Georg Brandl | 0d8f073 | 2009-04-05 22:20:44 +0000 | [diff] [blame] | 1 | :mod:`cgi` --- Common Gateway Interface support |
| 2 | =============================================== |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 3 | |
| 4 | .. module:: cgi |
| 5 | :synopsis: Helpers for running Python scripts via the Common Gateway Interface. |
| 6 | |
| 7 | |
| 8 | .. index:: |
| 9 | pair: WWW; server |
| 10 | pair: CGI; protocol |
| 11 | pair: HTTP; protocol |
| 12 | pair: MIME; headers |
| 13 | single: URL |
| 14 | single: Common Gateway Interface |
| 15 | |
Raymond Hettinger | a199368 | 2011-01-27 01:20:32 +0000 | [diff] [blame] | 16 | **Source code:** :source:`Lib/cgi.py` |
| 17 | |
| 18 | -------------- |
| 19 | |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 20 | Support module for Common Gateway Interface (CGI) scripts. |
| 21 | |
| 22 | This module defines a number of utilities for use by CGI scripts written in |
| 23 | Python. |
| 24 | |
| 25 | |
| 26 | Introduction |
| 27 | ------------ |
| 28 | |
| 29 | .. _cgi-intro: |
| 30 | |
| 31 | A CGI script is invoked by an HTTP server, usually to process user input |
| 32 | submitted through an HTML ``<FORM>`` or ``<ISINDEX>`` element. |
| 33 | |
| 34 | Most often, CGI scripts live in the server's special :file:`cgi-bin` directory. |
| 35 | The HTTP server places all sorts of information about the request (such as the |
| 36 | client's hostname, the requested URL, the query string, and lots of other |
| 37 | goodies) in the script's shell environment, executes the script, and sends the |
| 38 | script's output back to the client. |
| 39 | |
| 40 | The script's input is connected to the client too, and sometimes the form data |
| 41 | is read this way; at other times the form data is passed via the "query string" |
| 42 | part of the URL. This module is intended to take care of the different cases |
| 43 | and provide a simpler interface to the Python script. It also provides a number |
| 44 | of utilities that help in debugging scripts, and the latest addition is support |
| 45 | for file uploads from a form (if your browser supports it). |
| 46 | |
| 47 | The output of a CGI script should consist of two sections, separated by a blank |
| 48 | line. The first section contains a number of headers, telling the client what |
| 49 | kind of data is following. Python code to generate a minimal header section |
| 50 | looks like this:: |
| 51 | |
Georg Brandl | 6911e3c | 2007-09-04 07:15:32 +0000 | [diff] [blame] | 52 | print("Content-Type: text/html") # HTML is following |
| 53 | print() # blank line, end of headers |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 54 | |
| 55 | The second section is usually HTML, which allows the client software to display |
| 56 | nicely formatted text with header, in-line images, etc. Here's Python code that |
| 57 | prints a simple piece of HTML:: |
| 58 | |
Georg Brandl | 6911e3c | 2007-09-04 07:15:32 +0000 | [diff] [blame] | 59 | print("<TITLE>CGI script output</TITLE>") |
| 60 | print("<H1>This is my first CGI script</H1>") |
| 61 | print("Hello, world!") |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 62 | |
| 63 | |
| 64 | .. _using-the-cgi-module: |
| 65 | |
| 66 | Using the cgi module |
| 67 | -------------------- |
| 68 | |
Georg Brandl | 49d1b4f | 2008-05-11 21:42:51 +0000 | [diff] [blame] | 69 | Begin by writing ``import cgi``. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 70 | |
Benjamin Peterson | ad3d5c2 | 2009-02-26 03:38:59 +0000 | [diff] [blame] | 71 | When you write a new script, consider adding these lines:: |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 72 | |
Benjamin Peterson | ad3d5c2 | 2009-02-26 03:38:59 +0000 | [diff] [blame] | 73 | import cgitb |
| 74 | cgitb.enable() |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 75 | |
| 76 | This activates a special exception handler that will display detailed reports in |
| 77 | the Web browser if any errors occur. If you'd rather not show the guts of your |
| 78 | program to users of your script, you can have the reports saved to files |
