source: python/trunk/Lib/cgi.py@ 606

Last change on this file since 606 was 391, checked in by dmik, 11 years ago

python: Merge vendor 2.7.6 to trunk.
  • Property svn:eol-style set to native
File size: 34.0 KB
Line 
1#!/usr/bin/python
2
3# NOTE: the above "/usr/local/bin/python" is NOT a mistake. It is
4# intentionally NOT "/usr/bin/env python". On many systems
5# (e.g. Solaris), /usr/local/bin is not in $PATH as passed to CGI
6# scripts, and /usr/local/bin is the default directory where Python is
7# installed, so /usr/bin/env would be unable to find python. Granted,
8# binary installations by Linux vendors often install Python in
9# /usr/bin. So let those vendors patch cgi.py to match their choice
10# of installation.
11
12"""Support module for CGI (Common Gateway Interface) scripts.
13
14This module defines a number of utilities for use by CGI scripts
15written in Python.
16"""
17
18# XXX Perhaps there should be a slimmed version that doesn't contain
19# all those backwards compatible and debugging classes and functions?
20
21# History
22# -------
23#
24# Michael McLay started this module. Steve Majewski changed the
25# interface to SvFormContentDict and FormContentDict. The multipart
26# parsing was inspired by code submitted by Andreas Paepcke. Guido van
27# Rossum rewrote, reformatted and documented the module and is currently
28# responsible for its maintenance.
29#
30
31__version__ = "2.6"
32
33
34# Imports
35# =======
36
37from operator import attrgetter
38import sys
39import os
40import UserDict
41import urlparse
42
43from warnings import filterwarnings, catch_warnings, warn
44with catch_warnings():
45 if sys.py3kwarning:
46 filterwarnings("ignore", ".*mimetools has been removed",
47 DeprecationWarning)
48 filterwarnings("ignore", ".*rfc822 has been removed",
49 DeprecationWarning)
50 import mimetools
51 import rfc822
52
53try:
54 from cStringIO import StringIO
55except ImportError:
56 from StringIO import StringIO
57
58__all__ = ["MiniFieldStorage", "FieldStorage", "FormContentDict",
59 "SvFormContentDict", "InterpFormContentDict", "FormContent",
60 "parse", "parse_qs", "parse_qsl", "parse_multipart",
61 "parse_header", "print_exception", "print_environ",
62 "print_form", "print_directory", "print_arguments",
63 "print_environ_usage", "escape"]
64
65# Logging support
66# ===============
67
68logfile = "" # Filename to log to, if not empty
69logfp = None # File object to log to, if not None
70
71def initlog(*allargs):
72 """Write a log message, if there is a log file.
73
74 Even though this function is called initlog(), you should always
75 use log(); log is a variable that is set either to initlog
76 (initially), to dolog (once the log file has been opened), or to
77 nolog (when logging is disabled).
78
79 The first argument is a format string; the remaining arguments (if
80 any) are arguments to the % operator, so e.g.
81 log("%s: %s", "a", "b")
82 will write "a: b" to the log file, followed by a newline.
83
84 If the global logfp is not None, it should be a file object to
85 which log data is written.
86
87 If the global logfp is None, the global logfile may be a string
88 giving a filename to open, in append mode. This file should be
89 world writable!!! If the file can't be opened, logging is
90 silently disabled (since there is no safe place where we could
91 send an error message).
92
93 """
94 global logfp, log
95 if logfile and not logfp:
96 try:
97 logfp = open(logfile, "a")
98 except IOError:
99 pass
100 if not logfp:
101 log = nolog
102 else:
103 log = dolog
104 log(*allargs)
105
106def dolog(fmt, *args):
107 """Write a log message to the log file. See initlog() for docs."""
108 logfp.write(fmt%args + "\n")
109
110def nolog(*allargs):
111 """Dummy function, assigned to log when logging is disabled."""
112 pass
113
114log = initlog # The current logging function
115
116
117# Parsing functions
118# =================
119
120# Maximum input we will accept when REQUEST_METHOD is POST
121# 0 ==> unlimited input
122maxlen = 0
123
124def parse(fp=None, environ=os.environ, keep_blank_values=0, strict_parsing=0):
125 """Parse a query in the environment or from a file (default stdin)
126
127 Arguments, all optional:
128
129 fp : file pointer; default: sys.stdin
130
131 environ : environment dictionary; default: os.environ
132
133 keep_blank_values: flag indicating whether blank values in
134 percent-encoded forms should be treated as blank strings.
