdin

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

514

if not environ.has_key('REQUEST_METHOD'):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

515

environ['REQUEST_METHOD'] = 'GET' # For testing stand-alone

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

516

if environ['REQUEST_METHOD'] == 'POST':

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

517

ctype, pdict = parse_header(environ['CONTENT_TYPE'])

518

if ctype == 'multipart/form-data':

519

return parse_multipart(fp, pdict)

520

elif ctype == 'application/x-www-form-urlencoded':

521

clength = string.atoi(environ['CONTENT_LENGTH'])

522

if maxlen and clength > maxlen:

523

raise ValueError, 'Maximum content length exceeded'

524

qs = fp.read(clength)

525

else:

526

qs = '' # Unknown content-type

527

if environ.has_key('QUERY_STRING'):

528

if qs: qs = qs + '&'

529

qs = qs + environ['QUERY_STRING']

530

elif sys.argv[1:]:

531

if qs: qs = qs + '&'

532

qs = qs + sys.argv[1]

533

environ['QUERY_STRING'] = qs # XXX Shouldn't, really

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

534

elif environ.has_key('QUERY_STRING'):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

535

qs = environ['QUERY_STRING']

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

536

else:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

if sys.argv[1:]:

qs = sys.argv[1]

else:

qs = ""

environ['QUERY_STRING'] = qs # XXX Shouldn't, really

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

542

return parse_qs(qs, keep_blank_values, strict_parsing)

Guido van Rossum

e780877

1995-08-07 20:12:09 +0000

[diff] [blame]

543

544

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

545

def parse_qs(qs, keep_blank_values=0, strict_parsing=0):

546

"""Parse a query given as a string argument.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

Arguments:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

550

qs: URL-encoded query string to be parsed

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

551

552

keep_blank_values: flag indicating whether blank values in

553

URL encoded queries should be treated as blank strings.

554

A true value inicates that blanks should be retained as

555

blank strings. The default false value indicates that

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

556

blank values are to be ignored and treated as if they were

557

not included.

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

558

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

559

strict_parsing: flag indicating what to do with parsing errors.

560

If false (the default), errors are silently ignored.

561

If true, errors raise a ValueError exception.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

562

"""

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

563

dict = {}

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

564

for name, value in parse_qsl(qs, keep_blank_values, strict_parsing):

565

if len(value) or keep_blank_values:

566

if dict.has_key(name):

567

dict[name].append(value)

else:

dict[name] = [value]

return dict

def parse_qsl(qs, keep_blank_values=0, strict_parsing=0):

573

"""Parse a query given as a string argument.

Arguments:

qs: URL-encoded query string to be parsed

578

579

keep_blank_values: flag indicating whether blank values in

580

URL encoded queries should be treated as blank strings.

581

A true value inicates that blanks should be retained as

582

blank strings. The default false value indicates that

583

blank values are to be ignored and treated as if they were

584

not included.

585

586

strict_parsing: flag indicating what to do with parsing errors.

587

If false (the default), errors are silently ignored.

588

If true, errors raise a ValueError exception.

589

590

Returns a list, as God intended.

591

"""

592

name_value_pairs = string.splitfields(qs, '&')

593

r=[]

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

594

for name_value in name_value_pairs:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

595

nv = string.splitfields(name_value, '=')

596

if len(nv) != 2:

597

if strict_parsing:

598

raise ValueError, "bad query field: %s" % `name_value`

599

continue

600

name = urllib.unquote(string.replace(nv[0], '+', ' '))

601

value = urllib.unquote(string.replace(nv[1], '+', ' '))

Guido van Rossum

3af7b05

2000-02-25 11:44:03 +0000

[diff] [blame]

602

r.append((name, value))

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

603

604

return r

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

605

606

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

607

def parse_multipart(fp, pdict):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

608

"""Parse multipart input.

