Blame - Lib/cgi.py - platform/external/python/cpython3

1996-03-06 07:20:06 +0000

[diff] [blame]

3

"""Support module for CGI (Common Gateway Interface) scripts.

Guido van Rossum

1c9daa8

1995-09-18 21:52:37 +0000

[diff] [blame]

4

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

5

This module defines a number of utilities for use by CGI scripts

6

written in Python.

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

7

8

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

Introduction

------------

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

12

A CGI script is invoked by an HTTP server, usually to process user

13

input submitted through an HTML <FORM> or <ISINPUT> element.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

14

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

15

Most often, CGI scripts live in the server's special cgi-bin

16

directory. The HTTP server places all sorts of information about the

17

request (such as the client's hostname, the requested URL, the query

18

string, and lots of other goodies) in the script's shell environment,

19

executes the script, and sends the script's output back to the client.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

20

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

21

The script's input is connected to the client too, and sometimes the

22

form data is read this way; at other times the form data is passed via

23

the "query string" part of the URL. This module (cgi.py) is intended

24

to take care of the different cases and provide a simpler interface to

25

the Python script. It also provides a number of utilities that help

26

in debugging scripts, and the latest addition is support for file

27

uploads from a form (if your browser supports it -- Grail 0.3 and

28

Netscape 2.0 do).

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

29

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

30

The output of a CGI script should consist of two sections, separated

31

by a blank line. The first section contains a number of headers,

32

telling the client what kind of data is following. Python code to

33

generate a minimal header section looks like this:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

34

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

35

print "Content-type: text/html" # HTML is following

36

print # blank line, end of headers

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

37

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

38

The second section is usually HTML, which allows the client software

39

to display nicely formatted text with header, in-line images, etc.

40

Here's Python code that prints a simple piece of HTML:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

41

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

42

print "<TITLE>CGI script output</TITLE>"

43

print "<H1>This is my first CGI script</H1>"

44

print "Hello, world!"

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

45

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

46

It may not be fully legal HTML according to the letter of the

47

standard, but any browser will understand it.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

Using the cgi module

--------------------

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

53

Begin by writing "import cgi". Don't use "from cgi import *" -- the

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

54

module defines all sorts of names for its own use or for backward

55

compatibility that you don't want in your namespace.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

56

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

57

It's best to use the FieldStorage class. The other classes define in this

58

module are provided mostly for backward compatibility. Instantiate it

59

exactly once, without arguments. This reads the form contents from

60

standard input or the environment (depending on the value of various

61

environment variables set according to the CGI standard). Since it may

62

consume standard input, it should be instantiated only once.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

63

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

64

The FieldStorage instance can be accessed as if it were a Python

65

dictionary. For instance, the following code (which assumes that the

66

Content-type header and blank line have already been printed) checks that

67

the fields "name" and "addr" are both set to a non-empty string:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

68

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

69

form = cgi.FieldStorage()

70

form_ok = 0

71

if form.has_key("name") and form.has_key("addr"):

72

if form["name"].value != "" and form["addr"].value != "":

73

form_ok = 1

74

if not form_ok:

75

print "<H1>Error</H1>"

76

print "Please fill in the name and addr fields."

77

return

78

...further form processing here...

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

79

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

80

Here the fields, accessed through form[key], are themselves instances

81

of FieldStorage (or MiniFieldStorage, depending on the form encoding).

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

82

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

83

If the submitted form data contains more than one field with the same

84

name, the object retrieved by form[key] is not a (Mini)FieldStorage

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

85

instance but a list of such instances. If you are expecting this

86

possibility (i.e., when your HTML form comtains multiple fields with

87

the same name), use the type() function to determine whether you have

88

a single instance or a list of instances. For example, here's code

89

that concatenates any number of username fields, separated by commas:

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

90

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

91

username = form["username"]

92

if type(username) is type([]):

93

# Multiple username fields specified

94

usernames = ""

95

for item in username:

96

if usernames:

97

# Next item -- insert comma

98

usernames = usernames + "," + item.value

99

else:

100

# First item -- don't insert comma

101

usernames = item.value

102

else:

103

# Single username field specified

104

usernames = username.value

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

105

106

If a field represents an uploaded file, the value attribute reads the

107

entire file in memory as a string. This may not be what you want. You can

108

test for an uploaded file by testing either the filename attribute or the

109

file attribute. You can then read the data at leasure from the file

110

attribute:

111

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

112

fileitem = form["userfile"]

113

if fileitem.file:

114

# It's an uploaded file; count lines

115

linecount = 0

116

while 1:

117

line = fileitem.file.readline()

118

if not line: break

119

linecount = linecount + 1

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

120

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

121

The file upload draft standard entertains the possibility of uploading

122

multiple files from one field (using a recursive multipart/*

123

encoding). When this occurs, the item will be a dictionary-like

124

FieldStorage item. This can be determined by testing its type

125

attribute, which should have the value "multipart/form-data" (or

126

perhaps another string beginning with "multipart/"). It this case, it

127

can be iterated over recursively just like the top-level form object.

128

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

129

When a form is submitted in the "old" format (as the query string or as a

130

single data part of type application/x-www-form-urlencoded), the items

131

will actually be instances of the class MiniFieldStorage. In this case,

132

the list, file and filename attributes are always None.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

133

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

134

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

135

Old classes

136

-----------

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

137

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

138

These classes, present in earlier versions of the cgi module, are still

Guido van Rossum

16d5b11

1996-10-24 14:44:32 +0000

[diff] [blame]

139

supported for backward compatibility. New applications should use the

140

FieldStorage class.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

141

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

142

SvFormContentDict: single value form content as dictionary; assumes each

143

field name occurs in the form only once.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

144

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

145

FormContentDict: multiple value form content as dictionary (the form

146

items are lists of values). Useful if your form contains multiple

147

fields with the same name.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

148

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

149

Other classes (FormContent, InterpFormContentDict) are present for

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

150

backwards compatibility with really old applications only. If you still

151

use these and would be inconvenienced when they disappeared from a next

152

version of this module, drop me a note.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

153

154

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

155

Functions

156

---------

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

157

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

158

These are useful if you want more control, or if you want to employ

159

some of the algorithms implemented in this module in other

160

circumstances.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

161

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

162

parse(fp, [environ, [keep_blank_values, [strict_parsing]]]): parse a

163

form into a Python dictionary.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

164

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

165

parse_qs(qs, [keep_blank_values, [strict_parsing]]): parse a query

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

166

string (data of type application/x-www-form-urlencoded). Data are

167

returned as a dictionary. The dictionary keys are the unique query

168

variable names and the values are lists of vales for each name.