Benjamin Peterson | ad3d5c2 | 2009-02-26 03:38:59 +0000 | [diff] [blame] | 79 | instead, with code like this:: |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 80 | |
Benjamin Peterson | ad3d5c2 | 2009-02-26 03:38:59 +0000 | [diff] [blame] | 81 | import cgitb |
Petri Lehtinen | 9f74c6c | 2013-02-23 19:26:56 +0100 | [diff] [blame] | 82 | cgitb.enable(display=0, logdir="/path/to/logdir") |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 83 | |
| 84 | It's very helpful to use this feature during script development. The reports |
| 85 | produced by :mod:`cgitb` provide information that can save you a lot of time in |
| 86 | tracking down bugs. You can always remove the ``cgitb`` line later when you |
| 87 | have tested your script and are confident that it works correctly. |
| 88 | |
Senthil Kumaran | 290416f | 2012-04-30 22:43:13 +0800 | [diff] [blame] | 89 | To get at submitted form data, use the :class:`FieldStorage` class. If the form |
| 90 | contains non-ASCII characters, use the *encoding* keyword parameter set to the |
| 91 | value of the encoding defined for the document. It is usually contained in the |
| 92 | META tag in the HEAD section of the HTML document or by the |
| 93 | :mailheader:`Content-Type` header). This reads the form contents from the |
| 94 | standard input or the environment (depending on the value of various |
| 95 | environment variables set according to the CGI standard). Since it may consume |
| 96 | standard input, it should be instantiated only once. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 97 | |
Ezio Melotti | c7e994d | 2009-07-22 21:17:14 +0000 | [diff] [blame] | 98 | The :class:`FieldStorage` instance can be indexed like a Python dictionary. |
| 99 | It allows membership testing with the :keyword:`in` operator, and also supports |
Serhiy Storchaka | fd1c3d3 | 2013-10-13 18:28:26 +0300 | [diff] [blame] | 100 | the standard dictionary method :meth:`~dict.keys` and the built-in function |
Ezio Melotti | c7e994d | 2009-07-22 21:17:14 +0000 | [diff] [blame] | 101 | :func:`len`. Form fields containing empty strings are ignored and do not appear |
| 102 | in the dictionary; to keep such values, provide a true value for the optional |
| 103 | *keep_blank_values* keyword parameter when creating the :class:`FieldStorage` |
| 104 | instance. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 105 | |
| 106 | For instance, the following code (which assumes that the |
| 107 | :mailheader:`Content-Type` header and blank line have already been printed) |
| 108 | checks that the fields ``name`` and ``addr`` are both set to a non-empty |
| 109 | string:: |
| 110 | |
| 111 | form = cgi.FieldStorage() |
Ezio Melotti | c7e994d | 2009-07-22 21:17:14 +0000 | [diff] [blame] | 112 | if "name" not in form or "addr" not in form: |
Georg Brandl | 6911e3c | 2007-09-04 07:15:32 +0000 | [diff] [blame] | 113 | print("<H1>Error</H1>") |
| 114 | print("Please fill in the name and addr fields.") |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 115 | return |
Georg Brandl | 6911e3c | 2007-09-04 07:15:32 +0000 | [diff] [blame] | 116 | print("<p>name:", form["name"].value) |
| 117 | print("<p>addr:", form["addr"].value) |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 118 | ...further form processing here... |
| 119 | |
| 120 | Here the fields, accessed through ``form[key]``, are themselves instances of |
| 121 | :class:`FieldStorage` (or :class:`MiniFieldStorage`, depending on the form |
Serhiy Storchaka | fd1c3d3 | 2013-10-13 18:28:26 +0300 | [diff] [blame] | 122 | encoding). The :attr:`~FieldStorage.value` attribute of the instance yields |
| 123 | the string value of the field. The :meth:`~FieldStorage.getvalue` method |
| 124 | returns this string value directly; it also accepts an optional second argument |
| 125 | as a default to return if the requested key is not present. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 126 | |
| 127 | If the submitted form data contains more than one field with the same name, the |
| 128 | object retrieved by ``form[key]`` is not a :class:`FieldStorage` or |
| 129 | :class:`MiniFieldStorage` instance but a list of such instances. Similarly, in |
