Blame - Lib/cgi.py - platform/external/python/cpython3

1996-03-06 07:20:06 +0000

[diff] [blame]

12

"""Support module for CGI (Common Gateway Interface) scripts.

Guido van Rossum

1c9daa8

1995-09-18 21:52:37 +0000

[diff] [blame]

13

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

14

This module defines a number of utilities for use by CGI scripts

15

written in Python.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

16

"""

17

Guido van Rossum

98d9fd3

2000-02-28 15:12:25 +0000

[diff] [blame]

18

# History

19

# -------

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

20

#

Guido van Rossum

98d9fd3

2000-02-28 15:12:25 +0000

[diff] [blame]

21

# Michael McLay started this module. Steve Majewski changed the

22

# interface to SvFormContentDict and FormContentDict. The multipart

23

# parsing was inspired by code submitted by Andreas Paepcke. Guido van

24

# Rossum rewrote, reformatted and documented the module and is currently

25

# responsible for its maintenance.

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

26

#

Guido van Rossum

98d9fd3

2000-02-28 15:12:25 +0000

[diff] [blame]

27

Guido van Rossum

2001-06-29 13:06:06 +0000

[diff] [blame]

28

__version__ = "2.6"

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

29

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

# Imports

# =======

Raymond Hettinger

2004-12-31 21:59:02 +0000

[diff] [blame]

34

from operator import attrgetter

Barry Warsaw

2008-06-12 02:38:51 +0000

[diff] [blame]

35

from io import StringIO

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

36

import sys

37

import os

Jeremy Hylton

1afc169

2008-06-18 20:49:58 +0000

[diff] [blame]

38

import urllib.parse

Barry Warsaw

2008-06-12 02:38:51 +0000

[diff] [blame]

39

import email.parser

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

40

Georg Brandl

49d1b4f

2008-05-11 21:42:51 +0000

[diff] [blame]

41

__all__ = ["MiniFieldStorage", "FieldStorage",

Guido van Rossum

a8423a9

2001-03-19 13:40:44 +0000

[diff] [blame]

42

"parse", "parse_qs", "parse_qsl", "parse_multipart",

43

"parse_header", "print_exception", "print_environ",

44

"print_form", "print_directory", "print_arguments",

45

"print_environ_usage", "escape"]

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

# Logging support

# ===============

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

50

logfile = "" # Filename to log to, if not empty

51

logfp = None # File object to log to, if not None

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

52

53

def initlog(*allargs):

54

"""Write a log message, if there is a log file.

55

56

Even though this function is called initlog(), you should always

57

use log(); log is a variable that is set either to initlog

58

(initially), to dolog (once the log file has been opened), or to

59

nolog (when logging is disabled).

60

61

The first argument is a format string; the remaining arguments (if

62

any) are arguments to the % operator, so e.g.

63

log("%s: %s", "a", "b")

64

will write "a: b" to the log file, followed by a newline.

65

66

If the global logfp is not None, it should be a file object to

67

which log data is written.

68

69

If the global logfp is None, the global logfile may be a string

70

giving a filename to open, in append mode. This file should be

71

world writable!!! If the file can't be opened, logging is

72

silently disabled (since there is no safe place where we could

73

send an error message).

"""

global logfp, log

if logfile and not logfp:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

78

try:

79

logfp = open(logfile, "a")

80

except IOError:

81

pass

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

82

if not logfp:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

83

log = nolog

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

84

else:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

85

log = dolog

Guido van Rossum

68468eb

2003-02-27 20:14:51 +0000

[diff] [blame]

86

log(*allargs)

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

87

88

def dolog(fmt, *args):

89

"""Write a log message to the log file. See initlog() for docs."""

90

logfp.write(fmt%args + "\n")

91

92

def nolog(*allargs):

93

"""Dummy function, assigned to log when logging is disabled."""

94

pass

95

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

96

log = initlog # The current logging function

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

97

98

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

# Parsing functions

# =================

Guido van Rossum

1997-05-13 19:03:23 +0000

[diff] [blame]

102

# Maximum input we will accept when REQUEST_METHOD is POST

103

# 0 ==> unlimited input

104

maxlen = 0

105

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

106

def parse(fp=None, environ=os.environ, keep_blank_values=0, strict_parsing=0):

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

107

"""Parse a query in the environment or from a file (default stdin)

108

109

Arguments, all optional:

110

111

fp : file pointer; default: sys.stdin

112

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

113

environ : environment dictionary; default: os.environ

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

114

115

keep_blank_values: flag indicating whether blank values in

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

116

URL encoded forms should be treated as blank strings.

117

A true value indicates that blanks should be retained as

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

118

blank strings. The default false value indicates that

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

119

blank values are to be ignored and treated as if they were

120

not included.

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

121

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

122

strict_parsing: flag indicating what to do with parsing errors.

123

If false (the default), errors are silently ignored.