169

170

parse_qsl(qs, [keep_blank_values, [strict_parsing]]): parse a query

171

string (data of type application/x-www-form-urlencoded). Data are

172

returned as a list of (name, value) pairs.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

173

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

174

parse_multipart(fp, pdict): parse input of type multipart/form-data (for

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

175

file uploads).

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

176

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

177

parse_header(string): parse a header like Content-type into a main

178

value and a dictionary of parameters.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

179

180

test(): complete test program.

181

182

print_environ(): format the shell environment in HTML.

183

184

print_form(form): format a form in HTML.

185

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

186

print_environ_usage(): print a list of useful environment variables in

187

HTML.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

188

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

189

escape(): convert the characters "&", "<" and ">" to HTML-safe

190

sequences. Use this if you need to display text that might contain

191

such characters in HTML. To translate URLs for inclusion in the HREF

192

attribute of an <A> tag, use urllib.quote().

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

193

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

194

log(fmt, ...): write a line to a log file; see docs for initlog().

195

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

196

197

Caring about security

198

---------------------

199

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

200

There's one important rule: if you invoke an external program (e.g.

201

via the os.system() or os.popen() functions), make very sure you don't

202

pass arbitrary strings received from the client to the shell. This is

203

a well-known security hole whereby clever hackers anywhere on the web

204

can exploit a gullible CGI script to invoke arbitrary shell commands.

205

Even parts of the URL or field names cannot be trusted, since the

206

request doesn't have to come from your form!

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

207

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

208

To be on the safe side, if you must pass a string gotten from a form

209

to a shell command, you should make sure the string contains only

210

alphanumeric characters, dashes, underscores, and periods.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

211

212

213

Installing your CGI script on a Unix system

214

-------------------------------------------

215

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

216

Read the documentation for your HTTP server and check with your local

217

system administrator to find the directory where CGI scripts should be

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

218

installed; usually this is in a directory cgi-bin in the server tree.

219

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

220

Make sure that your script is readable and executable by "others"; the

221

Unix file mode should be 755 (use "chmod 755 filename"). Make sure

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

222

that the first line of the script contains #! starting in column 1

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

223

followed by the pathname of the Python interpreter, for instance:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

224

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

225

#! /usr/local/bin/python

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

226

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

227

Make sure the Python interpreter exists and is executable by "others".

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

228

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

229

Note that it's probably not a good idea to use #! /usr/bin/env python

Guido van Rossum

f06ee5f

1996-11-27 19:52:01 +0000

[diff] [blame]

230

here, since the Python interpreter may not be on the default path

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

231

given to CGI scripts!!!

Guido van Rossum

f06ee5f

1996-11-27 19:52:01 +0000

[diff] [blame]

232

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

233

Make sure that any files your script needs to read or write are

234

readable or writable, respectively, by "others" -- their mode should

235

be 644 for readable and 666 for writable. This is because, for

236

security reasons, the HTTP server executes your script as user

237

"nobody", without any special privileges. It can only read (write,

238

execute) files that everybody can read (write, execute). The current

239

directory at execution time is also different (it is usually the

240

server's cgi-bin directory) and the set of environment variables is

241

also different from what you get at login. in particular, don't count

242

on the shell's search path for executables ($PATH) or the Python

243

module search path ($PYTHONPATH) to be set to anything interesting.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

244

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

245

If you need to load modules from a directory which is not on Python's

246

default module search path, you can change the path in your script,

247

before importing other modules, e.g.:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

248

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

249

import sys

250

sys.path.insert(0, "/usr/home/joe/lib/python")

251

sys.path.insert(0, "/usr/local/lib/python")

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

252

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

253

This way, the directory inserted last will be searched first!

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

254

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

255

Instructions for non-Unix systems will vary; check your HTTP server's

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

256

documentation (it will usually have a section on CGI scripts).

257

258

259

Testing your CGI script

260

-----------------------

261

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

262

Unfortunately, a CGI script will generally not run when you try it

263

from the command line, and a script that works perfectly from the

264

command line may fail mysteriously when run from the server. There's

265

one reason why you should still test your script from the command

266

line: if it contains a syntax error, the python interpreter won't

267

execute it at all, and the HTTP server will most likely send a cryptic

268

error to the client.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

269

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

270

Assuming your script has no syntax errors, yet it does not work, you

271

have no choice but to read the next section:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

272

273

274

Debugging CGI scripts

275

---------------------

276

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

277

First of all, check for trivial installation errors -- reading the

278

section above on installing your CGI script carefully can save you a

279

lot of time. If you wonder whether you have understood the

280

installation procedure correctly, try installing a copy of this module

281

file (cgi.py) as a CGI script. When invoked as a script, the file

282

will dump its environment and the contents of the form in HTML form.

283

Give it the right mode etc, and send it a request. If it's installed

284

in the standard cgi-bin directory, it should be possible to send it a

285

request by entering a URL into your browser of the form:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

286

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

287

http://yourhostname/cgi-bin/cgi.py?name=Joe+Blow&addr=At+Home

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

288

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

289

If this gives an error of type 404, the server cannot find the script

290

-- perhaps you need to install it in a different directory. If it

291

gives another error (e.g. 500), there's an installation problem that

292

you should fix before trying to go any further. If you get a nicely

293

formatted listing of the environment and form content (in this

294

example, the fields should be listed as "addr" with value "At Home"

295

and "name" with value "Joe Blow"), the cgi.py script has been

296

installed correctly. If you follow the same procedure for your own

297

script, you should now be able to debug it.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

298

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

299

The next step could be to call the cgi module's test() function from

300

your script: replace its main code with the single statement

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

301

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

302

cgi.test()

303

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

304

This should produce the same results as those gotten from installing

305

the cgi.py file itself.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

306

Guido van Rossum

1997-05-28 15:11:01 +0000

[diff] [blame]

307

When an ordinary Python script raises an unhandled exception (e.g.,

308

because of a typo in a module name, a file that can't be opened,

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

309

etc.), the Python interpreter prints a nice traceback and exits.

310

While the Python interpreter will still do this when your CGI script

311

raises an exception, most likely the traceback will end up in one of

312

the HTTP server's log file, or be discarded altogether.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

313

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

314

Fortunately, once you have managed to get your script to execute

315

*some* code, it is easy to catch exceptions and cause a traceback to

316

be printed. The test() function below in this module is an example.