135 A true value indicates that blanks should be retained as
136 blank strings. The default false value indicates that
137 blank values are to be ignored and treated as if they were
138 not included.
139
140 strict_parsing: flag indicating what to do with parsing errors.
141 If false (the default), errors are silently ignored.
142 If true, errors raise a ValueError exception.
143 """
144 if fp is None:
145 fp = sys.stdin
146 if not 'REQUEST_METHOD' in environ:
147 environ['REQUEST_METHOD'] = 'GET' # For testing stand-alone
148 if environ['REQUEST_METHOD'] == 'POST':
149 ctype, pdict = parse_header(environ['CONTENT_TYPE'])
150 if ctype == 'multipart/form-data':
151 return parse_multipart(fp, pdict)
152 elif ctype == 'application/x-www-form-urlencoded':
153 clength = int(environ['CONTENT_LENGTH'])
154 if maxlen and clength > maxlen:
155 raise ValueError, 'Maximum content length exceeded'
156 qs = fp.read(clength)
157 else:
158 qs = '' # Unknown content-type
159 if 'QUERY_STRING' in environ:
160 if qs: qs = qs + '&'
161 qs = qs + environ['QUERY_STRING']
162 elif sys.argv[1:]:
163 if qs: qs = qs + '&'
164 qs = qs + sys.argv[1]
165 environ['QUERY_STRING'] = qs # XXX Shouldn't, really
166 elif 'QUERY_STRING' in environ:
167 qs = environ['QUERY_STRING']
168 else:
169 if sys.argv[1:]:
170 qs = sys.argv[1]
171 else:
172 qs = ""
173 environ['QUERY_STRING'] = qs # XXX Shouldn't, really
174 return urlparse.parse_qs(qs, keep_blank_values, strict_parsing)
175
176
177# parse query string function called from urlparse,
178# this is done in order to maintain backward compatiblity.
179
180def parse_qs(qs, keep_blank_values=0, strict_parsing=0):
181 """Parse a query given as a string argument."""
182 warn("cgi.parse_qs is deprecated, use urlparse.parse_qs instead",
183 PendingDeprecationWarning, 2)
184 return urlparse.parse_qs(qs, keep_blank_values, strict_parsing)
185
186
187def parse_qsl(qs, keep_blank_values=0, strict_parsing=0):
188 """Parse a query given as a string argument."""
189 warn("cgi.parse_qsl is deprecated, use urlparse.parse_qsl instead",
190 PendingDeprecationWarning, 2)
191 return urlparse.parse_qsl(qs, keep_blank_values, strict_parsing)
192
193def parse_multipart(fp, pdict):
194 """Parse multipart input.
195
196 Arguments:
197 fp : input file
198 pdict: dictionary containing other parameters of content-type header
199
200 Returns a dictionary just like parse_qs(): keys are the field names, each
201 value is a list of values for that field. This is easy to use but not
202 much good if you are expecting megabytes to be uploaded -- in that case,
203 use the FieldStorage class instead which is much more flexible. Note
204 that content-type is the raw, unparsed contents of the content-type
205 header.
206
207 XXX This does not parse nested multipart parts -- use FieldStorage for
208 that.
209
210 XXX This should really be subsumed by FieldStorage altogether -- no
211 point in having two implementations of the same parsing algorithm.
212 Also, FieldStorage protects itself better against certain DoS attacks
213 by limiting the size of the data read in one chunk. The API here
214 does not support that kind of protection. This also affects parse()
215 since it can call parse_multipart().
216
217 """
218 boundary = ""
219 if 'boundary' in pdict:
220 boundary = pdict['boundary']
221 if not valid_boundary(boundary):
222 raise ValueError, ('Invalid boundary in multipart form: %r'
223 % (boundary,))
224
225 nextpart = "--" + boundary
226 lastpart = "--" + boundary + "--"
227 partdict = {}
228 terminator = ""
229
230 while terminator != lastpart:
231 bytes = -1
232 data = None
233 if terminator:
234 # At start of next part. Read headers first.