124

If true, errors raise a ValueError exception.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

125

"""

Raymond Hettinger

a144900

2002-05-31 23:54:44 +0000

[diff] [blame]

126

if fp is None:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

127

fp = sys.stdin

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

128

if not 'REQUEST_METHOD' in environ:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

129

environ['REQUEST_METHOD'] = 'GET' # For testing stand-alone

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

130

if environ['REQUEST_METHOD'] == 'POST':

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

131

ctype, pdict = parse_header(environ['CONTENT_TYPE'])

132

if ctype == 'multipart/form-data':

133

return parse_multipart(fp, pdict)

134

elif ctype == 'application/x-www-form-urlencoded':

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

135

clength = int(environ['CONTENT_LENGTH'])

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

136

if maxlen and clength > maxlen:

Collin Winter

2007-08-30 01:19:48 +0000

[diff] [blame]

137

raise ValueError('Maximum content length exceeded')

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

138

qs = fp.read(clength)

139

else:

140

qs = '' # Unknown content-type

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

141

if 'QUERY_STRING' in environ:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

142

if qs: qs = qs + '&'

143

qs = qs + environ['QUERY_STRING']

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

144

elif sys.argv[1:]:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

145

if qs: qs = qs + '&'

146

qs = qs + sys.argv[1]

147

environ['QUERY_STRING'] = qs # XXX Shouldn't, really

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

148

elif 'QUERY_STRING' in environ:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

149

qs = environ['QUERY_STRING']

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

150

else:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

if sys.argv[1:]:

qs = sys.argv[1]

else:

qs = ""

environ['QUERY_STRING'] = qs # XXX Shouldn't, really

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

156

return parse_qs(qs, keep_blank_values, strict_parsing)

Guido van Rossum

e780877

1995-08-07 20:12:09 +0000

[diff] [blame]

157

158

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

159

def parse_qs(qs, keep_blank_values=0, strict_parsing=0):

160

"""Parse a query given as a string argument.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

Arguments:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

164

qs: URL-encoded query string to be parsed

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

165

166

keep_blank_values: flag indicating whether blank values in

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

167

URL encoded queries should be treated as blank strings.

168

A true value indicates that blanks should be retained as

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

169

blank strings. The default false value indicates that

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

170

blank values are to be ignored and treated as if they were

171

not included.

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

172

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

173

strict_parsing: flag indicating what to do with parsing errors.

174

If false (the default), errors are silently ignored.

175

If true, errors raise a ValueError exception.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

176

"""

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

177

dict = {}

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

178

for name, value in parse_qsl(qs, keep_blank_values, strict_parsing):

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

179

if name in dict:

Moshe Zadka

2000-08-25 21:47:56 +0000

[diff] [blame]

180

dict[name].append(value)

181

else:

182

dict[name] = [value]

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

183

return dict

184

185

def parse_qsl(qs, keep_blank_values=0, strict_parsing=0):

186

"""Parse a query given as a string argument.

187

Jeremy Hylton

2000-09-15 20:06:57 +0000

[diff] [blame]

188

Arguments:

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

189

Jeremy Hylton

2000-09-15 20:06:57 +0000

[diff] [blame]

190

qs: URL-encoded query string to be parsed

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

191

Jeremy Hylton

2000-09-15 20:06:57 +0000

[diff] [blame]

192

keep_blank_values: flag indicating whether blank values in

193

URL encoded queries should be treated as blank strings. A

194

true value indicates that blanks should be retained as blank

195

strings. The default false value indicates that blank values

196

are to be ignored and treated as if they were not included.

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

197

Jeremy Hylton

2000-09-15 20:06:57 +0000

[diff] [blame]

198

strict_parsing: flag indicating what to do with parsing errors. If

199

false (the default), errors are silently ignored. If true,

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

200

errors raise a ValueError exception.

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

201

Jeremy Hylton

2000-09-15 20:06:57 +0000

[diff] [blame]

202

Returns a list, as G-d intended.

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

203

"""

Jeremy Hylton

2000-09-15 20:06:57 +0000

[diff] [blame]

204

pairs = [s2 for s1 in qs.split('&') for s2 in s1.split(';')]

205

r = []

206

for name_value in pairs:

Neil Schemenauer

66edb62

2004-07-19 15:38:11 +0000

[diff] [blame]

207

if not name_value and not strict_parsing:

208

continue

Jeremy Hylton

2000-09-15 20:06:57 +0000

[diff] [blame]

209

nv = name_value.split('=', 1)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

210

if len(nv) != 2:

211

if strict_parsing:

Collin Winter

2007-08-30 01:19:48 +0000

[diff] [blame]

212

raise ValueError("bad query field: %r" % (name_value,))

Brett Cannon

8d9b60f

2004-03-21 22:16:15 +0000

[diff] [blame]

213

# Handle case of a control-name with no equal sign

214

if keep_blank_values:

215

nv.append('')

216

else:

217

continue

Moshe Zadka

2000-08-25 21:47:56 +0000

[diff] [blame]

218

if len(nv[1]) or keep_blank_values:

Jeremy Hylton

1afc169

2008-06-18 20:49:58 +0000

[diff] [blame]

219

name = urllib.parse.unquote(nv[0].replace('+', ' '))

220

value = urllib.parse.unquote(nv[1].replace('+', ' '))

Moshe Zadka

2000-08-25 21:47:56 +0000

[diff] [blame]

221

r.append((name, value))

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

222

223

return r

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

224

225

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

226

def parse_multipart(fp, pdict):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

227

"""Parse multipart input.

