[mod_python] psp import issue

maker joe makerjoe at gmail.com
Thu Jun 21 21:19:13 EDT 2007 

sure you convinced me

but why not ?
    for k in req.form:
        exec ("_"+k+"="+"req.form[k]")
        print k,_test
cheers


On 6/21/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote:
> On 22/06/07, Graham Dumpleton <graham.dumpleton at gmail.com> wrote:
> > > and
> > > req.form['varx']  by _varx
> >
> > Don't recommend pushing form fields in local name space as doesn't
> > make it as obvious that it is a form field and there would be a
> > tendency not to perform checks to make sure the field you are looking
> > for actually exists. Also, it will all possibly blow up if someone
> > supplied a field you weren't expecting which replaced some important
> > data or clashed with a keyword.
> >
> > If you really must do something like that though, you might adapt the
> > following code from mod_python.util.apply_fs_data(). Replace 'fs' with
> > req.form and replace args with locals().
> >
> >     # add form data to args
> >     for field in fs.list:
> >         if field.filename:
> >             val = field
> >         else:
> >             val = field.value
> >         args.setdefault(field.name, []).append(val)
> >
> >     # replace lists with single values
> >     for arg in args:
> >         if ((type(args[arg]) is ListType) and
> >             (len(args[arg]) == 1)):
> >             args[arg] = args[arg][0]
>
> BTW, if using publisher, a quicker way of doing this would be:
>
>   def func(req, arg1, args, **args):
>     locals().update(args)
>     ...
>
> As I said though, this is dangerous as someone outside your web site
> can directly modify data your function uses to execute or cause your
> handler to crash in bad ways.
>
> For example, with publisher function:
>
>   def index(req, **args):
>     locals().update(args)
>     req.content_type = 'text/plain'
>     return 'mod_python.publisher', req.filename
>
> If URL of:
>
>   http://localhost:8002/~grahamd/publisher/index.py?req=xxx
>
> is used, I get an error saying:
>
>   AttributeError: 'mp_request' object has no attribute 'append'
>
> This is because I was able to replace the request object argument with
> another value.
>
> Same problem will occur if using the longer example I showed before.
>
> Hopefully you will now be convinced this is a bad bad idea.
>
> Graham
>

More information about the Mod_python mailing list