235 headers = mimetools.Message(fp)
236 clength = headers.getheader('content-length')
237 if clength:
238 try:
239 bytes = int(clength)
240 except ValueError:
241 pass
242 if bytes > 0:
243 if maxlen and bytes > maxlen:
244 raise ValueError, 'Maximum content length exceeded'
245 data = fp.read(bytes)
246 else:
247 data = ""
248 # Read lines until end of part.
249 lines = []
250 while 1:
251 line = fp.readline()
252 if not line:
253 terminator = lastpart # End outer loop
254 break
255 if line[:2] == "--":
256 terminator = line.strip()
257 if terminator in (nextpart, lastpart):
258 break
259 lines.append(line)
260 # Done with part.
261 if data is None:
262 continue
263 if bytes < 0:
264 if lines:
265 # Strip final line terminator
266 line = lines[-1]
267 if line[-2:] == "\r\n":
268 line = line[:-2]
269 elif line[-1:] == "\n":
270 line = line[:-1]
271 lines[-1] = line
272 data = "".join(lines)
273 line = headers['content-disposition']
274 if not line:
275 continue
276 key, params = parse_header(line)
277 if key != 'form-data':
278 continue
279 if 'name' in params:
280 name = params['name']
281 else:
282 continue
283 if name in partdict:
284 partdict[name].append(data)
285 else:
286 partdict[name] = [data]
287
288 return partdict
289
290
291def _parseparam(s):
292 while s[:1] == ';':
293 s = s[1:]
294 end = s.find(';')
295 while end > 0 and (s.count('"', 0, end) - s.count('\\"', 0, end)) % 2:
296 end = s.find(';', end + 1)
297 if end < 0:
298 end = len(s)
299 f = s[:end]
300 yield f.strip()
301 s = s[end:]
302
303def parse_header(line):
304 """Parse a Content-type like header.
305
306 Return the main content-type and a dictionary of options.
307
308 """
309 parts = _parseparam(';' + line)
310 key = parts.next()
311 pdict = {}
312 for p in parts:
313 i = p.find('=')
314 if i >= 0:
315 name = p[:i].strip().lower()
316 value = p[i+1:].strip()
317 if len(value) >= 2 and value[0] == value[-1] == '"':
318 value = value[1:-1]
319 value = value.replace('\\\\', '\\').replace('\\"', '"')
320 pdict[name] = value
321 return key, pdict
322
323
324# Classes for field storage
325# =========================
326
327class MiniFieldStorage:
328
329 """Like FieldStorage, for use when no file uploads are possible."""
330
331 # Dummy attributes
332 filename = None
333 list = None
334 type = None
335 file = None
336 type_options = {}
337 disposition = None
338 disposition_options = {}
339 headers = {}
340
341 def __init__(self, name, value):
342 """Constructor from field name and value."""
343 self.name = name
344 self.value = value
345 # self.file = StringIO(value)
346
347 def __repr__(self):
348 """Return printable representation."""
349 return "MiniFieldStorage(%r, %r)" % (self.name, self.value)
350
351
352class FieldStorage:
353
354 """Store a sequence of fields, reading multipart/form-data.
355
356 This class provides naming, typing, files stored on disk, and
357 more. At the top level, it is accessible like a dictionary, whose
358 keys are the field names. (Note: None can occur as a field name.)
359 The items are either a Python list (if there's multiple values) or
360 another FieldStorage or MiniFieldStorage object. If it's a single
361 object, it has the following attributes:
362
363 name: the field name, if specified; otherwise None
364
365 filename: the filename, if specified; otherwise None; this is the
366 client side filename, *not* the file name on which it is
367 stored (that's a temporary file you don't deal with)
368
369 value: the value as a *string*; for file uploads, this
370 transparently reads the file every time you request the value
371
372 file: the file(-like) object from which you can read the data;
373 None if the data is stored a simple string
374
375 type: the content-type, or None if not specified
376
377 type_options: dictionary of options specified on the content-type
378 line
379
380 disposition: content-disposition, or None if not specified
381
382 disposition_options: dictionary of corresponding options
383
384 headers: a dictionary(-like) object (sometimes rfc822.Message or a
385 subclass thereof) containing *all* headers
386
387 The class is subclassable, mostly for the purpose of overriding
388 the make_file() method, which is called internally to come up with
389 a file open for reading and writing. This makes it possible to
390 override the default choice of storing all files in a temporary
391 directory and unlinking them as soon as they have been opened.