317

Here are the rules:

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

318

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

319

1. Import the traceback module (before entering the

320

try-except!)

321

322

2. Make sure you finish printing the headers and the blank

323

line early

324

325

3. Assign sys.stderr to sys.stdout

326

327

3. Wrap all remaining code in a try-except statement

328

329

4. In the except clause, call traceback.print_exc()

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

For example:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

333

import sys

334

import traceback

335

print "Content-type: text/html"

336

print

337

sys.stderr = sys.stdout

try:

...your code here...

except:

print "\n\n<PRE>"

traceback.print_exc()

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

343

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

344

Notes: The assignment to sys.stderr is needed because the traceback

345

prints to sys.stderr. The print "\n\n<PRE>" statement is necessary to

346

disable the word wrapping in HTML.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

347

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

348

If you suspect that there may be a problem in importing the traceback

349

module, you can use an even more robust approach (which only uses

350

built-in modules):

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

351

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

352

import sys

353

sys.stderr = sys.stdout

354

print "Content-type: text/plain"

355

print

356

...your code here...

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

357

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

358

This relies on the Python interpreter to print the traceback. The

359

content type of the output is set to plain text, which disables all

360

HTML processing. If your script works, the raw HTML will be displayed

361

by your client. If it raises an exception, most likely after the

362

first two lines have been printed, a traceback will be displayed.

363

Because no HTML interpretation is going on, the traceback will

364

readable.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

365

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

366

When all else fails, you may want to insert calls to log() to your

367

program or even to a copy of the cgi.py file. Note that this requires

368

you to set cgi.logfile to the name of a world-writable file before the

369

first call to log() is made!

370

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

Good luck!

Common problems and solutions

375

-----------------------------

376

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

377

- Most HTTP servers buffer the output from CGI scripts until the

378

script is completed. This means that it is not possible to display a

379

progress report on the client's display while the script is running.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

380

381

- Check the installation instructions above.

382

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

383

- Check the HTTP server's log files. ("tail -f logfile" in a separate

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

384

window may be useful!)

385

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

386

- Always check a script for syntax errors first, by doing something

387

like "python script.py".

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

388

389

- When using any of the debugging techniques, don't forget to add

390

"import sys" to the top of the script.

391

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

392

- When invoking external programs, make sure they can be found.

393

Usually, this means using absolute path names -- $PATH is usually not

394

set to a very useful value in a CGI script.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

395

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

396

- When reading or writing external files, make sure they can be read

397

or written by every user on the system.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

398

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

399

- Don't try to give a CGI script a set-uid mode. This doesn't work on

400

most systems, and is a security liability as well.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

History

-------

Guido van Rossum

1996-03-06 19:11:33 +0000

[diff] [blame]

406

Michael McLay started this module. Steve Majewski changed the

407

interface to SvFormContentDict and FormContentDict. The multipart

408

parsing was inspired by code submitted by Andreas Paepcke. Guido van

409

Rossum rewrote, reformatted and documented the module and is currently

410

responsible for its maintenance.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

411

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

412

413

XXX The module is getting pretty heavy with all those docstrings.

414

Perhaps there should be a slimmed version that doesn't contain all those

415

backwards compatible and debugging classes and functions?

416

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

417

"""

418

Guido van Rossum

5f32248

1997-04-11 18:20:42 +0000

[diff] [blame]

419

__version__ = "2.2"

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

420

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

# Imports

# =======

import string

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

426

import sys

427

import os

Guido van Rossum

a5e9fb6

1997-08-12 18:18:13 +0000

[diff] [blame]

428

import urllib

Guido van Rossum

a5e9fb6

1997-08-12 18:18:13 +0000

[diff] [blame]

429

import mimetools

430

import rfc822

431

from StringIO import StringIO

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

432

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

# Logging support

# ===============

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

437

logfile = "" # Filename to log to, if not empty

438

logfp = None # File object to log to, if not None

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

439

440

def initlog(*allargs):

441

"""Write a log message, if there is a log file.

442

443

Even though this function is called initlog(), you should always

444

use log(); log is a variable that is set either to initlog

445

(initially), to dolog (once the log file has been opened), or to

446

nolog (when logging is disabled).

447

448

The first argument is a format string; the remaining arguments (if

449

any) are arguments to the % operator, so e.g.

450

log("%s: %s", "a", "b")

451

will write "a: b" to the log file, followed by a newline.

452

453

If the global logfp is not None, it should be a file object to

454

which log data is written.

455

456

If the global logfp is None, the global logfile may be a string

457

giving a filename to open, in append mode. This file should be

458

world writable!!! If the file can't be opened, logging is

459

silently disabled (since there is no safe place where we could

460

send an error message).

"""

global logfp, log

if logfile and not logfp:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

465

try:

466

logfp = open(logfile, "a")

467

except IOError:

468

pass

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

469

if not logfp:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

470

log = nolog

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

471

else:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

472

log = dolog

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

473

apply(log, allargs)

474

475

def dolog(fmt, *args):

476

"""Write a log message to the log file. See initlog() for docs."""

477

logfp.write(fmt%args + "\n")

478

479

def nolog(*allargs):

480

"""Dummy function, assigned to log when logging is disabled."""

481

pass

482

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

483

log = initlog # The current logging function

Guido van Rossum

1996-09-05 19:07:11 +0000

[diff] [blame]

484

485

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

# Parsing functions

# =================

Guido van Rossum

1997-05-13 19:03:23 +0000

[diff] [blame]

489

# Maximum input we will accept when REQUEST_METHOD is POST

490

# 0 ==> unlimited input

491

maxlen = 0

492

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

493

def parse(fp=None, environ=os.environ, keep_blank_values=0, strict_parsing=0):

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

494

"""Parse a query in the environment or from a file (default stdin)

495

496

Arguments, all optional:

497

498

fp : file pointer; default: sys.stdin

499

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

500

environ : environment dictionary; default: os.environ

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

501

502

keep_blank_values: flag indicating whether blank values in

503

URL encoded forms should be treated as blank strings.

504

A true value inicates that blanks should be retained as

505

blank strings. The default false value indicates that

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

506

blank values are to be ignored and treated as if they were

507

not included.

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

508

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

509

strict_parsing: flag indicating what to do with parsing errors.

510

If false (the default), errors are silently ignored.