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

228

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

229

Arguments:

230

fp : input file

Johannes Gijsbers

c7fc10a

2005-01-08 13:56:36 +0000

[diff] [blame]

231

pdict: dictionary containing other parameters of content-type header

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

232

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

233

Returns a dictionary just like parse_qs(): keys are the field names, each

234

value is a list of values for that field. This is easy to use but not

235

much good if you are expecting megabytes to be uploaded -- in that case,

236

use the FieldStorage class instead which is much more flexible. Note

237

that content-type is the raw, unparsed contents of the content-type

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

238

header.

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

239

240

XXX This does not parse nested multipart parts -- use FieldStorage for

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

241

that.

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

242

243

XXX This should really be subsumed by FieldStorage altogether -- no

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

244

point in having two implementations of the same parsing algorithm.

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

245

Also, FieldStorage protects itself better against certain DoS attacks

246

by limiting the size of the data read in one chunk. The API here

247

does not support that kind of protection. This also affects parse()

248

since it can call parse_multipart().

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

249

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

250

"""

Barry Warsaw

820c120

2008-06-12 04:06:45 +0000

[diff] [blame]

251

import http.client

252

Guido van Rossum

2001-07-25 21:00:19 +0000

[diff] [blame]

253

boundary = ""

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

254

if 'boundary' in pdict:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

255

boundary = pdict['boundary']

Guido van Rossum

2001-07-25 21:00:19 +0000

[diff] [blame]

256

if not valid_boundary(boundary):

Collin Winter

2007-08-30 01:19:48 +0000

[diff] [blame]

257

raise ValueError('Invalid boundary in multipart form: %r'

Walter Dörwald

70a6b49

2004-02-12 17:35:32 +0000

[diff] [blame]

258

% (boundary,))

Tim Peters

ab9ba27

2001-08-09 21:40:30 +0000

[diff] [blame]

259

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

260

nextpart = "--" + boundary

261

lastpart = "--" + boundary + "--"

partdict = {}

terminator = ""

while terminator != lastpart:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

bytes = -1

data = None

if terminator:

# At start of next part. Read headers first.

Barry Warsaw

820c120

2008-06-12 04:06:45 +0000

[diff] [blame]

270

headers = http.client.parse_headers(fp)

271

clength = headers.get('content-length')

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

272

if clength:

273

try:

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

274

bytes = int(clength)

275

except ValueError:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

276

pass

277

if bytes > 0:

278

if maxlen and bytes > maxlen:

Collin Winter

2007-08-30 01:19:48 +0000

[diff] [blame]

279

raise ValueError('Maximum content length exceeded')

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

280

data = fp.read(bytes)

281

else:

282

data = ""

283

# Read lines until end of part.

lines = []

while 1:

line = fp.readline()

if not line:

terminator = lastpart # End outer loop

289

break

290

if line[:2] == "--":

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

291

terminator = line.strip()

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

292

if terminator in (nextpart, lastpart):

break

lines.append(line)

# Done with part.

if data is None:

continue

if bytes < 0:

if lines:

# Strip final line terminator

301

line = lines[-1]

302

if line[-2:] == "\r\n":

303

line = line[:-2]

304

elif line[-1:] == "\n":

305

line = line[:-1]

306

lines[-1] = line

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

307

data = "".join(lines)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

308

line = headers['content-disposition']

309

if not line:

310

continue

311

key, params = parse_header(line)

312

if key != 'form-data':

313

continue

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

314

if 'name' in params:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

315

name = params['name']

316

else:

317

continue

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

318

if name in partdict:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

319

partdict[name].append(data)

320

else:

321

partdict[name] = [data]

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

322

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

323

return partdict

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

324

325

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

326

def parse_header(line):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

327

"""Parse a Content-type like header.

328

329

Return the main content-type and a dictionary of options.

330

331

"""

Raymond Hettinger

f871d83

2004-12-31 21:59:02 +0000

[diff] [blame]

332

plist = [x.strip() for x in line.split(';')]

Raymond Hettinger

46ac8eb

2002-06-30 03:39:14 +0000

[diff] [blame]

333

key = plist.pop(0).lower()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

334

pdict = {}

335

for p in plist:

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

336

i = p.find('=')

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

337

if i >= 0:

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

338

name = p[:i].strip().lower()

339

value = p[i+1:].strip()

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

340

if len(value) >= 2 and value[0] == value[-1] == '"':

341

value = value[1:-1]

Johannes Gijsbers

9e15dd6

2004-08-14 15:39:34 +0000

[diff] [blame]

342

value = value.replace('\\\\', '\\').replace('\\"', '"')

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

343

pdict[name] = value

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

344

return key, pdict

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

345

346

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

347

# Classes for field storage

348

# =========================

349

350

class MiniFieldStorage:

351

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

352

"""Like FieldStorage, for use when no file uploads are possible."""

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

353

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

# Dummy attributes

filename = None

list = None

type = None

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

358

file = None

Guido van Rossum

4032c2c

1996-03-09 04:04:35 +0000

[diff] [blame]

359

type_options = {}

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

360

disposition = None

361

disposition_options = {}

362

headers = {}

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

363

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

364

def __init__(self, name, value):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

365

"""Constructor from field name and value."""

366

self.name = name

367

self.value = value

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

368

# self.file = StringIO(value)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

369

370

def __repr__(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

371

"""Return printable representation."""