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

609

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

610

Arguments:

611

fp : input file

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

612

pdict: dictionary containing other parameters of conten-type header

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

613

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

614

Returns a dictionary just like parse_qs(): keys are the field names, each

615

value is a list of values for that field. This is easy to use but not

616

much good if you are expecting megabytes to be uploaded -- in that case,

617

use the FieldStorage class instead which is much more flexible. Note

618

that content-type is the raw, unparsed contents of the content-type

619

header.

620

621

XXX This does not parse nested multipart parts -- use FieldStorage for

622

that.

623

624

XXX This should really be subsumed by FieldStorage altogether -- no

625

point in having two implementations of the same parsing algorithm.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

626

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

627

"""

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

628

if pdict.has_key('boundary'):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

629

boundary = pdict['boundary']

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

630

else:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

631

boundary = ""

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

632

nextpart = "--" + boundary

633

lastpart = "--" + boundary + "--"

partdict = {}

terminator = ""

while terminator != lastpart:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

bytes = -1

data = None

if terminator:

# At start of next part. Read headers first.

642

headers = mimetools.Message(fp)

643

clength = headers.getheader('content-length')

644

if clength:

645

try:

646

bytes = string.atoi(clength)

647

except string.atoi_error:

648

pass

649

if bytes > 0:

650

if maxlen and bytes > maxlen:

651

raise ValueError, 'Maximum content length exceeded'

652

data = fp.read(bytes)

653

else:

654

data = ""

655

# Read lines until end of part.

lines = []

while 1:

line = fp.readline()

if not line:

terminator = lastpart # End outer loop

661

break

662

if line[:2] == "--":

663

terminator = string.strip(line)

664

if terminator in (nextpart, lastpart):

break

lines.append(line)

# Done with part.

if data is None:

continue

if bytes < 0:

if lines:

# Strip final line terminator

673

line = lines[-1]

674

if line[-2:] == "\r\n":

675

line = line[:-2]

676

elif line[-1:] == "\n":

677

line = line[:-1]

678

lines[-1] = line

679

data = string.joinfields(lines, "")

680

line = headers['content-disposition']

681

if not line:

682

continue

683

key, params = parse_header(line)

684

if key != 'form-data':

685

continue

686

if params.has_key('name'):

687

name = params['name']

688

else:

689

continue

690

if partdict.has_key(name):

691

partdict[name].append(data)

692

else:

693

partdict[name] = [data]

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

694

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

695

return partdict

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

696

697

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

698

def parse_header(line):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

699

"""Parse a Content-type like header.

700

701

Return the main content-type and a dictionary of options.

702

703

"""

704

plist = map(string.strip, string.splitfields(line, ';'))

705

key = string.lower(plist[0])

706

del plist[0]

707

pdict = {}

708

for p in plist:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

709

i = string.find(p, '=')

710

if i >= 0:

711

name = string.lower(string.strip(p[:i]))

712

value = string.strip(p[i+1:])

713

if len(value) >= 2 and value[0] == value[-1] == '"':

714

value = value[1:-1]

715

pdict[name] = value

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

716

return key, pdict

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

717

718

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

719

# Classes for field storage

720

# =========================

721

722

class MiniFieldStorage:

723

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

724

"""Like FieldStorage, for use when no file uploads are possible."""

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

725

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

# Dummy attributes

filename = None

list = None

type = None

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

730

file = None

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

731

type_options = {}

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

732

disposition = None

733

disposition_options = {}

734

headers = {}

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

735

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

736

def __init__(self, name, value):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

737

"""Constructor from field name and value."""

738

self.name = name

739

self.value = value

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

740

# self.file = StringIO(value)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

741

742

def __repr__(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

743

"""Return printable representation."""

744

return "MiniFieldStorage(%s, %s)" % (`self.name`, `self.value`)

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

class FieldStorage:

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

749

"""Store a sequence of fields, reading multipart/form-data.