511

If true, errors raise a ValueError exception.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

512

"""

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

513

if not fp:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

514

fp = sys.stdin

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

515

if not environ.has_key('REQUEST_METHOD'):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

516

environ['REQUEST_METHOD'] = 'GET' # For testing stand-alone

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

517

if environ['REQUEST_METHOD'] == 'POST':

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

518

ctype, pdict = parse_header(environ['CONTENT_TYPE'])

519

if ctype == 'multipart/form-data':

520

return parse_multipart(fp, pdict)

521

elif ctype == 'application/x-www-form-urlencoded':

522

clength = string.atoi(environ['CONTENT_LENGTH'])

523

if maxlen and clength > maxlen:

524

raise ValueError, 'Maximum content length exceeded'

525

qs = fp.read(clength)

526

else:

527

qs = '' # Unknown content-type

528

if environ.has_key('QUERY_STRING'):

529

if qs: qs = qs + '&'

530

qs = qs + environ['QUERY_STRING']

531

elif sys.argv[1:]:

532

if qs: qs = qs + '&'

533

qs = qs + sys.argv[1]

534

environ['QUERY_STRING'] = qs # XXX Shouldn't, really

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

535

elif environ.has_key('QUERY_STRING'):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

536

qs = environ['QUERY_STRING']

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

537

else:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

if sys.argv[1:]:

qs = sys.argv[1]

else:

qs = ""

environ['QUERY_STRING'] = qs # XXX Shouldn't, really

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

543

return parse_qs(qs, keep_blank_values, strict_parsing)

Guido van Rossum

e780877

1995-08-07 20:12:09 +0000

[diff] [blame]

544

545

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

546

def parse_qs(qs, keep_blank_values=0, strict_parsing=0):

547

"""Parse a query given as a string argument.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

Arguments:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

551

qs: URL-encoded query string to be parsed

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

552

553

keep_blank_values: flag indicating whether blank values in

554

URL encoded queries should be treated as blank strings.

555

A true value inicates that blanks should be retained as

556

blank strings. The default false value indicates that

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

557

blank values are to be ignored and treated as if they were

558

not included.

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

559

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

560

strict_parsing: flag indicating what to do with parsing errors.

561

If false (the default), errors are silently ignored.

562

If true, errors raise a ValueError exception.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

563

"""

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

564

dict = {}

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

565

for name, value in parse_qsl(qs, keep_blank_values, strict_parsing):

566

if len(value) or keep_blank_values:

567

if dict.has_key(name):

568

dict[name].append(value)

else:

dict[name] = [value]

return dict

def parse_qsl(qs, keep_blank_values=0, strict_parsing=0):

574

"""Parse a query given as a string argument.

Arguments:

qs: URL-encoded query string to be parsed

579

580

keep_blank_values: flag indicating whether blank values in

581

URL encoded queries should be treated as blank strings.

582

A true value inicates that blanks should be retained as

583

blank strings. The default false value indicates that

584

blank values are to be ignored and treated as if they were

585

not included.

586

587

strict_parsing: flag indicating what to do with parsing errors.

588

If false (the default), errors are silently ignored.

589

If true, errors raise a ValueError exception.

590

591

Returns a list, as God intended.

592

"""

593

name_value_pairs = string.splitfields(qs, '&')

594

r=[]

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

595

for name_value in name_value_pairs:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

596

nv = string.splitfields(name_value, '=')

597

if len(nv) != 2:

598

if strict_parsing:

599

raise ValueError, "bad query field: %s" % `name_value`

600

continue

601

name = urllib.unquote(string.replace(nv[0], '+', ' '))

602

value = urllib.unquote(string.replace(nv[1], '+', ' '))

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

603

r.append(name, value)

604

605

return r

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

606

607

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

608

def parse_multipart(fp, pdict):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

609

"""Parse multipart input.

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

610

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

611

Arguments:

612

fp : input file

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

613

pdict: dictionary containing other parameters of conten-type header

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

614

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

615

Returns a dictionary just like parse_qs(): keys are the field names, each

616

value is a list of values for that field. This is easy to use but not

617

much good if you are expecting megabytes to be uploaded -- in that case,

618

use the FieldStorage class instead which is much more flexible. Note

619

that content-type is the raw, unparsed contents of the content-type

620

header.

621

622

XXX This does not parse nested multipart parts -- use FieldStorage for

623

that.

624

625

XXX This should really be subsumed by FieldStorage altogether -- no

626

point in having two implementations of the same parsing algorithm.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

627

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

628

"""

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

629

if pdict.has_key('boundary'):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

630

boundary = pdict['boundary']

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

631

else:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

632

boundary = ""

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

633

nextpart = "--" + boundary

634

lastpart = "--" + boundary + "--"

partdict = {}

terminator = ""

while terminator != lastpart:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

bytes = -1

data = None

if terminator:

# At start of next part. Read headers first.

643

headers = mimetools.Message(fp)

644

clength = headers.getheader('content-length')

645

if clength:

646

try:

647

bytes = string.atoi(clength)

648

except string.atoi_error:

649

pass

650

if bytes > 0:

651

if maxlen and bytes > maxlen:

652

raise ValueError, 'Maximum content length exceeded'

653

data = fp.read(bytes)

654

else:

655

data = ""

656

# Read lines until end of part.

lines = []

while 1:

line = fp.readline()

if not line:

terminator = lastpart # End outer loop

662

break

663

if line[:2] == "--":

664

terminator = string.strip(line)

665

if terminator in (nextpart, lastpart):

break

lines.append(line)

# Done with part.

if data is None:

continue

if bytes < 0:

if lines:

# Strip final line terminator

674

line = lines[-1]

675

if line[-2:] == "\r\n":

676

line = line[:-2]

677

elif line[-1:] == "\n":

678

line = line[:-1]

679

lines[-1] = line

680

data = string.joinfields(lines, "")

681

line = headers['content-disposition']

682

if not line:

683

continue

684

key, params = parse_header(line)

685

if key != 'form-data':

686

continue

687

if params.has_key('name'):

688

name = params['name']

689

else:

690

continue

691

if partdict.has_key(name):

692

partdict[name].append(data)

693

else:

694

partdict[name] = [data]

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

695

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

696

return partdict

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

697

698

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

699

def parse_header(line):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

700

"""Parse a Content-type like header.

701

702

Return the main content-type and a dictionary of options.