Walter Dörwald

70a6b49

2004-02-12 17:35:32 +0000

[diff] [blame]

372

return "MiniFieldStorage(%r, %r)" % (self.name, self.value)

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

class FieldStorage:

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

377

"""Store a sequence of fields, reading multipart/form-data.

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

378

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

379

This class provides naming, typing, files stored on disk, and

380

more. At the top level, it is accessible like a dictionary, whose

381

keys are the field names. (Note: None can occur as a field name.)

382

The items are either a Python list (if there's multiple values) or

383

another FieldStorage or MiniFieldStorage object. If it's a single

384

object, it has the following attributes:

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

385

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

386

name: the field name, if specified; otherwise None

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

387

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

388

filename: the filename, if specified; otherwise None; this is the

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

389

client side filename, *not* the file name on which it is

390

stored (that's a temporary file you don't deal with)

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

391

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

392

value: the value as a *string*; for file uploads, this

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

393

transparently reads the file every time you request the value

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

394

395

file: the file(-like) object from which you can read the data;

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

396

None if the data is stored a simple string

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

397

398

type: the content-type, or None if not specified

399

400

type_options: dictionary of options specified on the content-type

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

401

line

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

402

403

disposition: content-disposition, or None if not specified

404

405

disposition_options: dictionary of corresponding options

406

Barry Warsaw

2008-06-12 02:38:51 +0000

[diff] [blame]

407

headers: a dictionary(-like) object (sometimes email.message.Message or a

Armin Rigo

3a703b6

2005-09-19 09:11:04 +0000

[diff] [blame]

408

subclass thereof) containing *all* headers

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

409

410

The class is subclassable, mostly for the purpose of overriding

411

the make_file() method, which is called internally to come up with

412

a file open for reading and writing. This makes it possible to

413

override the default choice of storing all files in a temporary

414

directory and unlinking them as soon as they have been opened.

"""

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

418

def __init__(self, fp=None, headers=None, outerboundary="",

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

419

environ=os.environ, keep_blank_values=0, strict_parsing=0):

420

"""Constructor. Read multipart/* until last part.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

421

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

422

Arguments, all optional:

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

423

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

424

fp : file pointer; default: sys.stdin

Guido van Rossum

b1b4f94

1998-05-08 19:55:51 +0000

[diff] [blame]

425

(not used when the request method is GET)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

426

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

427

headers : header dictionary-like object; default:

428

taken from environ as per CGI spec

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

429

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

430

outerboundary : terminating multipart boundary

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

431

(for internal use only)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

432

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

433

environ : environment dictionary; default: os.environ

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

434

435

keep_blank_values: flag indicating whether blank values in

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

436

URL encoded forms should be treated as blank strings.

437

A true value indicates that blanks should be retained as

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

438

blank strings. The default false value indicates that

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

439

blank values are to be ignored and treated as if they were

440

not included.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

441

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

442

strict_parsing: flag indicating what to do with parsing errors.

443

If false (the default), errors are silently ignored.

444

If true, errors raise a ValueError exception.

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

445

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

446

"""

447

method = 'GET'

448

self.keep_blank_values = keep_blank_values

449

self.strict_parsing = strict_parsing

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

450

if 'REQUEST_METHOD' in environ:

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

451

method = environ['REQUEST_METHOD'].upper()

Benjamin Peterson

2008-07-02 17:30:14 +0000

[diff] [blame]

452

self.qs_on_post = None

Guido van Rossum

0185283

1998-06-25 02:40:17 +0000

[diff] [blame]

453

if method == 'GET' or method == 'HEAD':

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

454

if 'QUERY_STRING' in environ:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

455

qs = environ['QUERY_STRING']

elif sys.argv[1:]:

qs = sys.argv[1]

else:

qs = ""

fp = StringIO(qs)

if headers is None:

headers = {'content-type':

463

"application/x-www-form-urlencoded"}

464

if headers is None:

Guido van Rossum

cff311a

1998-06-11 14:06:59 +0000

[diff] [blame]

465

headers = {}

466

if method == 'POST':

467

# Set default content-type for POST to what's traditional

468

headers['content-type'] = "application/x-www-form-urlencoded"

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

469

if 'CONTENT_TYPE' in environ:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

470

headers['content-type'] = environ['CONTENT_TYPE']

Benjamin Peterson

2008-07-02 17:30:14 +0000

[diff] [blame]

471

if 'QUERY_STRING' in environ:

472

self.qs_on_post = environ['QUERY_STRING']

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

473

if 'CONTENT_LENGTH' in environ:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

474

headers['content-length'] = environ['CONTENT_LENGTH']

475

self.fp = fp or sys.stdin

476

self.headers = headers

477

self.outerboundary = outerboundary

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

478

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

479

# Process content-disposition header

480

cdisp, pdict = "", {}

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

481

if 'content-disposition' in self.headers:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

482

cdisp, pdict = parse_header(self.headers['content-disposition'])

483

self.disposition = cdisp

484

self.disposition_options = pdict

485

self.name = None

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

486

if 'name' in pdict:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

487

self.name = pdict['name']

488

self.filename = None

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

489

if 'filename' in pdict:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

490

self.filename = pdict['filename']

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

491

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

492

# Process content-type header

Barry Warsaw

302331a

1999-01-08 17:42:03 +0000

[diff] [blame]