| 130 | this situation, ``form.getvalue(key)`` would return a list of strings. If you |
| 131 | expect this possibility (when your HTML form contains multiple fields with the |
Serhiy Storchaka | fd1c3d3 | 2013-10-13 18:28:26 +0300 | [diff] [blame] | 132 | same name), use the :meth:`~FieldStorage.getlist` method, which always returns |
| 133 | a list of values (so that you do not need to special-case the single item |
| 134 | case). For example, this code concatenates any number of username fields, |
| 135 | separated by commas:: |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 136 | |
| 137 | value = form.getlist("username") |
| 138 | usernames = ",".join(value) |
| 139 | |
| 140 | If a field represents an uploaded file, accessing the value via the |
Serhiy Storchaka | fd1c3d3 | 2013-10-13 18:28:26 +0300 | [diff] [blame] | 141 | :attr:`~FieldStorage.value` attribute or the :meth:`~FieldStorage.getvalue` |
| 142 | method reads the entire file in memory as bytes. This may not be what you |
| 143 | want. You can test for an uploaded file by testing either the |
| 144 | :attr:`~FieldStorage.filename` attribute or the :attr:`~FieldStorage.file` |
Brett Cannon | c089f70 | 2014-01-17 11:03:19 -0500 | [diff] [blame] | 145 | attribute. You can then read the data from the :attr:`!file` |
| 146 | attribute before it is automatically closed as part of the garbage collection of |
| 147 | the :class:`FieldStorage` instance |
| 148 | (the :func:`~io.RawIOBase.read` and :func:`~io.IOBase.readline` methods will |
| 149 | return bytes):: |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 150 | |
| 151 | fileitem = form["userfile"] |
| 152 | if fileitem.file: |
| 153 | # It's an uploaded file; count lines |
| 154 | linecount = 0 |
Collin Winter | 4633448 | 2007-09-10 00:49:57 +0000 | [diff] [blame] | 155 | while True: |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 156 | line = fileitem.file.readline() |
| 157 | if not line: break |
| 158 | linecount = linecount + 1 |
| 159 | |
Berker Peksag | bf5e960 | 2015-02-06 10:21:37 +0200 | [diff] [blame] | 160 | :class:`FieldStorage` objects also support being used in a :keyword:`with` |
| 161 | statement, which will automatically close them when done. |
| 162 | |
Sean Reifscheider | 782d6b4 | 2007-09-18 23:39:35 +0000 | [diff] [blame] | 163 | If an error is encountered when obtaining the contents of an uploaded file |
| 164 | (for example, when the user interrupts the form submission by clicking on |
Serhiy Storchaka | fd1c3d3 | 2013-10-13 18:28:26 +0300 | [diff] [blame] | 165 | a Back or Cancel button) the :attr:`~FieldStorage.done` attribute of the |
| 166 | object for the field will be set to the value -1. |
Sean Reifscheider | 782d6b4 | 2007-09-18 23:39:35 +0000 | [diff] [blame] | 167 | |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 168 | The file upload draft standard entertains the possibility of uploading multiple |
| 169 | files from one field (using a recursive :mimetype:`multipart/\*` encoding). |
| 170 | When this occurs, the item will be a dictionary-like :class:`FieldStorage` item. |
Georg Brandl | 502d9a5 | 2009-07-26 15:02:41 +0000 | [diff] [blame] | 171 | This can be determined by testing its :attr:`!type` attribute, which should be |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 172 | :mimetype:`multipart/form-data` (or perhaps another MIME type matching |
| 173 | :mimetype:`multipart/\*`). In this case, it can be iterated over recursively |
| 174 | just like the top-level form object. |
| 175 | |
| 176 | When a form is submitted in the "old" format (as the query string or as a single |
| 177 | data part of type :mimetype:`application/x-www-form-urlencoded`), the items will |
| 178 | actually be instances of the class :class:`MiniFieldStorage`. In this case, the |
Georg Brandl | 502d9a5 | 2009-07-26 15:02:41 +0000 | [diff] [blame] | 179 | :attr:`!list`, :attr:`!file`, and :attr:`filename` attributes are always ``None``. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 180 | |
Benjamin Peterson | dcf97b9 | 2008-07-02 17:30:14 +0000 | [diff] [blame] | 181 | A form submitted via POST that also has a query string will contain both |