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

750

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

751

This class provides naming, typing, files stored on disk, and

752

more. At the top level, it is accessible like a dictionary, whose

753

keys are the field names. (Note: None can occur as a field name.)

754

The items are either a Python list (if there's multiple values) or

755

another FieldStorage or MiniFieldStorage object. If it's a single

756

object, it has the following attributes:

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

757

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

758

name: the field name, if specified; otherwise None

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

759

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

760

filename: the filename, if specified; otherwise None; this is the

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

761

client side filename, *not* the file name on which it is

762

stored (that's a temporary file you don't deal with)

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

763

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

764

value: the value as a *string*; for file uploads, this

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

765

transparently reads the file every time you request the value

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

766

767

file: the file(-like) object from which you can read the data;

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

768

None if the data is stored a simple string

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

769

770

type: the content-type, or None if not specified

771

772

type_options: dictionary of options specified on the content-type

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

773

line

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

774

775

disposition: content-disposition, or None if not specified

776

777

disposition_options: dictionary of corresponding options

778

779

headers: a dictionary(-like) object (sometimes rfc822.Message or a

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

780

subclass thereof) containing *all* headers

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

781

782

The class is subclassable, mostly for the purpose of overriding

783

the make_file() method, which is called internally to come up with

784

a file open for reading and writing. This makes it possible to

785

override the default choice of storing all files in a temporary

786

directory and unlinking them as soon as they have been opened.

"""

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

790

def __init__(self, fp=None, headers=None, outerboundary="",

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

791

environ=os.environ, keep_blank_values=0, strict_parsing=0):

792

"""Constructor. Read multipart/* until last part.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

793

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

794

Arguments, all optional:

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

795

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

796

fp : file pointer; default: sys.stdin

Guido van Rossum

b1b4f94

1998-05-08 19:55:51 +0000

[diff] [blame]

797

(not used when the request method is GET)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

798

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

799

headers : header dictionary-like object; default:

800

taken from environ as per CGI spec

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

801

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

802

outerboundary : terminating multipart boundary

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

803

(for internal use only)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

804

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

805

environ : environment dictionary; default: os.environ

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

806

807

keep_blank_values: flag indicating whether blank values in

808

URL encoded forms should be treated as blank strings.

809

A true value inicates that blanks should be retained as

810

blank strings. The default false value indicates that

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

811

blank values are to be ignored and treated as if they were

812

not included.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

813

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

814

strict_parsing: flag indicating what to do with parsing errors.

815

If false (the default), errors are silently ignored.

816

If true, errors raise a ValueError exception.

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

817

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

818

"""

819

method = 'GET'

820

self.keep_blank_values = keep_blank_values

821

self.strict_parsing = strict_parsing

822

if environ.has_key('REQUEST_METHOD'):

823

method = string.upper(environ['REQUEST_METHOD'])

Guido van Rossum

0185283

1998-06-25 02:40:17 +0000

[diff] [blame]

824

if method == 'GET' or method == 'HEAD':

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

825

if environ.has_key('QUERY_STRING'):

826

qs = environ['QUERY_STRING']

elif sys.argv[1:]:

qs = sys.argv[1]

else:

qs = ""

fp = StringIO(qs)

if headers is None:

headers = {'content-type':

834

"application/x-www-form-urlencoded"}

835

if headers is None:

Guido van Rossum

cff311a

1998-06-11 14:06:59 +0000

[diff] [blame]

836

headers = {}

837

if method == 'POST':

838

# Set default content-type for POST to what's traditional

839

headers['content-type'] = "application/x-www-form-urlencoded"

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

840

if environ.has_key('CONTENT_TYPE'):

841

headers['content-type'] = environ['CONTENT_TYPE']

842

if environ.has_key('CONTENT_LENGTH'):

843

headers['content-length'] = environ['CONTENT_LENGTH']

844

self.fp = fp or sys.stdin

845

self.headers = headers

846

self.outerboundary = outerboundary

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

847

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

848

# Process content-disposition header

849

cdisp, pdict = "", {}

850

if self.headers.has_key('content-disposition'):