392
393 """
394
395 def __init__(self, fp=None, headers=None, outerboundary="",
396 environ=os.environ, keep_blank_values=0, strict_parsing=0):
397 """Constructor. Read multipart/* until last part.
398
399 Arguments, all optional:
400
401 fp : file pointer; default: sys.stdin
402 (not used when the request method is GET)
403
404 headers : header dictionary-like object; default:
405 taken from environ as per CGI spec
406
407 outerboundary : terminating multipart boundary
408 (for internal use only)
409
410 environ : environment dictionary; default: os.environ
411
412 keep_blank_values: flag indicating whether blank values in
413 percent-encoded forms should be treated as blank strings.
414 A true value indicates that blanks should be retained as
415 blank strings. The default false value indicates that
416 blank values are to be ignored and treated as if they were
417 not included.
418
419 strict_parsing: flag indicating what to do with parsing errors.
420 If false (the default), errors are silently ignored.
421 If true, errors raise a ValueError exception.
422
423 """
424 method = 'GET'
425 self.keep_blank_values = keep_blank_values
426 self.strict_parsing = strict_parsing
427 if 'REQUEST_METHOD' in environ:
428 method = environ['REQUEST_METHOD'].upper()
429 self.qs_on_post = None
430 if method == 'GET' or method == 'HEAD':
431 if 'QUERY_STRING' in environ:
432 qs = environ['QUERY_STRING']
433 elif sys.argv[1:]:
434 qs = sys.argv[1]
435 else:
436 qs = ""
437 fp = StringIO(qs)
438 if headers is None:
439 headers = {'content-type':
440 "application/x-www-form-urlencoded"}
441 if headers is None:
442 headers = {}
443 if method == 'POST':
444 # Set default content-type for POST to what's traditional
445 headers['content-type'] = "application/x-www-form-urlencoded"
446 if 'CONTENT_TYPE' in environ:
447 headers['content-type'] = environ['CONTENT_TYPE']
448 if 'QUERY_STRING' in environ:
449 self.qs_on_post = environ['QUERY_STRING']
450 if 'CONTENT_LENGTH' in environ:
451 headers['content-length'] = environ['CONTENT_LENGTH']
452 self.fp = fp or sys.stdin
453 self.headers = headers
454 self.outerboundary = outerboundary
455
456 # Process content-disposition header
457 cdisp, pdict = "", {}
458 if 'content-disposition' in self.headers:
459 cdisp, pdict = parse_header(self.headers['content-disposition'])
460 self.disposition = cdisp
461 self.disposition_options = pdict
462 self.name = None
463 if 'name' in pdict:
464 self.name = pdict['name']
465 self.filename = None
466 if 'filename' in pdict:
467 self.filename = pdict['filename']
468
469 # Process content-type header
470 #
471 # Honor any existing content-type header. But if there is no
472 # content-type header, use some sensible defaults. Assume
473 # outerboundary is "" at the outer level, but something non-false
474 # inside a multi-part. The default for an inner part is text/plain,
475 # but for an outer part it should be urlencoded. This should catch
476 # bogus clients which erroneously forget to include a content-type
477 # header.
478 #
479 # See below for what we do if there does exist a content-type header,
480 # but it happens to be something we don't understand.
481 if 'content-type' in self.headers:
482 ctype, pdict = parse_header(self.headers['content-type'])
483 elif self.outerboundary or method != 'POST':
484 ctype, pdict = "text/plain", {}
485 else:
486 ctype, pdict = 'application/x-www-form-urlencoded', {}
487 self.type = ctype
488 self.type_options = pdict
489 self.innerboundary = ""
490 if 'boundary' in pdict:
491 self.innerboundary = pdict['boundary']
492 clen = -1
493 if 'content-length' in self.headers:
494 try:
495 clen = int(self.headers['content-length'])
496 except ValueError:
497 pass
498 if maxlen and clen > maxlen:
499 raise ValueError, 'Maximum content length exceeded'
500 self.length = clen
501
502 self.list = self.file = None
503 self.done = 0
504 if ctype == 'application/x-www-form-urlencoded':
505 self.read_urlencoded()
506 elif ctype[:10] == 'multipart/':
507 self.read_multi(environ, keep_blank_values, strict_parsing)
508 else:
509 self.read_single()
510
511 def __repr__(self):
512 """Return a printable representation."""