| 182 | :class:`FieldStorage` and :class:`MiniFieldStorage` items. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 183 | |
Brett Cannon | c089f70 | 2014-01-17 11:03:19 -0500 | [diff] [blame] | 184 | .. versionchanged:: 3.4 |
| 185 | The :attr:`~FieldStorage.file` attribute is automatically closed upon the |
| 186 | garbage collection of the creating :class:`FieldStorage` instance. |
| 187 | |
Berker Peksag | bf5e960 | 2015-02-06 10:21:37 +0200 | [diff] [blame] | 188 | .. versionchanged:: 3.5 |
| 189 | Added support for the context management protocol to the |
| 190 | :class:`FieldStorage` class. |
| 191 | |
Brett Cannon | c089f70 | 2014-01-17 11:03:19 -0500 | [diff] [blame] | 192 | |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 193 | Higher Level Interface |
| 194 | ---------------------- |
| 195 | |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 196 | The previous section explains how to read CGI form data using the |
| 197 | :class:`FieldStorage` class. This section describes a higher level interface |
| 198 | which was added to this class to allow one to do it in a more readable and |
| 199 | intuitive way. The interface doesn't make the techniques described in previous |
| 200 | sections obsolete --- they are still useful to process file uploads efficiently, |
| 201 | for example. |
| 202 | |
Christian Heimes | 5b5e81c | 2007-12-31 16:14:33 +0000 | [diff] [blame] | 203 | .. XXX: Is this true ? |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 204 | |
| 205 | The interface consists of two simple methods. Using the methods you can process |
| 206 | form data in a generic way, without the need to worry whether only one or more |
| 207 | values were posted under one name. |
| 208 | |
| 209 | In the previous section, you learned to write following code anytime you |
| 210 | expected a user to post more than one value under one name:: |
| 211 | |
| 212 | item = form.getvalue("item") |
| 213 | if isinstance(item, list): |
| 214 | # The user is requesting more than one item. |
| 215 | else: |
| 216 | # The user is requesting only one item. |
| 217 | |
| 218 | This situation is common for example when a form contains a group of multiple |
| 219 | checkboxes with the same name:: |
| 220 | |
| 221 | <input type="checkbox" name="item" value="1" /> |
| 222 | <input type="checkbox" name="item" value="2" /> |
| 223 | |
| 224 | In most situations, however, there's only one form control with a particular |
| 225 | name in a form and then you expect and need only one value associated with this |
| 226 | name. So you write a script containing for example this code:: |
| 227 | |
| 228 | user = form.getvalue("user").upper() |
| 229 | |
| 230 | The problem with the code is that you should never expect that a client will |
| 231 | provide valid input to your scripts. For example, if a curious user appends |
| 232 | another ``user=foo`` pair to the query string, then the script would crash, |
| 233 | because in this situation the ``getvalue("user")`` method call returns a list |
Benjamin Peterson | 8719ad5 | 2009-09-11 22:24:02 +0000 | [diff] [blame] | 234 | instead of a string. Calling the :meth:`~str.upper` method on a list is not valid |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 235 | (since lists do not have a method of this name) and results in an |
| 236 | :exc:`AttributeError` exception. |
| 237 | |
| 238 | Therefore, the appropriate way to read form data values was to always use the |
| 239 | code which checks whether the obtained value is a single value or a list of |
| 240 | values. That's annoying and leads to less readable scripts. |
| 241 | |
Serhiy Storchaka | fd1c3d3 | 2013-10-13 18:28:26 +0300 | [diff] [blame] | 242 | A more convenient approach is to use the methods :meth:`~FieldStorage.getfirst` |
| 243 | and :meth:`~FieldStorage.getlist` provided by this higher level interface. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 244 | |
| 245 | |
Georg Brandl | 0d8f073 | 2009-04-05 22:20:44 +0000 | [diff] [blame] | 246 | .. method:: FieldStorage.getfirst(name, default=None) |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 247 | |