851

cdisp, pdict = parse_header(self.headers['content-disposition'])

852

self.disposition = cdisp

853

self.disposition_options = pdict

854

self.name = None

855

if pdict.has_key('name'):

856

self.name = pdict['name']

857

self.filename = None

858

if pdict.has_key('filename'):

859

self.filename = pdict['filename']

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

860

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

861

# Process content-type header

Barry Warsaw

302331a

1999-01-08 17:42:03 +0000

[diff] [blame]

862

#

863

# Honor any existing content-type header. But if there is no

864

# content-type header, use some sensible defaults. Assume

865

# outerboundary is "" at the outer level, but something non-false

866

# inside a multi-part. The default for an inner part is text/plain,

867

# but for an outer part it should be urlencoded. This should catch

868

# bogus clients which erroneously forget to include a content-type

869

# header.

870

#

871

# See below for what we do if there does exist a content-type header,

872

# but it happens to be something we don't understand.

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

873

if self.headers.has_key('content-type'):

874

ctype, pdict = parse_header(self.headers['content-type'])

Guido van Rossum

ce900de

1999-06-02 18:44:22 +0000

[diff] [blame]

875

elif self.outerboundary or method != 'POST':

Barry Warsaw

302331a

1999-01-08 17:42:03 +0000

[diff] [blame]

876

ctype, pdict = "text/plain", {}

877

else:

878

ctype, pdict = 'application/x-www-form-urlencoded', {}

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

879

self.type = ctype

880

self.type_options = pdict

881

self.innerboundary = ""

882

if pdict.has_key('boundary'):

883

self.innerboundary = pdict['boundary']

884

clen = -1

885

if self.headers.has_key('content-length'):

886

try:

887

clen = string.atoi(self.headers['content-length'])

888

except:

889

pass

890

if maxlen and clen > maxlen:

891

raise ValueError, 'Maximum content length exceeded'

892

self.length = clen

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

893

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

894

self.list = self.file = None

895

self.done = 0

896

self.lines = []

897

if ctype == 'application/x-www-form-urlencoded':

898

self.read_urlencoded()

899

elif ctype[:10] == 'multipart/':

Guido van Rossum

f574500

1998-10-20 14:43:02 +0000

[diff] [blame]

900

self.read_multi(environ, keep_blank_values, strict_parsing)

Barry Warsaw

302331a

1999-01-08 17:42:03 +0000

[diff] [blame]

901

else:

Guido van Rossum

60a3bd8

1999-06-11 18:26:09 +0000

[diff] [blame]

902

self.read_single()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

903

904

def __repr__(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

905

"""Return a printable representation."""

906

return "FieldStorage(%s, %s, %s)" % (

907

`self.name`, `self.filename`, `self.value`)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

908

909

def __getattr__(self, name):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

910

if name != 'value':

911

raise AttributeError, name

912

if self.file:

913

self.file.seek(0)

914

value = self.file.read()

915

self.file.seek(0)

916

elif self.list is not None:

value = self.list

else:

value = None

return value

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

921

922

def __getitem__(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

923

"""Dictionary style indexing."""

924

if self.list is None:

925

raise TypeError, "not indexable"

926

found = []

927

for item in self.list:

928

if item.name == key: found.append(item)

if not found:

raise KeyError, key

if len(found) == 1:

return found[0]

else:

return found

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

935

936

def keys(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

937

"""Dictionary style keys() method."""

938

if self.list is None:

939

raise TypeError, "not indexable"

940

keys = []

941

for item in self.list:

942

if item.name not in keys: keys.append(item.name)

943

return keys

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

944

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

945

def has_key(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

946

"""Dictionary style has_key() method."""