513 return "FieldStorage(%r, %r, %r)" % (
514 self.name, self.filename, self.value)
515
516 def __iter__(self):
517 return iter(self.keys())
518
519 def __getattr__(self, name):
520 if name != 'value':
521 raise AttributeError, name
522 if self.file:
523 self.file.seek(0)
524 value = self.file.read()
525 self.file.seek(0)
526 elif self.list is not None:
527 value = self.list
528 else:
529 value = None
530 return value
531
532 def __getitem__(self, key):
533 """Dictionary style indexing."""
534 if self.list is None:
535 raise TypeError, "not indexable"
536 found = []
537 for item in self.list:
538 if item.name == key: found.append(item)
539 if not found:
540 raise KeyError, key
541 if len(found) == 1:
542 return found[0]
543 else:
544 return found
545
546 def getvalue(self, key, default=None):
547 """Dictionary style get() method, including 'value' lookup."""
548 if key in self:
549 value = self[key]
550 if type(value) is type([]):
551 return map(attrgetter('value'), value)
552 else:
553 return value.value
554 else:
555 return default
556
557 def getfirst(self, key, default=None):
558 """ Return the first value received."""
559 if key in self:
560 value = self[key]
561 if type(value) is type([]):
562 return value[0].value
563 else:
564 return value.value
565 else:
566 return default
567
568 def getlist(self, key):
569 """ Return list of received values."""
570 if key in self:
571 value = self[key]
572 if type(value) is type([]):
573 return map(attrgetter('value'), value)
574 else:
575 return [value.value]
576 else:
577 return []
578
579 def keys(self):
580 """Dictionary style keys() method."""
581 if self.list is None:
582 raise TypeError, "not indexable"
583 return list(set(item.name for item in self.list))
584
585 def has_key(self, key):
586 """Dictionary style has_key() method."""
587 if self.list is None:
588 raise TypeError, "not indexable"
589 return any(item.name == key for item in self.list)
590
591 def __contains__(self, key):
592 """Dictionary style __contains__ method."""
593 if self.list is None:
594 raise TypeError, "not indexable"
595 return any(item.name == key for item in self.list)
596
597 def __len__(self):
598 """Dictionary style len(x) support."""
599 return len(self.keys())
600
601 def __nonzero__(self):
602 return bool(self.list)
603
604 def read_urlencoded(self):
605 """Internal: read data in query string format."""
606 qs = self.fp.read(self.length)
607 if self.qs_on_post:
608 qs += '&' + self.qs_on_post
609 self.list = list = []
610 for key, value in urlparse.parse_qsl(qs, self.keep_blank_values,
611 self.strict_parsing):
612 list.append(MiniFieldStorage(key, value))
613 self.skip_lines()
614
615 FieldStorageClass = None
616
617 def read_multi(self, environ, keep_blank_values, strict_parsing):
618 """Internal: read a part that is itself multipart."""
619 ib = self.innerboundary
620 if not valid_boundary(ib):
621 raise ValueError, 'Invalid boundary in multipart form: %r' % (ib,)
622 self.list = []
623 if self.qs_on_post:
624 for key, value in urlparse.parse_qsl(self.qs_on_post,
625 self.keep_blank_values, self.strict_parsing):
626 self.list.append(MiniFieldStorage(key, value))
627 FieldStorageClass = None
628
629 klass = self.FieldStorageClass or self.__class__
630 part = klass(self.fp, {}, ib,
631 environ, keep_blank_values, strict_parsing)
632 # Throw first part away
633 while not part.done:
634 headers = rfc822.Message(self.fp)
635 part = klass(self.fp, headers, ib,
636 environ, keep_blank_values, strict_parsing)
637 self.list.append(part)
638 self.skip_lines()
639
640 def read_single(self):
641 """Internal: read an atomic part."""