| 248 | This method always returns only one value associated with form field *name*. |
| 249 | The method returns only the first value in case that more values were posted |
| 250 | under such name. Please note that the order in which the values are received |
| 251 | may vary from browser to browser and should not be counted on. [#]_ If no such |
| 252 | form field or value exists then the method returns the value specified by the |
| 253 | optional parameter *default*. This parameter defaults to ``None`` if not |
| 254 | specified. |
| 255 | |
| 256 | |
| 257 | .. method:: FieldStorage.getlist(name) |
| 258 | |
| 259 | This method always returns a list of values associated with form field *name*. |
| 260 | The method returns an empty list if no such form field or value exists for |
| 261 | *name*. It returns a list consisting of one item if only one such value exists. |
| 262 | |
| 263 | Using these methods you can write nice compact code:: |
| 264 | |
| 265 | import cgi |
| 266 | form = cgi.FieldStorage() |
| 267 | user = form.getfirst("user", "").upper() # This way it's safe. |
| 268 | for item in form.getlist("item"): |
| 269 | do_something(item) |
| 270 | |
| 271 | |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 272 | .. _functions-in-cgi-module: |
| 273 | |
| 274 | Functions |
| 275 | --------- |
| 276 | |
| 277 | These are useful if you want more control, or if you want to employ some of the |
| 278 | algorithms implemented in this module in other circumstances. |
| 279 | |
| 280 | |
Georg Brandl | 0d8f073 | 2009-04-05 22:20:44 +0000 | [diff] [blame] | 281 | .. function:: parse(fp=None, environ=os.environ, keep_blank_values=False, strict_parsing=False) |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 282 | |
| 283 | Parse a query in the environment or from a file (the file defaults to |
| 284 | ``sys.stdin``). The *keep_blank_values* and *strict_parsing* parameters are |
Facundo Batista | c469d4c | 2008-09-03 22:49:01 +0000 | [diff] [blame] | 285 | passed to :func:`urllib.parse.parse_qs` unchanged. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 286 | |
| 287 | |
Georg Brandl | 0d8f073 | 2009-04-05 22:20:44 +0000 | [diff] [blame] | 288 | .. function:: parse_qs(qs, keep_blank_values=False, strict_parsing=False) |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 289 | |
Facundo Batista | c469d4c | 2008-09-03 22:49:01 +0000 | [diff] [blame] | 290 | This function is deprecated in this module. Use :func:`urllib.parse.parse_qs` |
Georg Brandl | ae2dbe2 | 2009-03-13 19:04:40 +0000 | [diff] [blame] | 291 | instead. It is maintained here only for backward compatibility. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 292 | |
Georg Brandl | 0d8f073 | 2009-04-05 22:20:44 +0000 | [diff] [blame] | 293 | .. function:: parse_qsl(qs, keep_blank_values=False, strict_parsing=False) |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 294 | |
Martin Panter | cebfdac | 2015-09-20 00:28:50 +0000 | [diff] [blame] | 295 | This function is deprecated in this module. Use :func:`urllib.parse.parse_qsl` |
Georg Brandl | ae2dbe2 | 2009-03-13 19:04:40 +0000 | [diff] [blame] | 296 | instead. It is maintained here only for backward compatibility. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 297 | |
| 298 | .. function:: parse_multipart(fp, pdict) |
| 299 | |
| 300 | Parse input of type :mimetype:`multipart/form-data` (for file uploads). |
| 301 | Arguments are *fp* for the input file and *pdict* for a dictionary containing |
| 302 | other parameters in the :mailheader:`Content-Type` header. |
| 303 | |
Facundo Batista | c469d4c | 2008-09-03 22:49:01 +0000 | [diff] [blame] | 304 | Returns a dictionary just like :func:`urllib.parse.parse_qs` keys are the field names, each |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 305 | value is a list of values for that field. This is easy to use but not much good |
| 306 | if you are expecting megabytes to be uploaded --- in that case, use the |
| 307 | :class:`FieldStorage` class instead which is much more flexible. |
| 308 | |
| 309 | Note that this does not parse nested multipart parts --- use |
