[mod_python] Import Issues

Gregory (Grisha) Trubetskoy grisha at modpython.org
Sun Apr 6 16:28:48 EST 2003 

On Sun, 6 Apr 2003, Tommy !! wrote:

> Hi all,
>
> I achieved what I wanted by modifying publisher.py - obviously this is a bit
> dirty since it's handler-specific, but oh well - it works.
>
> Basically, I use the following code in publisher.py prior to calling the
> target python script itself (where 'path' is the path to the python script
> determined by publisher.py):
>
> if not path in sys.path:
>   sys.path.append( path )
>
> # ...
>
> while path in sys.path:
>   del sys.path[sys.path.index( path )]

Hm... Not sure I understand what this does, since the publisher already
does add the path, in fact it restricts it so that the module can only be
imported from that particular path.

> Another question - what's to stop a remote user from running any given
> method in an arbitrary python script within a directory when using the
> publisher handler?

If that directory is exposed to the web (i.e. is under DocumentRoot), then
nothing, you should be very careful about that. The publisher will not run
anything that beginc with an "_" so it's a good idea to name all internal
functions beginning with an underscore.

Grisha

More information about the Mod_python mailing list