CGI Help Please.
Michael Hall
olc at ninti.com
Tue Jul 9 22:06:44 EDT 2002
SA:
Are you sure this script is working OK? It looks like it is printing a
Content-Type header for every line in the file being displayed. I would
move this line
print "Content-Type: text/plain\n\n"
outside (and before) the for loop.
Next question: what would happen if someone called your script with the
following URL:
http://yourdomain/yourscript.pl?PageID=/etc/passwd
or similar? Never trust user input. You should always check what data is
being fed into your scripts. Regexes (re module) is what you need here.
Michael
On Tue, 9 Jul 2002, SA wrote:
> Ok. I 'hacked' at the code for awhile and have finally figured it out. For
> anyone that wants to see the results, check my test program below:
>
> On 7/9/02 11:51 AM, "SA" <sarmstrong13 at mac.com> wrote:
>
> #!/sw/bin/python
>
> import cgi
> import cgitb
>
> cgitb.enable(display=0, logdir="/Users/montana/Temp")
>
> QueryString = cgi.FieldStorage()
> for pageID in QueryString.keys():
> QValue = QueryString['pageID'].value
> body = open(QValue, "r")
> for line in body.readlines():
> print "Content-Type: text/plain\n\n"
> print line
> body.close()
>
> print "Finished!"
>
> The line in the testtext file is of course "Hello World!" So clicking the
> Test link on the first webpage sends the querystring (filename of the text
> file) to the python cgi script, and the script translates the data and
> displays the following on a new web page:
>
> Hello World!
> Finished!
>
> So everything is groovy now and I can start developing my own website.
> Thank You all for your help.
>
> Thanks.
> SA
>
>
>
--
--------------------------------
n i n t i . c o m
php-python-perl-mysql-postgresql
--------------------------------
Michael Hall ninti at ninti.com
--------------------------------
More information about the Python-list
mailing list