| 310 | :class:`FieldStorage` for that. |
| 311 | |
| 312 | |
| 313 | .. function:: parse_header(string) |
| 314 | |
| 315 | Parse a MIME header (such as :mailheader:`Content-Type`) into a main value and a |
| 316 | dictionary of parameters. |
| 317 | |
| 318 | |
| 319 | .. function:: test() |
| 320 | |
| 321 | Robust test CGI script, usable as main program. Writes minimal HTTP headers and |
| 322 | formats all information provided to the script in HTML form. |
| 323 | |
| 324 | |
| 325 | .. function:: print_environ() |
| 326 | |
| 327 | Format the shell environment in HTML. |
| 328 | |
| 329 | |
| 330 | .. function:: print_form(form) |
| 331 | |
| 332 | Format a form in HTML. |
| 333 | |
| 334 | |
| 335 | .. function:: print_directory() |
| 336 | |
| 337 | Format the current directory in HTML. |
| 338 | |
| 339 | |
| 340 | .. function:: print_environ_usage() |
| 341 | |
| 342 | Print a list of useful (used by CGI) environment variables in HTML. |
| 343 | |
| 344 | |
Georg Brandl | 0d8f073 | 2009-04-05 22:20:44 +0000 | [diff] [blame] | 345 | .. function:: escape(s, quote=False) |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 346 | |
| 347 | Convert the characters ``'&'``, ``'<'`` and ``'>'`` in string *s* to HTML-safe |
| 348 | sequences. Use this if you need to display text that might contain such |
| 349 | characters in HTML. If the optional flag *quote* is true, the quotation mark |
Georg Brandl | 1800934 | 2010-08-02 21:51:18 +0000 | [diff] [blame] | 350 | character (``"``) is also translated; this helps for inclusion in an HTML |
| 351 | attribute value delimited by double quotes, as in ``<a href="...">``. Note |
| 352 | that single quotes are never translated. |
| 353 | |
Georg Brandl | 1f7fffb | 2010-10-15 15:57:45 +0000 | [diff] [blame] | 354 | .. deprecated:: 3.2 |
| 355 | This function is unsafe because *quote* is false by default, and therefore |
| 356 | deprecated. Use :func:`html.escape` instead. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 357 | |
| 358 | |
| 359 | .. _cgi-security: |
| 360 | |
| 361 | Caring about security |
| 362 | --------------------- |
| 363 | |
| 364 | .. index:: pair: CGI; security |
| 365 | |
| 366 | There's one important rule: if you invoke an external program (via the |
| 367 | :func:`os.system` or :func:`os.popen` functions. or others with similar |
| 368 | functionality), make very sure you don't pass arbitrary strings received from |
| 369 | the client to the shell. This is a well-known security hole whereby clever |
| 370 | hackers anywhere on the Web can exploit a gullible CGI script to invoke |
| 371 | arbitrary shell commands. Even parts of the URL or field names cannot be |
| 372 | trusted, since the request doesn't have to come from your form! |
| 373 | |
| 374 | To be on the safe side, if you must pass a string gotten from a form to a shell |
| 375 | command, you should make sure the string contains only alphanumeric characters, |
| 376 | dashes, underscores, and periods. |
| 377 | |
| 378 | |
| 379 | Installing your CGI script on a Unix system |
| 380 | ------------------------------------------- |
| 381 | |
| 382 | Read the documentation for your HTTP server and check with your local system |
| 383 | administrator to find the directory where CGI scripts should be installed; |
| 384 | usually this is in a directory :file:`cgi-bin` in the server tree. |
| 385 | |
| 386 | Make sure that your script is readable and executable by "others"; the Unix file |
Georg Brandl | f4a4123 | 2008-05-26 17:55:52 +0000 | [diff] [blame] | 387 | mode should be ``0o755`` octal (use ``chmod 0755 filename``). Make sure that the |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 388 | first line of the script contains ``#!`` starting in column 1 followed by the |
| 389 | pathname of the Python interpreter, for instance:: |
| 390 | |
| 391 | #!/usr/local/bin/python |
| 392 | |
| 393 | Make sure the Python interpreter exists and is executable by "others". |
| 394 | |
| 395 | Make sure that any files your script needs to read or write are readable or |