947

if self.list is None:

948

raise TypeError, "not indexable"

949

for item in self.list:

950

if item.name == key: return 1

951

return 0

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

952

Guido van Rossum

88b85d4

1997-01-11 19:21:33 +0000

[diff] [blame]

953

def __len__(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

954

"""Dictionary style len(x) support."""

955

return len(self.keys())

Guido van Rossum

88b85d4

1997-01-11 19:21:33 +0000

[diff] [blame]

956

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

957

def read_urlencoded(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

958

"""Internal: read data in query string format."""

959

qs = self.fp.read(self.length)

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

960

self.list = list = []

961

for key, value in parse_qsl(qs, self.keep_blank_values,

962

self.strict_parsing):

963

list.append(MiniFieldStorage(key, value))

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

964

self.skip_lines()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

965

Guido van Rossum

030d2ec

1998-12-09 22:16:46 +0000

[diff] [blame]

966

FieldStorageClass = None

967

Guido van Rossum

f574500

1998-10-20 14:43:02 +0000

[diff] [blame]

968

def read_multi(self, environ, keep_blank_values, strict_parsing):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

969

"""Internal: read a part that is itself multipart."""

970

self.list = []

Guido van Rossum

030d2ec

1998-12-09 22:16:46 +0000

[diff] [blame]

971

klass = self.FieldStorageClass or self.__class__

972

part = klass(self.fp, {}, self.innerboundary,

973

environ, keep_blank_values, strict_parsing)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

974

# Throw first part away

975

while not part.done:

976

headers = rfc822.Message(self.fp)

Guido van Rossum

030d2ec

1998-12-09 22:16:46 +0000

[diff] [blame]

977

part = klass(self.fp, headers, self.innerboundary,

978

environ, keep_blank_values, strict_parsing)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

979

self.list.append(part)

980

self.skip_lines()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

981

982

def read_single(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

983

"""Internal: read an atomic part."""

if self.length >= 0:

self.read_binary()

self.skip_lines()

else:

self.read_lines()

self.file.seek(0)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

990

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

991

bufsize = 8*1024 # I/O buffering size for copy to file

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

992

993

def read_binary(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

994

"""Internal: read binary data."""

995

self.file = self.make_file('b')

todo = self.length

if todo >= 0:

while todo > 0:

data = self.fp.read(min(todo, self.bufsize))

if not data:

self.done = -1

break

self.file.write(data)

1004

todo = todo - len(data)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1005

1006

def read_lines(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1007

"""Internal: read lines until EOF or outerboundary."""

1008

self.file = self.make_file('')

1009

if self.outerboundary:

1010

self.read_lines_to_outerboundary()

1011

else:

1012

self.read_lines_to_eof()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1013

1014

def read_lines_to_eof(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1015

"""Internal: read lines until EOF."""

1016

while 1:

1017

line = self.fp.readline()

if not line:

self.done = -1

break

self.lines.append(line)

1022

self.file.write(line)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1023

1024

def read_lines_to_outerboundary(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1025

"""Internal: read lines until outerboundary."""

1026

next = "--" + self.outerboundary

last = next + "--"

delim = ""

while 1:

line = self.fp.readline()

if not line:

self.done = -1

break

self.lines.append(line)

1035

if line[:2] == "--":

1036

strippedline = string.strip(line)

1037

if strippedline == next:

1038

break

1039

if strippedline == last:

self.done = 1

break

odelim = delim

if line[-2:] == "\r\n":

1044

delim = "\r\n"

1045

line = line[:-2]

1046

elif line[-1] == "\n":

delim = "\n"

line = line[:-1]

else:

delim = ""

self.file.write(odelim + line)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1052

1053

def skip_lines(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1054

"""Internal: skip lines until outer boundary if defined."""