493

#

494

# Honor any existing content-type header. But if there is no

495

# content-type header, use some sensible defaults. Assume

496

# outerboundary is "" at the outer level, but something non-false

497

# inside a multi-part. The default for an inner part is text/plain,

498

# but for an outer part it should be urlencoded. This should catch

499

# bogus clients which erroneously forget to include a content-type

500

# header.

501

#

502

# See below for what we do if there does exist a content-type header,

503

# but it happens to be something we don't understand.

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

504

if 'content-type' in self.headers:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

505

ctype, pdict = parse_header(self.headers['content-type'])

Guido van Rossum

ce900de

1999-06-02 18:44:22 +0000

[diff] [blame]

506

elif self.outerboundary or method != 'POST':

Barry Warsaw

302331a

1999-01-08 17:42:03 +0000

[diff] [blame]

507

ctype, pdict = "text/plain", {}

508

else:

509

ctype, pdict = 'application/x-www-form-urlencoded', {}

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

510

self.type = ctype

511

self.type_options = pdict

512

self.innerboundary = ""

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

513

if 'boundary' in pdict:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

514

self.innerboundary = pdict['boundary']

515

clen = -1

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

516

if 'content-length' in self.headers:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

517

try:

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

518

clen = int(self.headers['content-length'])

Skip Montanaro

db5d144

2002-03-23 05:50:17 +0000

[diff] [blame]

519

except ValueError:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

520

pass

521

if maxlen and clen > maxlen:

Collin Winter

2007-08-30 01:19:48 +0000

[diff] [blame]

522

raise ValueError('Maximum content length exceeded')

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

523

self.length = clen

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

524

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

525

self.list = self.file = None

526

self.done = 0

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

527

if ctype == 'application/x-www-form-urlencoded':

528

self.read_urlencoded()

529

elif ctype[:10] == 'multipart/':

Guido van Rossum

f574500

1998-10-20 14:43:02 +0000

[diff] [blame]

530

self.read_multi(environ, keep_blank_values, strict_parsing)

Barry Warsaw

302331a

1999-01-08 17:42:03 +0000

[diff] [blame]

531

else:

Guido van Rossum

60a3bd8

1999-06-11 18:26:09 +0000

[diff] [blame]

532

self.read_single()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

533

534

def __repr__(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

535

"""Return a printable representation."""

Walter Dörwald

70a6b49

2004-02-12 17:35:32 +0000

[diff] [blame]

536

return "FieldStorage(%r, %r, %r)" % (

537

self.name, self.filename, self.value)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

538

Guido van Rossum

4061cbe

2002-09-11 18:20:34 +0000

[diff] [blame]

539

def __iter__(self):

540

return iter(self.keys())

541

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

542

def __getattr__(self, name):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

543

if name != 'value':

Collin Winter

2007-08-30 01:19:48 +0000

[diff] [blame]

544

raise AttributeError(name)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

545

if self.file:

546

self.file.seek(0)

547

value = self.file.read()

548

self.file.seek(0)

549

elif self.list is not None:

value = self.list

else:

value = None

return value

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

554

555

def __getitem__(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

556

"""Dictionary style indexing."""

557

if self.list is None:

Collin Winter

2007-08-30 01:19:48 +0000

[diff] [blame]

558

raise TypeError("not indexable")

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

559

found = []

560

for item in self.list:

561

if item.name == key: found.append(item)

562

if not found:

Collin Winter

2007-08-30 01:19:48 +0000

[diff] [blame]

563

raise KeyError(key)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

if len(found) == 1:

return found[0]

else:

return found

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

568

Moshe Zadka

2000-08-25 21:47:56 +0000

[diff] [blame]

569

def getvalue(self, key, default=None):

570

"""Dictionary style get() method, including 'value' lookup."""

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

571

if key in self:

Moshe Zadka

2000-08-25 21:47:56 +0000

[diff] [blame]

572

value = self[key]

573

if type(value) is type([]):

Guido van Rossum

c1f779c

2007-07-03 08:25:58 +0000

[diff] [blame]

574

return [x.value for x in value]

Moshe Zadka

2000-08-25 21:47:56 +0000

[diff] [blame]

else:

return value.value

else:

return default

Guido van Rossum

2001-09-05 19:45:34 +0000

[diff] [blame]

580

def getfirst(self, key, default=None):

581

""" Return the first value received."""

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

582

if key in self:

Guido van Rossum

1bfb388

2001-09-05 19:45:34 +0000

[diff] [blame]

583

value = self[key]

584

if type(value) is type([]):

585

return value[0].value

else:

return value.value

else:

return default

def getlist(self, key):

592

""" Return list of received values."""

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

593

if key in self:

Guido van Rossum

1bfb388

2001-09-05 19:45:34 +0000

[diff] [blame]

594

value = self[key]

595

if type(value) is type([]):

Guido van Rossum

c1f779c

2007-07-03 08:25:58 +0000

[diff] [blame]

596

return [x.value for x in value]

Guido van Rossum

1bfb388

2001-09-05 19:45:34 +0000

[diff] [blame]

else:

return [value.value]

else:

return []

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

602

def keys(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

603

"""Dictionary style keys() method."""

