cpython/Lib/cgi.py

304 lines
9.0 KiB
Python
Raw Normal View History

1995-01-12 12:29:47 +00:00
#!/usr/local/bin/python
1995-09-18 21:52:37 +00:00
# XXX TODO
# - proper doc strings instead of this rambling dialogue style
# - more utilities, e.g.
# - print_header(type="test/html", blankline=1) -- print MIME header
# - utility to format a nice error message in HTML
# - utility to format a Location: ... response, including HTML
# - utility to catch errors and display traceback
1995-01-12 12:29:47 +00:00
#
# A class for wrapping the WWW Forms Common Gateway Interface (CGI)
# Michael McLay, NIST mclay@eeel.nist.gov 6/14/94
#
# modified by Steve Majewski <sdm7g@Virginia.EDU> 12/5/94
#
1995-08-07 20:12:09 +00:00
# now maintained as part of the Python distribution
1995-01-12 12:29:47 +00:00
# Several classes to parse the name/value pairs that are passed to
# a server's CGI by GET, POST or PUT methods by a WWW FORM. This
# module is based on Mike McLay's original cgi.py after discussing
# changes with him and others on the comp.lang.python newsgroup, and
# at the NIST Python workshop.
#
# The rationale for changes was:
# The original FormContent class was almost, but not quite like
# a dictionary object. Besides adding some extra access methods,
# it had a values() method with different arguments and semantics
# from the standard values() method of a mapping object. Also,
# it provided several different access methods that may be necessary
# or useful, but made it a little more confusing to figure out how
# to use. Also, we wanted to make the most typical cases the simplest
# and most convenient access methods. ( Most form fields just return
# a single value, and in practice, a lot of code was just assuming
# a single value and ignoring all others. On the other hand, the
# protocol allows multiple values to be returned.
#
# The new base class (FormContentDict) is just like a dictionary.
# In fact, if you just want a dictionary, all of the stuff that was
# in __init__ has been extracted into a cgi.parse() function that will
# return the "raw" dictionary, but having a class allows you to customize
# it further.
# Mike McLay's original FormContent class is reimplemented as a
# subclass of FormContentDict.
# There are two additional sub-classes, but I'm not yet too sure
# whether they are what I want.
#
import string,regsub,sys,os,urllib
# since os.environ may often be used in cgi code, we name it in this module.
from os import environ
def parse():
1995-08-07 20:12:09 +00:00
"""Parse the query passed in the environment or on stdin"""
1995-01-12 12:29:47 +00:00
if environ['REQUEST_METHOD'] == 'POST':
qs = sys.stdin.read(string.atoi(environ['CONTENT_LENGTH']))
environ['QUERY_STRING'] = qs
1995-09-18 21:52:37 +00:00
elif environ.has_key('QUERY_STRING'):
1995-01-12 12:29:47 +00:00
qs = environ['QUERY_STRING']
1995-09-18 21:52:37 +00:00
else:
environ['QUERY_STRING'] = qs = ''
1995-08-07 20:12:09 +00:00
return parse_qs(qs)
def parse_qs(qs):
"""Parse a query given as a string argument"""
1995-01-12 12:29:47 +00:00
name_value_pairs = string.splitfields(qs, '&')
dict = {}
for name_value in name_value_pairs:
nv = string.splitfields(name_value, '=')
if len(nv) != 2:
continue
name = nv[0]
value = urllib.unquote(regsub.gsub('+',' ',nv[1]))
if len(value):
if dict.has_key (name):
dict[name].append(value)
else:
dict[name] = [value]
return dict
# The FormContent constructor creates a dictionary from the name/value pairs
# passed through the CGI interface.
#
# form['key']
# form.__getitem__('key')
# form.has_key('key')
# form.keys()
# form.values()
# form.items()
# form.dict
class FormContentDict:
def __init__( self ):
self.dict = parse()
self.query_string = environ['QUERY_STRING']
def __getitem__(self,key):
return self.dict[key]
def keys(self):
return self.dict.keys()
def has_key(self, key):
return self.dict.has_key(key)
def values(self):
return self.dict.values()
def items(self):
return self.dict.items()
def __len__( self ):
return len(self.dict)