703

704

"""

705

plist = map(string.strip, string.splitfields(line, ';'))

706

key = string.lower(plist[0])

707

del plist[0]

708

pdict = {}

709

for p in plist:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

710

i = string.find(p, '=')

711

if i >= 0:

712

name = string.lower(string.strip(p[:i]))

713

value = string.strip(p[i+1:])

714

if len(value) >= 2 and value[0] == value[-1] == '"':

715

value = value[1:-1]

716

pdict[name] = value

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

717

return key, pdict

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

718

719

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

720

# Classes for field storage

721

# =========================

722

723

class MiniFieldStorage:

724

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

725

"""Like FieldStorage, for use when no file uploads are possible."""

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

726

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

# Dummy attributes

filename = None

list = None

type = None

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

731

file = None

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

732

type_options = {}

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

733

disposition = None

734

disposition_options = {}

735

headers = {}

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

736

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

737

def __init__(self, name, value):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

738

"""Constructor from field name and value."""

739

self.name = name

740

self.value = value

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

741

# self.file = StringIO(value)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

742

743

def __repr__(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

744

"""Return printable representation."""

745

return "MiniFieldStorage(%s, %s)" % (`self.name`, `self.value`)

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

class FieldStorage:

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

750

"""Store a sequence of fields, reading multipart/form-data.

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

751

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

752

This class provides naming, typing, files stored on disk, and

753

more. At the top level, it is accessible like a dictionary, whose

754

keys are the field names. (Note: None can occur as a field name.)

755

The items are either a Python list (if there's multiple values) or

756

another FieldStorage or MiniFieldStorage object. If it's a single

757

object, it has the following attributes:

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

758

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

759

name: the field name, if specified; otherwise None

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

760

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

761

filename: the filename, if specified; otherwise None; this is the

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

762

client side filename, *not* the file name on which it is

763

stored (that's a temporary file you don't deal with)

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

764

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

765

value: the value as a *string*; for file uploads, this

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

766

transparently reads the file every time you request the value

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

767

768

file: the file(-like) object from which you can read the data;

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

769

None if the data is stored a simple string

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

770

771

type: the content-type, or None if not specified

772

773

type_options: dictionary of options specified on the content-type

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

774

line

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

775

776

disposition: content-disposition, or None if not specified

777

778

disposition_options: dictionary of corresponding options

779

780

headers: a dictionary(-like) object (sometimes rfc822.Message or a

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

781

subclass thereof) containing *all* headers

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

782

783

The class is subclassable, mostly for the purpose of overriding

784

the make_file() method, which is called internally to come up with

785

a file open for reading and writing. This makes it possible to

786

override the default choice of storing all files in a temporary

787

directory and unlinking them as soon as they have been opened.

"""

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

791

def __init__(self, fp=None, headers=None, outerboundary="",

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

792

environ=os.environ, keep_blank_values=0, strict_parsing=0):

793

"""Constructor. Read multipart/* until last part.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

794

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

795

Arguments, all optional:

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

796

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

797

fp : file pointer; default: sys.stdin

Guido van Rossum

b1b4f94

1998-05-08 19:55:51 +0000

[diff] [blame]

798

(not used when the request method is GET)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

799

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

800

headers : header dictionary-like object; default:

801

taken from environ as per CGI spec

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

802

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

803

outerboundary : terminating multipart boundary

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

804

(for internal use only)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

805

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

806

environ : environment dictionary; default: os.environ

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

807

808

keep_blank_values: flag indicating whether blank values in

809

URL encoded forms should be treated as blank strings.

810

A true value inicates that blanks should be retained as

811

blank strings. The default false value indicates that

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

812

blank values are to be ignored and treated as if they were

813

not included.

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

814

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

815

strict_parsing: flag indicating what to do with parsing errors.

816

If false (the default), errors are silently ignored.

817

If true, errors raise a ValueError exception.

Guido van Rossum

1996-11-11 19:29:11 +0000

[diff] [blame]

818

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

819

"""

820

method = 'GET'

821

self.keep_blank_values = keep_blank_values

822

self.strict_parsing = strict_parsing

823

if environ.has_key('REQUEST_METHOD'):

824

method = string.upper(environ['REQUEST_METHOD'])

Guido van Rossum

0185283

1998-06-25 02:40:17 +0000

[diff] [blame]

825

if method == 'GET' or method == 'HEAD':

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

826

if environ.has_key('QUERY_STRING'):

827

qs = environ['QUERY_STRING']

elif sys.argv[1:]:

qs = sys.argv[1]

else:

qs = ""

fp = StringIO(qs)

if headers is None:

headers = {'content-type':

835

"application/x-www-form-urlencoded"}

836

if headers is None:

Guido van Rossum

cff311a

1998-06-11 14:06:59 +0000

[diff] [blame]

837

headers = {}

838

if method == 'POST':

839

# Set default content-type for POST to what's traditional

840

headers['content-type'] = "application/x-www-form-urlencoded"

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

841

if environ.has_key('CONTENT_TYPE'):

842

headers['content-type'] = environ['CONTENT_TYPE']

843

if environ.has_key('CONTENT_LENGTH'):

844

headers['content-length'] = environ['CONTENT_LENGTH']

845

self.fp = fp or sys.stdin

846

self.headers = headers

847

self.outerboundary = outerboundary

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

848

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

849

# Process content-disposition header

850

cdisp, pdict = "", {}

851

if self.headers.has_key('content-disposition'):

852

cdisp, pdict = parse_header(self.headers['content-disposition'])

853

self.disposition = cdisp

854

self.disposition_options = pdict

855

self.name = None

856

if pdict.has_key('name'):

857

self.name = pdict['name']

858

self.filename = None

859

if pdict.has_key('filename'):

860

self.filename = pdict['filename']

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

861

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

862

# Process content-type header

Barry Warsaw

1999-01-08 17:42:03 +0000

[diff] [blame]

863

#

864

# Honor any existing content-type header. But if there is no

865

# content-type header, use some sensible defaults. Assume

866

# outerboundary is "" at the outer level, but something non-false

867

# inside a multi-part. The default for an inner part is text/plain,

868

# but for an outer part it should be urlencoded. This should catch

869

# bogus clients which erroneously forget to include a content-type

870

# header.

871

#

872

# See below for what we do if there does exist a content-type header,

873

# but it happens to be something we don't understand.

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

874

if self.headers.has_key('content-type'):

875

ctype, pdict = parse_header(self.headers['content-type'])

Guido van Rossum

ce900de

1999-06-02 18:44:22 +0000

[diff] [blame]

876

elif self.outerboundary or method != 'POST':

Barry Warsaw

1999-01-08 17:42:03 +0000

[diff] [blame]