642 if self.length >= 0:
643 self.read_binary()
644 self.skip_lines()
645 else:
646 self.read_lines()
647 self.file.seek(0)
648
649 bufsize = 8*1024 # I/O buffering size for copy to file
650
651 def read_binary(self):
652 """Internal: read binary data."""
653 self.file = self.make_file('b')
654 todo = self.length
655 if todo >= 0:
656 while todo > 0:
657 data = self.fp.read(min(todo, self.bufsize))
658 if not data:
659 self.done = -1
660 break
661 self.file.write(data)
662 todo = todo - len(data)
663
664 def read_lines(self):
665 """Internal: read lines until EOF or outerboundary."""
666 self.file = self.__file = StringIO()
667 if self.outerboundary:
668 self.read_lines_to_outerboundary()
669 else:
670 self.read_lines_to_eof()
671
672 def __write(self, line):
673 if self.__file is not None:
674 if self.__file.tell() + len(line) > 1000:
675 self.file = self.make_file('')
676 self.file.write(self.__file.getvalue())
677 self.__file = None
678 self.file.write(line)
679
680 def read_lines_to_eof(self):
681 """Internal: read lines until EOF."""
682 while 1:
683 line = self.fp.readline(1<<16)
684 if not line:
685 self.done = -1
686 break
687 self.__write(line)
688
689 def read_lines_to_outerboundary(self):
690 """Internal: read lines until outerboundary."""
691 next = "--" + self.outerboundary
692 last = next + "--"
693 delim = ""
694 last_line_lfend = True
695 while 1:
696 line = self.fp.readline(1<<16)
697 if not line:
698 self.done = -1
699 break
700 if delim == "\r":
701 line = delim + line
702 delim = ""
703 if line[:2] == "--" and last_line_lfend:
704 strippedline = line.strip()
705 if strippedline == next:
706 break
707 if strippedline == last:
708 self.done = 1
709 break
710 odelim = delim
711 if line[-2:] == "\r\n":
712 delim = "\r\n"
713 line = line[:-2]
714 last_line_lfend = True
715 elif line[-1] == "\n":
716 delim = "\n"
717 line = line[:-1]
718 last_line_lfend = True
719 elif line[-1] == "\r":
720 # We may interrupt \r\n sequences if they span the 2**16
721 # byte boundary
722 delim = "\r"
723 line = line[:-1]
724 last_line_lfend = False
725 else:
726 delim = ""
727 last_line_lfend = False
728 self.__write(odelim + line)
729
730 def skip_lines(self):
731 """Internal: skip lines until outer boundary if defined."""
732 if not self.outerboundary or self.done:
733 return
734 next = "--" + self.outerboundary
735 last = next + "--"
736 last_line_lfend = True
737 while 1:
738 line = self.fp.readline(1<<16)
739 if not line:
740 self.done = -1
741 break
742 if line[:2] == "--" and last_line_lfend:
743 strippedline = line.strip()
744 if strippedline == next:
745 break
746 if strippedline == last:
747 self.done = 1
748 break
749 last_line_lfend = line.endswith('\n')
750
751 def make_file(self, binary=None):
752 """Overridable: return a readable & writable file.
753
754 The file will be used as follows:
755 - data is written to it
756 - seek(0)
757 - data is read from it
758
759 The 'binary' argument is unused -- the file is always opened
760 in binary mode.
761
762 This version opens a temporary file for reading and writing,
763 and immediately deletes (unlinks) it. The trick (on Unix!) is
764 that the file can still be used, but it can't be opened by
765 another process, and it will automatically be deleted when it
766 is closed or when the current process terminates.
767
768 If you want a more permanent file, you derive a class which
769 overrides this method. If you want a visible temporary file
770 that is nevertheless automatically deleted when the script
771 terminates, try defining a __del__ method in a derived class
772 which unlinks the temporary files you have created.
773
774 """
775 import tempfile
776 return tempfile.TemporaryFile("w+b")
777
778
779
780# Backwards Compatibility Classes
781# ===============================
782
783class FormContentDict(UserDict.UserDict):
784 """Form content as dictionary with a list of values per field.
785
786 form = FormContentDict()
787
788 form[key] -> [value, value, ...]
