[mod_python] psp import issue

Graham Dumpleton graham.dumpleton at gmail.com
Thu Jun 21 20:57:23 EDT 2007

On 22/06/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote:
> > and
> > req.form['varx']  by _varx
> Don't recommend pushing form fields in local name space as doesn't
> make it as obvious that it is a form field and there would be a
> tendency not to perform checks to make sure the field you are looking
> for actually exists. Also, it will all possibly blow up if someone
> supplied a field you weren't expecting which replaced some important
> data or clashed with a keyword.
> If you really must do something like that though, you might adapt the
> following code from mod_python.util.apply_fs_data(). Replace 'fs' with
> req.form and replace args with locals().
>     # add form data to args
>     for field in fs.list:
>         if field.filename:
>             val = field
>         else:
>             val = field.value
>         args.setdefault(field.name, []).append(val)
>     # replace lists with single values
>     for arg in args:
>         if ((type(args[arg]) is ListType) and
>             (len(args[arg]) == 1)):
>             args[arg] = args[arg][0]

BTW, if using publisher, a quicker way of doing this would be:

  def func(req, arg1, args, **args):

As I said though, this is dangerous as someone outside your web site
can directly modify data your function uses to execute or cause your
handler to crash in bad ways.

For example, with publisher function:

  def index(req, **args):
    req.content_type = 'text/plain'
    return 'mod_python.publisher', req.filename

If URL of:


is used, I get an error saying:

  AttributeError: 'mp_request' object has no attribute 'append'

This is because I was able to replace the request object argument with
another value.

Same problem will occur if using the longer example I showed before.

Hopefully you will now be convinced this is a bad bad idea.


More information about the Mod_python mailing list