1055

if not self.outerboundary or self.done:

1056

return

1057

next = "--" + self.outerboundary

1058

last = next + "--"

1059

while 1:

1060

line = self.fp.readline()

if not line:

self.done = -1

break

self.lines.append(line)

1065

if line[:2] == "--":

1066

strippedline = string.strip(line)

1067

if strippedline == next:

1068

break

1069

if strippedline == last:

1070

self.done = 1

1071

break

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1072

Guido van Rossum

a5e9fb6

1997-08-12 18:18:13 +0000

[diff] [blame]

1073

def make_file(self, binary=None):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1074

"""Overridable: return a readable & writable file.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1075

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1076

The file will be used as follows:

1077

- data is written to it

1078

- seek(0)

1079

- data is read from it

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1080

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1081

The 'binary' argument is unused -- the file is always opened

1082

in binary mode.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1083

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1084

This version opens a temporary file for reading and writing,

1085

and immediately deletes (unlinks) it. The trick (on Unix!) is

1086

that the file can still be used, but it can't be opened by

1087

another process, and it will automatically be deleted when it

1088

is closed or when the current process terminates.

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

1089

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1090

If you want a more permanent file, you derive a class which

1091

overrides this method. If you want a visible temporary file

1092

that is nevertheless automatically deleted when the script

1093

terminates, try defining a __del__ method in a derived class

1094

which unlinks the temporary files you have created.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1095

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1096

"""

1097

import tempfile

1098

return tempfile.TemporaryFile("w+b")

1099

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

1100

1101

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

1102

# Backwards Compatibility Classes

1103

# ===============================

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1104

1105

class FormContentDict:

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1106

"""Basic (multiple values per field) form content as dictionary.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

1107

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1108

form = FormContentDict()

1109

1110

form[key] -> [value, value, ...]

1111

form.has_key(key) -> Boolean

1112

form.keys() -> [key, key, ...]

1113

form.values() -> [[val, val, ...], [val, val, ...], ...]

1114

form.items() -> [(key, [val, val, ...]), (key, [val, val, ...]), ...]

1115

form.dict == {key: [val, val, ...], ...}

1116

1117

"""

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

1118

def __init__(self, environ=os.environ):

Guido van Rossum

afb5e93

1996-08-08 18:42:12 +0000

[diff] [blame]

1119

self.dict = parse(environ=environ)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1120

self.query_string = environ['QUERY_STRING']

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1121

def __getitem__(self,key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1122

return self.dict[key]

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1123

def keys(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1124

return self.dict.keys()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1125

def has_key(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1126

return self.dict.has_key(key)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1127

def values(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1128

return self.dict.values()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1129

def items(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1130

return self.dict.items()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1131

def __len__( self ):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1132

return len(self.dict)

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1133

1134

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1135

class SvFormContentDict(FormContentDict):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1136

"""Strict single-value expecting form content as dictionary.

1137

1138

IF you only expect a single value for each field, then form[key]

1139

will return that single value. It will raise an IndexError if

1140

that expectation is not true. IF you expect a field to have

1141

possible multiple values, than you can use form.getlist(key) to

1142

get all of the values. values() and items() are a compromise:

1143

they return single strings where there is a single value, and

1144

lists of strings otherwise.

1145

1146

"""

1147

def __getitem__(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1148

if len(self.dict[key]) > 1:

1149

raise IndexError, 'expecting a single value'

1150

return self.dict[key][0]

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1151

def getlist(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1152

return self.dict[key]

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1153

def values(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1154

lis = []

1155

for each in self.dict.values():

1156

if len( each ) == 1 :

1157

lis.append(each[0])

1158

else: lis.append(each)

1159

return lis

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1160

def items(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1161

lis = []

1162

for key,value in self.dict.items():

1163

if len(value) == 1 :

1164

lis.append((key, value[0]))

1165

else: lis.append((key, value))

1166

return lis

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1167

1168

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1169

class InterpFormContentDict(SvFormContentDict):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1170

"""This class is present for backwards compatibility only."""