604

if self.list is None:

Collin Winter

2007-08-30 01:19:48 +0000

[diff] [blame]

605

raise TypeError("not indexable")

Thomas Wouters

8ce81f7

2007-09-20 18:22:40 +0000

[diff] [blame]

606

return list(set(item.name for item in self.list))

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

607

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

608

def __contains__(self, key):

609

"""Dictionary style __contains__ method."""

610

if self.list is None:

Collin Winter

2007-08-30 01:19:48 +0000

[diff] [blame]

611

raise TypeError("not indexable")

Thomas Wouters

8ce81f7

2007-09-20 18:22:40 +0000

[diff] [blame]

612

return any(item.name == key for item in self.list)

Raymond Hettinger

2002-06-01 14:18:47 +0000

[diff] [blame]

613

Guido van Rossum

88b85d4

1997-01-11 19:21:33 +0000

[diff] [blame]

614

def __len__(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

615

"""Dictionary style len(x) support."""

616

return len(self.keys())

Guido van Rossum

88b85d4

1997-01-11 19:21:33 +0000

[diff] [blame]

617

Thomas Wouters

8ce81f7

2007-09-20 18:22:40 +0000

[diff] [blame]

618

def __nonzero__(self):

619

return bool(self.list)

620

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

621

def read_urlencoded(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

622

"""Internal: read data in query string format."""

623

qs = self.fp.read(self.length)

Benjamin Peterson

2008-07-02 17:30:14 +0000

[diff] [blame]

624

if self.qs_on_post:

625

qs += '&' + self.qs_on_post

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

626

self.list = list = []

627

for key, value in parse_qsl(qs, self.keep_blank_values,

628

self.strict_parsing):

629

list.append(MiniFieldStorage(key, value))

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

630

self.skip_lines()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

631

Guido van Rossum

030d2ec

1998-12-09 22:16:46 +0000

[diff] [blame]

632

FieldStorageClass = None

633

Guido van Rossum

f574500

1998-10-20 14:43:02 +0000

[diff] [blame]

634

def read_multi(self, environ, keep_blank_values, strict_parsing):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

635

"""Internal: read a part that is itself multipart."""

Guido van Rossum

2001-07-25 21:00:19 +0000

[diff] [blame]

636

ib = self.innerboundary

637

if not valid_boundary(ib):

Collin Winter

2007-08-30 01:19:48 +0000

[diff] [blame]

638

raise ValueError('Invalid boundary in multipart form: %r' % (ib,))

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

639

self.list = []

Benjamin Peterson

2008-07-02 17:30:14 +0000

[diff] [blame]

640

if self.qs_on_post:

641

for key, value in parse_qsl(self.qs_on_post, self.keep_blank_values,

642

self.strict_parsing):

643

self.list.append(MiniFieldStorage(key, value))

644

FieldStorageClass = None

645

Guido van Rossum

030d2ec

1998-12-09 22:16:46 +0000

[diff] [blame]

646

klass = self.FieldStorageClass or self.__class__

Barry Warsaw

2008-06-12 02:38:51 +0000

[diff] [blame]

647

parser = email.parser.FeedParser()

648

# Create bogus content-type header for proper multipart parsing

649

parser.feed('Content-Type: %s; boundary=%s\r\n\r\n' % (self.type, ib))

650

parser.feed(self.fp.read())

651

full_msg = parser.close()

652

# Get subparts

653

msgs = full_msg.get_payload()

654

for msg in msgs:

655

fp = StringIO(msg.get_payload())

656

part = klass(fp, msg, ib, environ, keep_blank_values,

657

strict_parsing)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

658

self.list.append(part)

659

self.skip_lines()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

660

661

def read_single(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

662

"""Internal: read an atomic part."""

if self.length >= 0:

self.read_binary()

self.skip_lines()

else:

self.read_lines()

self.file.seek(0)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

669

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

670

bufsize = 8*1024 # I/O buffering size for copy to file

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

671

672

def read_binary(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

673

"""Internal: read binary data."""

Guido van Rossum

2007-08-28 03:11:34 +0000

[diff] [blame]

674

self.file = self.make_file()

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

todo = self.length

if todo >= 0:

while todo > 0:

data = self.fp.read(min(todo, self.bufsize))

if not data:

self.done = -1

break

self.file.write(data)

683

todo = todo - len(data)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

684

685

def read_lines(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

686

"""Internal: read lines until EOF or outerboundary."""

Guido van Rossum

2001-06-29 13:06:06 +0000

[diff] [blame]

687

self.file = self.__file = StringIO()

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

688

if self.outerboundary:

689

self.read_lines_to_outerboundary()

690

else:

691

self.read_lines_to_eof()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

692

Guido van Rossum

2001-06-29 13:06:06 +0000

[diff] [blame]

693

def __write(self, line):

694

if self.__file is not None:

695

if self.__file.tell() + len(line) > 1000:

Guido van Rossum

2007-08-28 03:11:34 +0000

[diff] [blame]

696

self.file = self.make_file()

697

data = self.__file.getvalue()

698

self.file.write(data)

Guido van Rossum

2001-06-29 13:06:06 +0000

[diff] [blame]

699

self.__file = None

700

self.file.write(line)

701

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

702

def read_lines_to_eof(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

703

"""Internal: read lines until EOF."""

704

while 1:

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

705

line = self.fp.readline(1<<16)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

706

if not line:

707

self.done = -1

708

break

Guido van Rossum

2001-06-29 13:06:06 +0000

[diff] [blame]

709

self.__write(line)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

710

711

def read_lines_to_outerboundary(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

712

"""Internal: read lines until outerboundary."""