877

ctype, pdict = "text/plain", {}

878

else:

879

ctype, pdict = 'application/x-www-form-urlencoded', {}

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

880

self.type = ctype

881

self.type_options = pdict

882

self.innerboundary = ""

883

if pdict.has_key('boundary'):

884

self.innerboundary = pdict['boundary']

885

clen = -1

886

if self.headers.has_key('content-length'):

887

try:

888

clen = string.atoi(self.headers['content-length'])

889

except:

890

pass

891

if maxlen and clen > maxlen:

892

raise ValueError, 'Maximum content length exceeded'

893

self.length = clen

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

894

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

895

self.list = self.file = None

896

self.done = 0

897

self.lines = []

898

if ctype == 'application/x-www-form-urlencoded':

899

self.read_urlencoded()

900

elif ctype[:10] == 'multipart/':

Guido van Rossum

f574500

1998-10-20 14:43:02 +0000

[diff] [blame]

901

self.read_multi(environ, keep_blank_values, strict_parsing)

Guido van Rossum

ce900de

1999-06-02 18:44:22 +0000

[diff] [blame]

902

elif self.outerboundary or method != 'POST':

Barry Warsaw

1999-01-08 17:42:03 +0000

[diff] [blame]

903

# we're in an inner part, but the content-type wasn't something we

904

# understood. default to read_single() because the resulting

905

# FieldStorage won't be a mapping (and doesn't need to be).

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

906

self.read_single()

Barry Warsaw

1999-01-08 17:42:03 +0000

[diff] [blame]

907

else:

908

# we're in an outer part, but the content-type wasn't something we

909

# understood. we still want the resulting FieldStorage to be a

910

# mapping, so parse it as if it were urlencoded

911

self.read_urlencoded()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

912

913

def __repr__(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

914

"""Return a printable representation."""

915

return "FieldStorage(%s, %s, %s)" % (

916

`self.name`, `self.filename`, `self.value`)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

917

918

def __getattr__(self, name):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

919

if name != 'value':

920

raise AttributeError, name

921

if self.file:

922

self.file.seek(0)

923

value = self.file.read()

924

self.file.seek(0)

925

elif self.list is not None:

value = self.list

else:

value = None

return value

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

930

931

def __getitem__(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

932

"""Dictionary style indexing."""

933

if self.list is None:

934

raise TypeError, "not indexable"

935

found = []

936

for item in self.list:

937

if item.name == key: found.append(item)

if not found:

raise KeyError, key

if len(found) == 1:

return found[0]

else:

return found

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

944

945

def keys(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

946

"""Dictionary style keys() method."""

947

if self.list is None:

948

raise TypeError, "not indexable"

949

keys = []

950

for item in self.list:

951

if item.name not in keys: keys.append(item.name)

952

return keys

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

953

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

954

def has_key(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

955

"""Dictionary style has_key() method."""

956

if self.list is None:

957

raise TypeError, "not indexable"

958

for item in self.list:

959

if item.name == key: return 1

960

return 0

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

961

Guido van Rossum

88b85d4

1997-01-11 19:21:33 +0000

[diff] [blame]

962

def __len__(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

963

"""Dictionary style len(x) support."""

964

return len(self.keys())

Guido van Rossum

88b85d4

1997-01-11 19:21:33 +0000

[diff] [blame]

965

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

966

def read_urlencoded(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

967

"""Internal: read data in query string format."""

968

qs = self.fp.read(self.length)

Guido van Rossum

1999-06-04 17:54:39 +0000

[diff] [blame]

969

self.list = list = []

970

for key, value in parse_qsl(qs, self.keep_blank_values,

971

self.strict_parsing):

972

list.append(MiniFieldStorage(key, value))

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

973

self.skip_lines()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

974

Guido van Rossum

030d2ec

1998-12-09 22:16:46 +0000

[diff] [blame]

975

FieldStorageClass = None

976

Guido van Rossum

f574500

1998-10-20 14:43:02 +0000

[diff] [blame]

977

def read_multi(self, environ, keep_blank_values, strict_parsing):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

978

"""Internal: read a part that is itself multipart."""

979

self.list = []

Guido van Rossum

030d2ec

1998-12-09 22:16:46 +0000

[diff] [blame]

980

klass = self.FieldStorageClass or self.__class__

981

part = klass(self.fp, {}, self.innerboundary,

982

environ, keep_blank_values, strict_parsing)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

983

# Throw first part away

984

while not part.done:

985

headers = rfc822.Message(self.fp)

Guido van Rossum

030d2ec

1998-12-09 22:16:46 +0000

[diff] [blame]

986

part = klass(self.fp, headers, self.innerboundary,

987

environ, keep_blank_values, strict_parsing)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

988

self.list.append(part)

989

self.skip_lines()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

990

991

def read_single(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

992

"""Internal: read an atomic part."""

if self.length >= 0:

self.read_binary()

self.skip_lines()

else:

self.read_lines()

self.file.seek(0)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

999

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1000

bufsize = 8*1024 # I/O buffering size for copy to file

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1001

1002

def read_binary(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1003

"""Internal: read binary data."""

1004

self.file = self.make_file('b')

todo = self.length

if todo >= 0:

while todo > 0:

data = self.fp.read(min(todo, self.bufsize))

if not data:

self.done = -1

break

self.file.write(data)

1013

todo = todo - len(data)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1014

1015

def read_lines(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1016

"""Internal: read lines until EOF or outerboundary."""

1017

self.file = self.make_file('')

1018

if self.outerboundary:

1019

self.read_lines_to_outerboundary()

1020

else:

1021

self.read_lines_to_eof()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1022

1023

def read_lines_to_eof(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1024

"""Internal: read lines until EOF."""

1025

while 1:

1026

line = self.fp.readline()

if not line:

self.done = -1

break

self.lines.append(line)

1031

self.file.write(line)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1032

1033

def read_lines_to_outerboundary(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1034

"""Internal: read lines until outerboundary."""

1035

next = "--" + self.outerboundary

last = next + "--"

delim = ""

while 1:

line = self.fp.readline()

if not line:

self.done = -1

break

self.lines.append(line)

1044

if line[:2] == "--":

1045

strippedline = string.strip(line)

1046

if strippedline == next:

1047

break

1048

if strippedline == last:

self.done = 1

break

odelim = delim

if line[-2:] == "\r\n":

1053

delim = "\r\n"

1054

line = line[:-2]

1055

elif line[-1] == "\n":

delim = "\n"

line = line[:-1]

else:

delim = ""

self.file.write(odelim + line)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1061

1062

def skip_lines(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1063

"""Internal: skip lines until outer boundary if defined."""