Georg Brandl | f4a4123 | 2008-05-26 17:55:52 +0000 | [diff] [blame] | 396 | writable, respectively, by "others" --- their mode should be ``0o644`` for |
| 397 | readable and ``0o666`` for writable. This is because, for security reasons, the |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 398 | HTTP server executes your script as user "nobody", without any special |
| 399 | privileges. It can only read (write, execute) files that everybody can read |
| 400 | (write, execute). The current directory at execution time is also different (it |
| 401 | is usually the server's cgi-bin directory) and the set of environment variables |
| 402 | is also different from what you get when you log in. In particular, don't count |
| 403 | on the shell's search path for executables (:envvar:`PATH`) or the Python module |
| 404 | search path (:envvar:`PYTHONPATH`) to be set to anything interesting. |
| 405 | |
| 406 | If you need to load modules from a directory which is not on Python's default |
| 407 | module search path, you can change the path in your script, before importing |
| 408 | other modules. For example:: |
| 409 | |
| 410 | import sys |
| 411 | sys.path.insert(0, "/usr/home/joe/lib/python") |
| 412 | sys.path.insert(0, "/usr/local/lib/python") |
| 413 | |
| 414 | (This way, the directory inserted last will be searched first!) |
| 415 | |
| 416 | Instructions for non-Unix systems will vary; check your HTTP server's |
| 417 | documentation (it will usually have a section on CGI scripts). |
| 418 | |
| 419 | |
| 420 | Testing your CGI script |
| 421 | ----------------------- |
| 422 | |
| 423 | Unfortunately, a CGI script will generally not run when you try it from the |
| 424 | command line, and a script that works perfectly from the command line may fail |
| 425 | mysteriously when run from the server. There's one reason why you should still |
| 426 | test your script from the command line: if it contains a syntax error, the |
| 427 | Python interpreter won't execute it at all, and the HTTP server will most likely |
| 428 | send a cryptic error to the client. |
| 429 | |
| 430 | Assuming your script has no syntax errors, yet it does not work, you have no |
| 431 | choice but to read the next section. |
| 432 | |
| 433 | |
| 434 | Debugging CGI scripts |
| 435 | --------------------- |
| 436 | |
| 437 | .. index:: pair: CGI; debugging |
| 438 | |
| 439 | First of all, check for trivial installation errors --- reading the section |
| 440 | above on installing your CGI script carefully can save you a lot of time. If |
| 441 | you wonder whether you have understood the installation procedure correctly, try |
| 442 | installing a copy of this module file (:file:`cgi.py`) as a CGI script. When |
| 443 | invoked as a script, the file will dump its environment and the contents of the |
| 444 | form in HTML form. Give it the right mode etc, and send it a request. If it's |
| 445 | installed in the standard :file:`cgi-bin` directory, it should be possible to |
| 446 | send it a request by entering a URL into your browser of the form:: |
| 447 | |
| 448 | http://yourhostname/cgi-bin/cgi.py?name=Joe+Blow&addr=At+Home |
| 449 | |
| 450 | If this gives an error of type 404, the server cannot find the script -- perhaps |
| 451 | you need to install it in a different directory. If it gives another error, |
| 452 | there's an installation problem that you should fix before trying to go any |
| 453 | further. If you get a nicely formatted listing of the environment and form |
| 454 | content (in this example, the fields should be listed as "addr" with value "At |
| 455 | Home" and "name" with value "Joe Blow"), the :file:`cgi.py` script has been |
| 456 | installed correctly. If you follow the same procedure for your own script, you |
| 457 | should now be able to debug it. |
| 458 | |
| 459 | The next step could be to call the :mod:`cgi` module's :func:`test` function |
| 460 | from your script: replace its main code with the single statement :: |
| 461 | |
| 462 | cgi.test() |
| 463 | |
| 464 | This should produce the same results as those gotten from installing the |
| 465 | :file:`cgi.py` file itself. |
| 466 | |