789 key in form -> Boolean
790 form.keys() -> [key, key, ...]
791 form.values() -> [[val, val, ...], [val, val, ...], ...]
792 form.items() -> [(key, [val, val, ...]), (key, [val, val, ...]), ...]
793 form.dict == {key: [val, val, ...], ...}
794
795 """
796 def __init__(self, environ=os.environ, keep_blank_values=0, strict_parsing=0):
797 self.dict = self.data = parse(environ=environ,
798 keep_blank_values=keep_blank_values,
799 strict_parsing=strict_parsing)
800 self.query_string = environ['QUERY_STRING']
801
802
803class SvFormContentDict(FormContentDict):
804 """Form content as dictionary expecting a single value per field.
805
806 If you only expect a single value for each field, then form[key]
807 will return that single value. It will raise an IndexError if
808 that expectation is not true. If you expect a field to have
809 possible multiple values, than you can use form.getlist(key) to
810 get all of the values. values() and items() are a compromise:
811 they return single strings where there is a single value, and
812 lists of strings otherwise.
813
814 """
815 def __getitem__(self, key):
816 if len(self.dict[key]) > 1:
817 raise IndexError, 'expecting a single value'
818 return self.dict[key][0]
819 def getlist(self, key):
820 return self.dict[key]
821 def values(self):
822 result = []
823 for value in self.dict.values():
824 if len(value) == 1:
825 result.append(value[0])
826 else: result.append(value)
827 return result
828 def items(self):
829 result = []
830 for key, value in self.dict.items():
831 if len(value) == 1:
832 result.append((key, value[0]))
833 else: result.append((key, value))
834 return result
835
836
837class InterpFormContentDict(SvFormContentDict):
838 """This class is present for backwards compatibility only."""
839 def __getitem__(self, key):
840 v = SvFormContentDict.__getitem__(self, key)
841 if v[0] in '0123456789+-.':
842 try: return int(v)
843 except ValueError:
844 try: return float(v)
845 except ValueError: pass
846 return v.strip()
847 def values(self):
848 result = []
849 for key in self.keys():
850 try:
851 result.append(self[key])
852 except IndexError:
853 result.append(self.dict[key])
854 return result
855 def items(self):
856 result = []
857 for key in self.keys():
858 try:
859 result.append((key, self[key]))
860 except IndexError:
861 result.append((key, self.dict[key]))
862 return result
863
864
865class FormContent(FormContentDict):
866 """This class is present for backwards compatibility only."""
867 def values(self, key):
868 if key in self.dict :return self.dict[key]
869 else: return None
870 def indexed_value(self, key, location):
871 if key in self.dict:
872 if len(self.dict[key]) > location:
873 return self.dict[key][location]
874 else: return None
875 else: return None
876 def value(self, key):
877 if key in self.dict: return self.dict[key][0]
878 else: return None
879 def length(self, key):
880 return len(self.dict[key])
881 def stripped(self, key):
882 if key in self.dict: return self.dict[key][0].strip()
883 else: return None
884 def pars(self):
885 return self.dict
886
887
888# Test/debug code
889# ===============
890
891def test(environ=os.environ):
892 """Robust test CGI script, usable as main program.
893
894 Write minimal HTTP headers and dump all information provided to
895 the script in HTML form.
896
897 """
898 print "Content-type: text/html"
899 print
900 sys.stderr = sys.stdout
901 try:
902 form = FieldStorage() # Replace with other classes to test those
903 print_directory()
904 print_arguments()
905 print_form(form)
906 print_environ(environ)
907 print_environ_usage()
908 def f():
909 exec "testing print_exception() -- <I>italics?</I>"
910 def g(f=f):
911 f()
912 print "<H3>What follows is a test, not an actual exception:</H3>"
913 g()
914 except:
915 print_exception()
916
917 print "<H1>Second try with a small maxlen...</H1>"
918
919 global maxlen
920 maxlen = 50
921 try:
922 form = FieldStorage() # Replace with other classes to test those
923 print_directory()
924 print_arguments()
925 print_form(form)
926 print_environ(environ)
927 except:
928 print_exception()
929
930def print_exception(type=None, value=None, tb=None, limit=None):
931 if type is None:
932 type, value, tb = sys.exc_info()
933 import traceback
934 print
935 print "<H3>Traceback (most recent call last):</H3>"
936 list = traceback.format_tb(tb, limit) + \
937 traceback.format_exception_only(type, value)
938 print "<PRE>%s<B>%s</B></PRE>" % (
939 escape("".join(list[:-1])),
940 escape(list[-1]),
941 )
942 del tb
943
944def print_environ(environ=os.environ):
945 """Dump the shell environment as HTML."""