713

next = "--" + self.outerboundary

714

last = next + "--"

715

delim = ""

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

716

last_line_lfend = True

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

717

while 1:

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

718

line = self.fp.readline(1<<16)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

719

if not line:

720

self.done = -1

721

break

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

722

if line[:2] == "--" and last_line_lfend:

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

723

strippedline = line.strip()

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

724

if strippedline == next:

725

break

726

if strippedline == last:

self.done = 1

break

odelim = delim

if line[-2:] == "\r\n":

731

delim = "\r\n"

732

line = line[:-2]

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

733

last_line_lfend = True

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

734

elif line[-1] == "\n":

735

delim = "\n"

736

line = line[:-1]

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

737

last_line_lfend = True

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

738

else:

739

delim = ""

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

740

last_line_lfend = False

Guido van Rossum

2001-06-29 13:06:06 +0000

[diff] [blame]

741

self.__write(odelim + line)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

742

743

def skip_lines(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

744

"""Internal: skip lines until outer boundary if defined."""

745

if not self.outerboundary or self.done:

746

return

747

next = "--" + self.outerboundary

748

last = next + "--"

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

749

last_line_lfend = True

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

750

while 1:

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

751

line = self.fp.readline(1<<16)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

752

if not line:

753

self.done = -1

754

break

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

755

if line[:2] == "--" and last_line_lfend:

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

756

strippedline = line.strip()

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

757

if strippedline == next:

758

break

759

if strippedline == last:

760

self.done = 1

761

break

Thomas Wouters

2006-08-21 19:07:27 +0000

[diff] [blame]

762

last_line_lfend = line.endswith('\n')

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

763

Guido van Rossum

2007-08-28 03:11:34 +0000

[diff] [blame]

764

def make_file(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

765

"""Overridable: return a readable & writable file.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

766

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

767

The file will be used as follows:

768

- data is written to it

769

- seek(0)

770

- data is read from it

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

771

Guido van Rossum

2007-08-28 03:11:34 +0000

[diff] [blame]

772

The file is always opened in text mode.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

773

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

774

This version opens a temporary file for reading and writing,

775

and immediately deletes (unlinks) it. The trick (on Unix!) is

776

that the file can still be used, but it can't be opened by

777

another process, and it will automatically be deleted when it

778

is closed or when the current process terminates.

Guido van Rossum

4032c2c

1996-03-09 04:04:35 +0000

[diff] [blame]

779

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

780

If you want a more permanent file, you derive a class which

781

overrides this method. If you want a visible temporary file

782

that is nevertheless automatically deleted when the script

783

terminates, try defining a __del__ method in a derived class

784

which unlinks the temporary files you have created.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

785

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

786

"""

787

import tempfile

Guido van Rossum

92bab81

2007-08-28 03:32:38 +0000

[diff] [blame]

788

return tempfile.TemporaryFile("w+", encoding="utf-8", newline="\n")

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

789

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

790

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

791

# Test/debug code

792

# ===============

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

793

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

794

def test(environ=os.environ):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

795

"""Robust test CGI script, usable as main program.

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

796

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

797

Write minimal HTTP headers and dump all information provided to

798

the script in HTML form.

799

800

"""

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

801

print("Content-type: text/html")

802

print()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

803

sys.stderr = sys.stdout

804

try:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

805

form = FieldStorage() # Replace with other classes to test those

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

806

print_directory()

807

print_arguments()

Guido van Rossum

a3c6a8a

2000-09-19 04:11:46 +0000

[diff] [blame]

808

print_form(form)

809

print_environ(environ)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

810

print_environ_usage()

811

def f():

Georg Brandl

7cae87c

2006-09-06 06:51:57 +0000

[diff] [blame]

812

exec("testing print_exception() -- <I>italics?</I>")

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

813

def g(f=f):

814

f()

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

815

print("<H3>What follows is a test, not an actual exception:</H3>")

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

816

g()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

817

except:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

818

print_exception()

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

819

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

820

print("<H1>Second try with a small maxlen...</H1>")

Guido van Rossum

57d51f2

2000-09-16 21:16:01 +0000

[diff] [blame]

821

Guido van Rossum

ad16471

1997-05-13 19:03:23 +0000

[diff] [blame]

822

global maxlen

823

maxlen = 50

824

try:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

825

form = FieldStorage() # Replace with other classes to test those

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

826

print_directory()

827

print_arguments()

Guido van Rossum

a3c6a8a

2000-09-19 04:11:46 +0000

[diff] [blame]

828

print_form(form)

829

print_environ(environ)

Guido van Rossum

ad16471

1997-05-13 19:03:23 +0000

[diff] [blame]

830

except:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

831

print_exception()

Guido van Rossum

ad16471

1997-05-13 19:03:23 +0000

[diff] [blame]

832

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

833

def print_exception(type=None, value=None, tb=None, limit=None):

834

if type is None:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

835

type, value, tb = sys.exc_info()

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

836

import traceback

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

837

print()

838

print("<H3>Traceback (most recent call last):</H3>")

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

839

list = traceback.format_tb(tb, limit) + \

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

840

traceback.format_exception_only(type, value)

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

841

print("<PRE>%s<B>%s</B></PRE>" % (

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

842

escape("".join(list[:-1])),

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

843

escape(list[-1]),

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

844

))

Guido van Rossum

f15d159

1997-09-29 23:22:12 +0000

[diff] [blame]

845

del tb

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

846

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

847

def print_environ(environ=os.environ):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

848

"""Dump the shell environment as HTML."""

