things traceback by default tracebacks usually go to

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: , "&amp;", "&gt" • cgi.parse_qs(string, keep_blank_values=0) – parse query string to dictionary {"foo": ["bar"], ...} • cgi.parse([file], ...) – ditto, takes query string from default locations • urllib.quote(s), urllib.unquote(s) .quote(s), urllib – convert between "~" and "%7e" (etc.) • urllib.urlencode(dict) – convert dictionary {"foo": "bar", ...} to query string "foo=bar&..." # note asymmetry with parse_qs() above CS 206 G. Dudek 126 Dealing with bugs • Things go wrong, you get a traceback... Things traceback • By default, tracebacks usually go to the server's usually error_log file… – I don't know here it is at SOCS. Sorry. • Printing a traceback to stdout is tricky Pr is – could happen before "Content-type" is printed – could happen in the middle of HTML markup – could contain markup itself • What's needed is a... CS 206 G. Dudek 127 Debugging framework import cgi import cgi def main(): print "Content-type: text/html\n" # Do this first try: import worker # module that does the real work except: print "<!-- --><hr><h1>Oops. An error occurred.</h1>" cgi.print_exception() # Prints traceback, safely cgi.print_exception() traceback main() CS 206 G. Dudek 128 Security notes • Watch out when passing fields to the shell – e.g. os.popen("finger %s" % form["user"].value) e.g. os – what if the value is "; cat /etc/passwd" ... • Solutions: – Quote: » user = pipes.quote(form["user"].value) – Refuse: » if not re.match(r"^\w+$", user): ...error... – Sanitize: » user = re.sub(r"\W", "", form["user"].value) CS 206 G. Dudek 129 Multi-step interactions • HTTP is "stateless" – Each page/web request is independent. – There is no natural notion of the next interaction or the last one. » When a request arrive...
View Full Document

This note was uploaded on 04/02/2013 for the course MATH 222 taught by Professor Karlpeterrussell during the Spring '08 term at McGill.

Ask a homework question - tutors are online