1171

def __getitem__( self, key ):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1172

v = SvFormContentDict.__getitem__( self, key )

1173

if v[0] in string.digits+'+-.' :

1174

try: return string.atoi( v )

1175

except ValueError:

1176

try: return string.atof( v )

1177

except ValueError: pass

1178

return string.strip(v)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1179

def values( self ):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1180

lis = []

1181

for key in self.keys():

1182

try:

1183

lis.append( self[key] )

1184

except IndexError:

1185

lis.append( self.dict[key] )

1186

return lis

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1187

def items( self ):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1188

lis = []

1189

for key in self.keys():

1190

try:

1191

lis.append( (key, self[key]) )

1192

except IndexError:

1193

lis.append( (key, self.dict[key]) )

1194

return lis

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1195

1196

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1197

class FormContent(FormContentDict):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1198

"""This class is present for backwards compatibility only."""

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

1199

def values(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1200

if self.dict.has_key(key) :return self.dict[key]

1201

else: return None

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

1202

def indexed_value(self, key, location):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1203

if self.dict.has_key(key):

1204

if len (self.dict[key]) > location:

1205

return self.dict[key][location]

1206

else: return None

1207

else: return None

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

1208

def value(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1209

if self.dict.has_key(key): return self.dict[key][0]

1210

else: return None

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

1211

def length(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1212

return len(self.dict[key])

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

1213

def stripped(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1214

if self.dict.has_key(key): return string.strip(self.dict[key][0])

1215

else: return None

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1216

def pars(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1217

return self.dict

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1218

1219

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

1220

# Test/debug code

1221

# ===============

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1222

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

1223

def test(environ=os.environ):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1224

"""Robust test CGI script, usable as main program.

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1225

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1226

Write minimal HTTP headers and dump all information provided to

1227

the script in HTML form.

"""

import traceback

print "Content-type: text/html"

1232

print

1233

sys.stderr = sys.stdout

1234

try:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1235

form = FieldStorage() # Replace with other classes to test those

1236

print_form(form)

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

1237

print_environ(environ)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1238

print_directory()

1239

print_arguments()

1240

print_environ_usage()

1241

def f():

1242

exec "testing print_exception() -- <I>italics?</I>"

1243

def g(f=f):

1244

f()

1245

print "<H3>What follows is a test, not an actual exception:</H3>"

1246

g()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1247

except:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1248

print_exception()

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

1249

Guido van Rossum

ad16471

1997-05-13 19:03:23 +0000

[diff] [blame]

1250

# Second try with a small maxlen...

1251

global maxlen

1252

maxlen = 50

1253

try:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1254

form = FieldStorage() # Replace with other classes to test those

1255

print_form(form)

1256

print_environ(environ)

1257

print_directory()

1258

print_arguments()

1259

print_environ_usage()

Guido van Rossum

ad16471

1997-05-13 19:03:23 +0000

[diff] [blame]

1260

except:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1261

print_exception()

Guido van Rossum

ad16471

1997-05-13 19:03:23 +0000

[diff] [blame]

1262

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

1263

def print_exception(type=None, value=None, tb=None, limit=None):

1264

if type is None:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1265

type, value, tb = sys.exc_info()

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

1266

import traceback

1267

print

1268

print "<H3>Traceback (innermost last):</H3>"

1269

list = traceback.format_tb(tb, limit) + \

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1270

traceback.format_exception_only(type, value)

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

1271

print "<PRE>%s<B>%s</B></PRE>" % (

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1272

escape(string.join(list[:-1], "")),

1273

escape(list[-1]),

1274

)

Guido van Rossum

f15d159

1997-09-29 23:22:12 +0000

[diff] [blame]

1275

del tb

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1276

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

1277

def print_environ(environ=os.environ):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1278

"""Dump the shell environment as HTML."""

1279

keys = environ.keys()

1280

keys.sort()

1281

print

Guido van Rossum

503e50b

1996-05-28 22:57:20 +0000

[diff] [blame]

1282

print "<H3>Shell Environment:</H3>"

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1283

print "<DL>"

1284

for key in keys:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1285

print "<DT>", escape(key), "<DD>", escape(environ[key])

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1286

print "</DL>"

1287

print

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

1288

1289

def print_form(form):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1290

"""Dump the contents of a form as HTML."""