Guido van Rossum

2007-08-28 03:11:34 +0000

[diff] [blame]

849

keys = sorted(environ.keys())

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

850

print()

851

print("<H3>Shell Environment:</H3>")

852

print("<DL>")

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

853

for key in keys:

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

854

print("<DT>", escape(key), "<DD>", escape(environ[key]))

855

print("</DL>")

856

print()

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

857

858

def print_form(form):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

859

"""Dump the contents of a form as HTML."""

Guido van Rossum

2007-08-28 03:11:34 +0000

[diff] [blame]

860

keys = sorted(form.keys())

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

861

print()

862

print("<H3>Form Contents:</H3>")

Guido van Rossum

57d51f2

2000-09-16 21:16:01 +0000

[diff] [blame]

863

if not keys:

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

864

print("<P>No form fields.")

865

print("<DL>")

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

866

for key in keys:

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

867

print("<DT>" + escape(key) + ":", end=' ')

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

868

value = form[key]

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

869

print("<i>" + escape(repr(type(value))) + "</i>")

870

print("<DD>" + escape(repr(value)))

871

print("</DL>")

872

print()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

873

874

def print_directory():

875

"""Dump the current directory as HTML."""

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

876

print()

877

print("<H3>Current Working Directory:</H3>")

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

878

try:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

879

pwd = os.getcwd()

Guido van Rossum

b940e11

2007-01-10 16:19:56 +0000

[diff] [blame]

880

except os.error as msg:

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

881

print("os.error:", escape(str(msg)))

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

882

else:

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

883

print(escape(pwd))

884

print()

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

885

Guido van Rossum

a8738a5

1996-03-14 21:30:28 +0000

[diff] [blame]

886

def print_arguments():

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

887

print()

888

print("<H3>Command Line Arguments:</H3>")

889

print()

890

print(sys.argv)

891

print()

Guido van Rossum

a8738a5

1996-03-14 21:30:28 +0000

[diff] [blame]

892

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

893

def print_environ_usage():

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

894

"""Dump a list of environment variables used by CGI as HTML."""

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

895

print("""

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

896

<H3>These environment variables could have been set:</H3>

897

<UL>

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

<LI>AUTH_TYPE

<LI>CONTENT_LENGTH

<LI>CONTENT_TYPE

<LI>DATE_GMT

<LI>DATE_LOCAL

<LI>DOCUMENT_NAME

<LI>DOCUMENT_ROOT

<LI>DOCUMENT_URI

<LI>GATEWAY_INTERFACE

<LI>LAST_MODIFIED

<LI>PATH

<LI>PATH_INFO

<LI>PATH_TRANSLATED

<LI>QUERY_STRING

<LI>REMOTE_ADDR

<LI>REMOTE_HOST

<LI>REMOTE_IDENT

<LI>REMOTE_USER

<LI>REQUEST_METHOD

<LI>SCRIPT_NAME

<LI>SERVER_NAME

<LI>SERVER_PORT

<LI>SERVER_PROTOCOL

<LI>SERVER_ROOT

<LI>SERVER_SOFTWARE

</UL>

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

924

In addition, HTTP headers sent by the server may be passed in the

925

environment as well. Here are some common variable names:

<UL>

<LI>HTTP_ACCEPT

<LI>HTTP_CONNECTION

<LI>HTTP_HOST

<LI>HTTP_PRAGMA

<LI>HTTP_REFERER

<LI>HTTP_USER_AGENT

</UL>

Guido van Rossum

2007-02-09 05:37:30 +0000

[diff] [blame]

934

""")

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

935

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

936

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

937

# Utilities

938

# =========

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

939

Guido van Rossum

64c6620

1997-07-19 20:11:53 +0000

[diff] [blame]

940

def escape(s, quote=None):

Skip Montanaro

97b2fa2

2005-08-02 02:50:25 +0000

[diff] [blame]

941

'''Replace special characters "&", "<" and ">" to HTML-safe sequences.

942

If the optional flag quote is true, the quotation mark character (")

943

is also translated.'''

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

944

s = s.replace("&", "&") # Must be done first!

945

s = s.replace("<", "<")

946

s = s.replace(">", ">")

Guido van Rossum

64c6620

1997-07-19 20:11:53 +0000

[diff] [blame]

947

if quote:

Eric S. Raymond

2001-02-09 09:59:10 +0000

[diff] [blame]

948

s = s.replace('"', """)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

949

return s

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

950

Guido van Rossum

2001-07-25 21:00:19 +0000

[diff] [blame]

951

def valid_boundary(s, _vb_pattern="^[ -~]{0,200}[!-~]$"):

952

import re

953

return re.match(_vb_pattern, s)

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

954

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

# Invoke mainline

# ===============

# Call test() when this file is run as a script (not imported as a module)

Tim Peters

2001-01-14 23:36:06 +0000

[diff] [blame]

959

if __name__ == '__main__':

Guido van Rossum