| 467 | When an ordinary Python script raises an unhandled exception (for whatever |
| 468 | reason: of a typo in a module name, a file that can't be opened, etc.), the |
| 469 | Python interpreter prints a nice traceback and exits. While the Python |
| 470 | interpreter will still do this when your CGI script raises an exception, most |
| 471 | likely the traceback will end up in one of the HTTP server's log files, or be |
| 472 | discarded altogether. |
| 473 | |
| 474 | Fortunately, once you have managed to get your script to execute *some* code, |
| 475 | you can easily send tracebacks to the Web browser using the :mod:`cgitb` module. |
Benjamin Peterson | ad3d5c2 | 2009-02-26 03:38:59 +0000 | [diff] [blame] | 476 | If you haven't done so already, just add the lines:: |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 477 | |
Benjamin Peterson | ad3d5c2 | 2009-02-26 03:38:59 +0000 | [diff] [blame] | 478 | import cgitb |
| 479 | cgitb.enable() |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 480 | |
| 481 | to the top of your script. Then try running it again; when a problem occurs, |
| 482 | you should see a detailed report that will likely make apparent the cause of the |
| 483 | crash. |
| 484 | |
| 485 | If you suspect that there may be a problem in importing the :mod:`cgitb` module, |
| 486 | you can use an even more robust approach (which only uses built-in modules):: |
| 487 | |
| 488 | import sys |
| 489 | sys.stderr = sys.stdout |
Georg Brandl | 6911e3c | 2007-09-04 07:15:32 +0000 | [diff] [blame] | 490 | print("Content-Type: text/plain") |
| 491 | print() |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 492 | ...your code here... |
| 493 | |
| 494 | This relies on the Python interpreter to print the traceback. The content type |
| 495 | of the output is set to plain text, which disables all HTML processing. If your |
| 496 | script works, the raw HTML will be displayed by your client. If it raises an |
| 497 | exception, most likely after the first two lines have been printed, a traceback |
| 498 | will be displayed. Because no HTML interpretation is going on, the traceback |
| 499 | will be readable. |
| 500 | |
| 501 | |
| 502 | Common problems and solutions |
| 503 | ----------------------------- |
| 504 | |
| 505 | * Most HTTP servers buffer the output from CGI scripts until the script is |
| 506 | completed. This means that it is not possible to display a progress report on |
| 507 | the client's display while the script is running. |
| 508 | |
| 509 | * Check the installation instructions above. |
| 510 | |
| 511 | * Check the HTTP server's log files. (``tail -f logfile`` in a separate window |
| 512 | may be useful!) |
| 513 | |
| 514 | * Always check a script for syntax errors first, by doing something like |
| 515 | ``python script.py``. |
| 516 | |
| 517 | * If your script does not have any syntax errors, try adding ``import cgitb; |
| 518 | cgitb.enable()`` to the top of the script. |
| 519 | |
| 520 | * When invoking external programs, make sure they can be found. Usually, this |
| 521 | means using absolute path names --- :envvar:`PATH` is usually not set to a very |
| 522 | useful value in a CGI script. |
| 523 | |
| 524 | * When reading or writing external files, make sure they can be read or written |
| 525 | by the userid under which your CGI script will be running: this is typically the |
| 526 | userid under which the web server is running, or some explicitly specified |
| 527 | userid for a web server's ``suexec`` feature. |
| 528 | |
| 529 | * Don't try to give a CGI script a set-uid mode. This doesn't work on most |
| 530 | systems, and is a security liability as well. |
| 531 | |
| 532 | .. rubric:: Footnotes |
| 533 | |
Georg Brandl | 1f7fffb | 2010-10-15 15:57:45 +0000 | [diff] [blame] | 534 | .. [#] Note that some recent versions of the HTML specification do state what |
| 535 | order the field values should be supplied in, but knowing whether a request |
| 536 | was received from a conforming browser, or even from a browser at all, is |
| 537 | tedious and error-prone. |
Georg Brandl | 116aa62 | 2007-08-15 14:28:22 +0000 | [diff] [blame] | 538 | |