946 keys = environ.keys()
947 keys.sort()
948 print
949 print "<H3>Shell Environment:</H3>"
950 print "<DL>"
951 for key in keys:
952 print "<DT>", escape(key), "<DD>", escape(environ[key])
953 print "</DL>"
954 print
955
956def print_form(form):
957 """Dump the contents of a form as HTML."""
958 keys = form.keys()
959 keys.sort()
960 print
961 print "<H3>Form Contents:</H3>"
962 if not keys:
963 print "<P>No form fields."
964 print "<DL>"
965 for key in keys:
966 print "<DT>" + escape(key) + ":",
967 value = form[key]
968 print "<i>" + escape(repr(type(value))) + "</i>"
969 print "<DD>" + escape(repr(value))
970 print "</DL>"
971 print
972
973def print_directory():
974 """Dump the current directory as HTML."""
975 print
976 print "<H3>Current Working Directory:</H3>"
977 try:
978 pwd = os.getcwd()
979 except os.error, msg:
980 print "os.error:", escape(str(msg))
981 else:
982 print escape(pwd)
983 print
984
985def print_arguments():
986 print
987 print "<H3>Command Line Arguments:</H3>"
988 print
989 print sys.argv
990 print
991
992def print_environ_usage():
993 """Dump a list of environment variables used by CGI as HTML."""
994 print """
995<H3>These environment variables could have been set:</H3>
996<UL>
997<LI>AUTH_TYPE
998<LI>CONTENT_LENGTH
999<LI>CONTENT_TYPE
1000<LI>DATE_GMT
1001<LI>DATE_LOCAL
1002<LI>DOCUMENT_NAME
1003<LI>DOCUMENT_ROOT
1004<LI>DOCUMENT_URI
1005<LI>GATEWAY_INTERFACE
1006<LI>LAST_MODIFIED
1007<LI>PATH
1008<LI>PATH_INFO
1009<LI>PATH_TRANSLATED
1010<LI>QUERY_STRING
1011<LI>REMOTE_ADDR
1012<LI>REMOTE_HOST
1013<LI>REMOTE_IDENT
1014<LI>REMOTE_USER
1015<LI>REQUEST_METHOD
1016<LI>SCRIPT_NAME
1017<LI>SERVER_NAME
1018<LI>SERVER_PORT
1019<LI>SERVER_PROTOCOL
1020<LI>SERVER_ROOT
1021<LI>SERVER_SOFTWARE
1022</UL>
1023In addition, HTTP headers sent by the server may be passed in the
1024environment as well. Here are some common variable names:
1025<UL>
1026<LI>HTTP_ACCEPT
1027<LI>HTTP_CONNECTION
1028<LI>HTTP_HOST
1029<LI>HTTP_PRAGMA
1030<LI>HTTP_REFERER
1031<LI>HTTP_USER_AGENT
1032</UL>
1033"""
1034
1035
1036# Utilities
1037# =========
1038
1039def escape(s, quote=None):
1040 '''Replace special characters "&", "<" and ">" to HTML-safe sequences.
1041 If the optional flag quote is true, the quotation mark character (")
1042 is also translated.'''
1043 s = s.replace("&", "&amp;") # Must be done first!
1044 s = s.replace("<", "&lt;")
1045 s = s.replace(">", "&gt;")
1046 if quote:
1047 s = s.replace('"', "&quot;")
1048 return s
1049
1050def valid_boundary(s, _vb_pattern="^[ -~]{0,200}[!-~]$"):
1051 import re
1052 return re.match(_vb_pattern, s)
1053
1054# Invoke mainline
1055# ===============
1056
1057# Call test() when this file is run as a script (not imported as a module)
1058if __name__ == '__main__':
1059 test()
Note: See TracBrowser for help on using the repository browser.