os.system with cgi
Matt Nordhoff
mnordhoff at mattnordhoff.com
Mon Mar 3 19:14:22 EST 2008
G wrote:
> Hi,
>
> I have the following peace of code
>
> def getBook(textid, path):
> url = geturl(textid)
> if os.path.isfile(path + textid):
> f = open(path + textid)
> else:
> os.system('wget -c ' + url + ' -O ' path + textid)
> f = open(path + textid)
> return f
>
> The reason I am not using urllib is that I want to have random access
> within the downloaded file.
>
> When i execute the file from a regular python script I get the file
> downloaded and a handle for the file returned.
> When I execute the file from a python cgi script i get an error saying
> that the file doesn't exist. In other words the call to os.system is not
> running.
> Could someone please point out what the problem with that peace of code
> running as a cgi script.
>
> Best.
Ew. You could at least use subprocess and not be vulnerable to someone
passing "; rm -rf ~; echo" or something as the path.
If you need random access like that, and urllib2 can't do it, you could
use urllib2 and a StringIO or temporary file or something.
Using wget makes it much harder to handle errors.
Heck, you could just read the file into a string and use slicing, if
it's not too large...
--
More information about the Python-list
mailing list