1064

if not self.outerboundary or self.done:

1065

return

1066

next = "--" + self.outerboundary

1067

last = next + "--"

1068

while 1:

1069

line = self.fp.readline()

if not line:

self.done = -1

break

self.lines.append(line)

1074

if line[:2] == "--":

1075

strippedline = string.strip(line)

1076

if strippedline == next:

1077

break

1078

if strippedline == last:

1079

self.done = 1

1080

break

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1081

Guido van Rossum

a5e9fb6

1997-08-12 18:18:13 +0000

[diff] [blame]

1082

def make_file(self, binary=None):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1083

"""Overridable: return a readable & writable file.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1084

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1085

The file will be used as follows:

1086

- data is written to it

1087

- seek(0)

1088

- data is read from it

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1089

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1090

The 'binary' argument is unused -- the file is always opened

1091

in binary mode.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1092

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1093

This version opens a temporary file for reading and writing,

1094

and immediately deletes (unlinks) it. The trick (on Unix!) is

1095

that the file can still be used, but it can't be opened by

1096

another process, and it will automatically be deleted when it

1097

is closed or when the current process terminates.

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

1098

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1099

If you want a more permanent file, you derive a class which

1100

overrides this method. If you want a visible temporary file

1101

that is nevertheless automatically deleted when the script

1102

terminates, try defining a __del__ method in a derived class

1103

which unlinks the temporary files you have created.

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1104

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1105

"""

1106

import tempfile

1107

return tempfile.TemporaryFile("w+b")

1108

Guido van Rossum

1996-03-07 06:33:07 +0000

[diff] [blame]

1109

1110

Guido van Rossum

1996-03-09 04:04:35 +0000

[diff] [blame]

1111

# Backwards Compatibility Classes

1112

# ===============================

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1113

1114

class FormContentDict:

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1115

"""Basic (multiple values per field) form content as dictionary.

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

1116

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1117

form = FormContentDict()

1118

1119

form[key] -> [value, value, ...]

1120

form.has_key(key) -> Boolean

1121

form.keys() -> [key, key, ...]

1122

form.values() -> [[val, val, ...], [val, val, ...], ...]

1123

form.items() -> [(key, [val, val, ...]), (key, [val, val, ...]), ...]

1124

form.dict == {key: [val, val, ...], ...}

1125

1126

"""

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

1127

def __init__(self, environ=os.environ):

Guido van Rossum

afb5e93

1996-08-08 18:42:12 +0000

[diff] [blame]

1128

self.dict = parse(environ=environ)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1129

self.query_string = environ['QUERY_STRING']

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1130

def __getitem__(self,key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1131

return self.dict[key]

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1132

def keys(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1133

return self.dict.keys()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1134

def has_key(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1135

return self.dict.has_key(key)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1136

def values(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1137

return self.dict.values()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1138

def items(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1139

return self.dict.items()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1140

def __len__( self ):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1141

return len(self.dict)

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1142

1143

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1144

class SvFormContentDict(FormContentDict):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1145

"""Strict single-value expecting form content as dictionary.

1146

1147

IF you only expect a single value for each field, then form[key]

1148

will return that single value. It will raise an IndexError if

1149

that expectation is not true. IF you expect a field to have

1150

possible multiple values, than you can use form.getlist(key) to

1151

get all of the values. values() and items() are a compromise:

1152

they return single strings where there is a single value, and

1153

lists of strings otherwise.

1154

1155

"""

1156

def __getitem__(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1157

if len(self.dict[key]) > 1:

1158

raise IndexError, 'expecting a single value'

1159

return self.dict[key][0]

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1160

def getlist(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1161

return self.dict[key]

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1162

def values(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1163

lis = []

1164

for each in self.dict.values():

1165

if len( each ) == 1 :

1166

lis.append(each[0])

1167

else: lis.append(each)

1168

return lis

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1169

def items(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1170

lis = []

1171

for key,value in self.dict.items():

1172

if len(value) == 1 :

1173

lis.append((key, value[0]))

1174

else: lis.append((key, value))

1175

return lis

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1176

1177

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1178

class InterpFormContentDict(SvFormContentDict):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1179

"""This class is present for backwards compatibility only."""

1180

def __getitem__( self, key ):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1181

v = SvFormContentDict.__getitem__( self, key )

1182

if v[0] in string.digits+'+-.' :

1183

try: return string.atoi( v )

1184

except ValueError:

1185

try: return string.atof( v )

1186

except ValueError: pass

1187

return string.strip(v)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1188

def values( self ):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1189

lis = []

1190

for key in self.keys():

1191

try:

1192

lis.append( self[key] )

1193

except IndexError:

1194

lis.append( self.dict[key] )

1195

return lis

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1196

def items( self ):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1197

lis = []

1198

for key in self.keys():

1199

try:

1200

lis.append( (key, self[key]) )

1201

except IndexError:

1202

lis.append( (key, self.dict[key]) )

1203

return lis

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1204

1205

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1206

class FormContent(FormContentDict):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1207

"""This class is present for backwards compatibility only."""

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

1208

def values(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1209

if self.dict.has_key(key) :return self.dict[key]

1210

else: return None

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

1211

def indexed_value(self, key, location):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1212

if self.dict.has_key(key):

1213

if len (self.dict[key]) > location:

1214

return self.dict[key][location]

1215

else: return None

1216

else: return None

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

1217

def value(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1218

if self.dict.has_key(key): return self.dict[key][0]

1219

else: return None

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

1220

def length(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1221

return len(self.dict[key])

Guido van Rossum

1996-03-09 03:16:04 +0000

[diff] [blame]

1222

def stripped(self, key):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1223

if self.dict.has_key(key): return string.strip(self.dict[key][0])

1224

else: return None

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1225

def pars(self):

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1226

return self.dict

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1227

1228

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

1229

# Test/debug code

1230

# ===============

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1231

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

1232

def test(environ=os.environ):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1233

"""Robust test CGI script, usable as main program.

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1234

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1235

Write minimal HTTP headers and dump all information provided to

1236

the script in HTML form.

