|
Graham Dumpleton
graham.dumpleton at gmail.com
Tue May 22 19:48:42 EDT 2007
On 23/05/07, Greg Fawcett <greg at vig.co.nz> wrote: > try: > action=eval('module.'+actionName) > except: > apache.log_error('vfax.py could not find action "%s"'%(actionName)) > return apache.HTTP_NOT_FOUND For a start don't use eval(), it can be dangerous. Imagine someone constructing a URL which contain a sequence of Python commands in it. >>> import sys >>> import os >>> eval('sys.version and os.system("echo hi")') If calling functions use: if hasattr(module, actionName): object = getattr(modue, actionName) return object(req) else: return apache.HTTP_NOT_FOUND I'd suggest there are perhaps better ways of doing what you are doing, but don't have the time to go into it now and could also take a long time to explain how to do it properly and securely. More often than not, one is better off using a dispatcher written by someone else which has been used a lot and which is known not to have issues. That or at least look at others code and learn from it when making your own. :-) Graham
|