1291

keys = form.keys()

1292

keys.sort()

1293

print

Guido van Rossum

503e50b

1996-05-28 22:57:20 +0000

[diff] [blame]

1294

print "<H3>Form Contents:</H3>"

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1295

print "<DL>"

1296

for key in keys:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1297

print "<DT>" + escape(key) + ":",

1298

value = form[key]

1299

print "<i>" + escape(`type(value)`) + "</i>"

1300

print "<DD>" + escape(`value`)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

print "</DL>"

print

def print_directory():

1305

"""Dump the current directory as HTML."""

1306

print

1307

print "<H3>Current Working Directory:</H3>"

1308

try:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1309

pwd = os.getcwd()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1310

except os.error, msg:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1311

print "os.error:", escape(str(msg))

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1312

else:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1313

print escape(pwd)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1314

print

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1315

Guido van Rossum

a8738a5

1996-03-14 21:30:28 +0000

[diff] [blame]

1316

def print_arguments():

1317

print

Guido van Rossum

503e50b

1996-05-28 22:57:20 +0000

[diff] [blame]

1318

print "<H3>Command Line Arguments:</H3>"

Guido van Rossum

a8738a5

1996-03-14 21:30:28 +0000

[diff] [blame]

print

print sys.argv

print

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1323

def print_environ_usage():

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1324

"""Dump a list of environment variables used by CGI as HTML."""

1325

print """

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

1326

<H3>These environment variables could have been set:</H3>

1327

<UL>

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

<LI>AUTH_TYPE

<LI>CONTENT_LENGTH

<LI>CONTENT_TYPE

<LI>DATE_GMT

<LI>DATE_LOCAL

<LI>DOCUMENT_NAME

<LI>DOCUMENT_ROOT

<LI>DOCUMENT_URI

<LI>GATEWAY_INTERFACE

<LI>LAST_MODIFIED

<LI>PATH

<LI>PATH_INFO

<LI>PATH_TRANSLATED

<LI>QUERY_STRING

<LI>REMOTE_ADDR

<LI>REMOTE_HOST

<LI>REMOTE_IDENT

<LI>REMOTE_USER

<LI>REQUEST_METHOD

<LI>SCRIPT_NAME

<LI>SERVER_NAME

<LI>SERVER_PORT

<LI>SERVER_PROTOCOL

<LI>SERVER_ROOT

<LI>SERVER_SOFTWARE

</UL>

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1354

In addition, HTTP headers sent by the server may be passed in the

1355

environment as well. Here are some common variable names:

<UL>

<LI>HTTP_ACCEPT

<LI>HTTP_CONNECTION

<LI>HTTP_HOST

<LI>HTTP_PRAGMA

<LI>HTTP_REFERER

<LI>HTTP_USER_AGENT

</UL>

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1364

"""

1365

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1366

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

1367

# Utilities

1368

# =========

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1369

Guido van Rossum

64c6620

1997-07-19 20:11:53 +0000

[diff] [blame]

1370

def escape(s, quote=None):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1371

"""Replace special characters '&', '<' and '>' by SGML entities."""

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1372

s = string.replace(s, "&", "&") # Must be done first!

Guido van Rossum

00f9fea

1997-12-24 21:18:41 +0000

[diff] [blame]

1373

s = string.replace(s, "<", "<")

1374

s = string.replace(s, ">", ">",)

Guido van Rossum

64c6620

1997-07-19 20:11:53 +0000

[diff] [blame]

1375

if quote:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1376

s = string.replace(s, '"', """)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1377

return s

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1378

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1379

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

# Invoke mainline

# ===============

# Call test() when this file is run as a script (not imported as a module)

1384

if __name__ == '__main__':

Guido van Rossum