"""

import traceback

print "Content-type: text/html"

1241

print

1242

sys.stderr = sys.stdout

1243

try:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1244

form = FieldStorage() # Replace with other classes to test those

1245

print_form(form)

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

1246

print_environ(environ)

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1247

print_directory()

1248

print_arguments()

1249

print_environ_usage()

1250

def f():

1251

exec "testing print_exception() -- <I>italics?</I>"

1252

def g(f=f):

1253

f()

1254

print "<H3>What follows is a test, not an actual exception:</H3>"

1255

g()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1256

except:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1257

print_exception()

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

1258

Guido van Rossum

ad16471

1997-05-13 19:03:23 +0000

[diff] [blame]

1259

# Second try with a small maxlen...

1260

global maxlen

1261

maxlen = 50

1262

try:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1263

form = FieldStorage() # Replace with other classes to test those

1264

print_form(form)

1265

print_environ(environ)

1266

print_directory()

1267

print_arguments()

1268

print_environ_usage()

Guido van Rossum

ad16471

1997-05-13 19:03:23 +0000

[diff] [blame]

1269

except:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1270

print_exception()

Guido van Rossum

ad16471

1997-05-13 19:03:23 +0000

[diff] [blame]

1271

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

1272

def print_exception(type=None, value=None, tb=None, limit=None):

1273

if type is None:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1274

type, value, tb = sys.exc_info()

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

1275

import traceback

1276

print

1277

print "<H3>Traceback (innermost last):</H3>"

1278

list = traceback.format_tb(tb, limit) + \

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1279

traceback.format_exception_only(type, value)

Guido van Rossum

1996-08-20 20:22:39 +0000

[diff] [blame]

1280

print "<PRE>%s<B>%s</B></PRE>" % (

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1281

escape(string.join(list[:-1], "")),

1282

escape(list[-1]),

1283

)

Guido van Rossum

f15d159

1997-09-29 23:22:12 +0000

[diff] [blame]

1284

del tb

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1285

Guido van Rossum

1996-07-23 03:46:24 +0000

[diff] [blame]

1286

def print_environ(environ=os.environ):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1287

"""Dump the shell environment as HTML."""

1288

keys = environ.keys()

1289

keys.sort()

1290

print

Guido van Rossum

503e50b

1996-05-28 22:57:20 +0000

[diff] [blame]

1291

print "<H3>Shell Environment:</H3>"

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1292

print "<DL>"

1293

for key in keys:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1294

print "<DT>", escape(key), "<DD>", escape(environ[key])

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1295

print "</DL>"

1296

print

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

1297

1298

def print_form(form):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1299

"""Dump the contents of a form as HTML."""

1300

keys = form.keys()

1301

keys.sort()

1302

print

Guido van Rossum

503e50b

1996-05-28 22:57:20 +0000

[diff] [blame]

1303

print "<H3>Form Contents:</H3>"

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1304

print "<DL>"

1305

for key in keys:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1306

print "<DT>" + escape(key) + ":",

1307

value = form[key]

1308

print "<i>" + escape(`type(value)`) + "</i>"

1309

print "<DD>" + escape(`value`)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

print "</DL>"

print

def print_directory():

1314

"""Dump the current directory as HTML."""

1315

print

1316

print "<H3>Current Working Directory:</H3>"

1317

try:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1318

pwd = os.getcwd()

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1319

except os.error, msg:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1320

print "os.error:", escape(str(msg))

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1321

else:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1322

print escape(pwd)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1323

print

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1324

Guido van Rossum

a8738a5

1996-03-14 21:30:28 +0000

[diff] [blame]

1325

def print_arguments():

1326

print

Guido van Rossum

503e50b

1996-05-28 22:57:20 +0000

[diff] [blame]

1327

print "<H3>Command Line Arguments:</H3>"

Guido van Rossum

a8738a5

1996-03-14 21:30:28 +0000

[diff] [blame]

print

print sys.argv

print

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1332

def print_environ_usage():

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1333

"""Dump a list of environment variables used by CGI as HTML."""

1334

print """

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

1335

<H3>These environment variables could have been set:</H3>

1336

<UL>

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

<LI>AUTH_TYPE

<LI>CONTENT_LENGTH

<LI>CONTENT_TYPE

<LI>DATE_GMT

<LI>DATE_LOCAL

<LI>DOCUMENT_NAME

<LI>DOCUMENT_ROOT

<LI>DOCUMENT_URI

<LI>GATEWAY_INTERFACE

<LI>LAST_MODIFIED

<LI>PATH

<LI>PATH_INFO

<LI>PATH_TRANSLATED

<LI>QUERY_STRING

<LI>REMOTE_ADDR

<LI>REMOTE_HOST

<LI>REMOTE_IDENT

<LI>REMOTE_USER

<LI>REQUEST_METHOD

<LI>SCRIPT_NAME

<LI>SERVER_NAME

<LI>SERVER_PORT

<LI>SERVER_PROTOCOL

<LI>SERVER_ROOT

<LI>SERVER_SOFTWARE

</UL>

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1363

In addition, HTTP headers sent by the server may be passed in the

1364

environment as well. Here are some common variable names:

<UL>

<LI>HTTP_ACCEPT

<LI>HTTP_CONNECTION

<LI>HTTP_HOST

<LI>HTTP_PRAGMA

<LI>HTTP_REFERER

<LI>HTTP_USER_AGENT

</UL>

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1373

"""

1374

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1375

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

1376

# Utilities

1377

# =========

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1378

Guido van Rossum

64c6620

1997-07-19 20:11:53 +0000

[diff] [blame]

1379

def escape(s, quote=None):

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1380

"""Replace special characters '&', '<' and '>' by SGML entities."""

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1381

s = string.replace(s, "&", "&") # Must be done first!

Guido van Rossum

00f9fea

1997-12-24 21:18:41 +0000

[diff] [blame]

1382

s = string.replace(s, "<", "<")

1383

s = string.replace(s, ">", ">",)

Guido van Rossum

64c6620

1997-07-19 20:11:53 +0000

[diff] [blame]

1384

if quote:

Guido van Rossum

1998-03-26 21:13:24 +0000

[diff] [blame]

1385

s = string.replace(s, '"', """)

Guido van Rossum

1996-03-07 18:00:44 +0000

[diff] [blame]

1386

return s

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1387

Guido van Rossum

1995-01-12 12:29:47 +0000

[diff] [blame]

1388

Guido van Rossum

1996-03-06 07:20:06 +0000

[diff] [blame]

# Invoke mainline

# ===============

# Call test() when this file is run as a script (not imported as a module)

1393

if __name__ == '__main__':

Guido van Rossum