An error when i switched from python v2.6.6 => v3.2.3

[nagia.retsina at gmail.com]

Τη Σάββατο, 9 Μαρτίου 2013 2:26:56 π.μ. UTC+2, ο χρήστης Ian έγραψε:
> On Fri, Mar 8, 2013 at 1:31 PM, Νίκος Γκρ33κ <nikos.gr33k at gmail.com> wrote:
> 
> > Thank you very much for pointing my flaws once again!
> 
> >
> 
> > I cant beleive how easy you hacked the webserver again and be able to read my cgi scripts source and write to cgi-bin too!
> 
> >
> 
> > I have added extra security by following some of your advice, i wonder if youc an hack it again!
> 
> >
> 
> > Fell free to try if i'am not tiring you please!
> 
> 
> 
> That seems to be better, although I want to stress that I did not try
> 
> very hard.  It's possible that somebody with more patience and
> 
> imagination than myself might still find a way to fool your
> 
> validation.

I'am glad the script has been made more secure after of course you enilghten me and i followed your advice. Here is what i did:


# detect how 'index.html' is called and validate values of 'htmlpage' & 'page'
if page and os.path.isfile( '/home/nikos/www/cgi-bin/' + page ):
	page = page
elif form.getvalue('show') and os.path.isfile( htmlpage ):
	page = htmlpage.replace( '/home/nikos/public_html/', '' )
else:
	page = 'index.html'

Now that you have the if structure's logic can you *still* fool the script?