# This is the "strict" single-value expecting version.
# IF you only expect a single value for each field, then form[key]
# will return that single value ( the [0]-th ), and raise an
# IndexError if that expectation is not true.
# IF you expect a field to have possible multiple values, than you
# can use form.getlist( key ) to get all of the values.
# values() and items() are a compromise: they return single strings
# where there is a single value, and lists of strings otherwise.
class SvFormContentDict(FormContentDict):
def __getitem__( self, key ):
if len( self.dict[key] ) > 1 :
raise IndexError, 'expecting a single value'
return self.dict[key][0]
def getlist( self, key ):
return self.dict[key]
def values( self ):
lis = []
for each in self.dict.values() :
if len( each ) == 1 :
lis.append( each[0] )
else: lis.append( each )
return lis
def items( self ):
lis = []
for key,value in self.dict.items():
if len(value) == 1 :
lis.append( (key,value[0]) )
else: lis.append( (key,value) )
return lis
# And this sub-class is similar to the above, but it will attempt to
# interpret numerical values. This is here as mostly as an example,
# but I think the real way to handle typed-data from a form may be
# to make an additional table driver parsing stage that has a table
# of allowed input patterns and the output conversion types - it
# would signal type-errors on parse, not on access.
class InterpFormContentDict(SvFormContentDict):
def __getitem__( self, key ):
v = SvFormContentDict.__getitem__( self, key )
if v[0] in string.digits+'+-.' :
try: return string.atoi( v )
except ValueError:
try: return string.atof( v )
except ValueError: pass
return string.strip(v)
def values( self ):
lis = []
for key in self.keys():
try:
lis.append( self[key] )
except IndexError:
lis.append( self.dict[key] )
return lis
def items( self ):
lis = []
for key in self.keys():
try:
lis.append( (key, self[key]) )
except IndexError:
lis.append( (key, self.dict[key]) )
return lis
# class FormContent parses the name/value pairs that are passed to a
# server's CGI by GET, POST, or PUT methods by a WWW FORM. several
# specialized FormContent dictionary access methods have been added
# for convenience.
# function return value
#
# form.keys() all keys in dictionary
# form.has_key('key') test keys existance
# form[key] returns list associated with key
# form.values('key') key's list (same as form.[key])
# form.indexed_value('key' index) nth element in key's value list
# form.value(key) key's unstripped value
# form.length(key) number of elements in key's list
# form.stripped(key) key's value with whitespace stripped
# form.pars() full dictionary
class FormContent(FormContentDict):
# This is the original FormContent semantics of values,
# not the dictionary like semantics.
def values(self,key):
if self.dict.has_key(key):return self.dict[key]
else: return None
def indexed_value(self,key, location):
if self.dict.has_key(key):
if len (self.dict[key]) > location:
return self.dict[key][location]
else: return None
else: return None
def value(self,key):
if self.dict.has_key(key):return self.dict[key][0]
else: return None
def length(self,key):
return len (self.dict[key])
def stripped(self,key):
if self.dict.has_key(key):return string.strip(self.dict[key][0])
else: return None
def pars(self):
return self.dict
def print_environ_usage():
print """
<H3>These operating system environment variables could have been
set:</H3> <UL>
<LI>AUTH_TYPE
<LI>CONTENT_LENGTH
<LI>CONTENT_TYPE
<LI>DATE_GMT
<LI>DATE_LOCAL
<LI>DOCUMENT_NAME
<LI>DOCUMENT_ROOT
<LI>DOCUMENT_URI
<LI>GATEWAY_INTERFACE
<LI>LAST_MODIFIED
<LI>PATH
<LI>PATH_INFO
<LI>PATH_TRANSLATED
<LI>QUERY_STRING
<LI>REMOTE_ADDR
<LI>REMOTE_HOST
<LI>REMOTE_IDENT
<LI>REMOTE_USER
<LI>REQUEST_METHOD
<LI>SCRIPT_NAME
<LI>SERVER_NAME
<LI>SERVER_PORT
<LI>SERVER_PROTOCOL
<LI>SERVER_ROOT
<LI>SERVER_SOFTWARE
</UL>
"""
def print_environ():
skeys = environ.keys()
skeys.sort()
1995-02-27 13:16:11 +00:00
print '<h3> The following environment variables ' \
'were set by the CGI script: </h3>'
1995-01-12 12:29:47 +00:00
print '<dl>'
for key in skeys:
1995-02-27 13:16:11 +00:00
print '<dt>', escape(key), '<dd>', escape(environ[key])
1995-01-12 12:29:47 +00:00
print '</dl>'
def print_form( form ):
skeys = form.keys()
skeys.sort()
1995-02-27 13:16:11 +00:00
print '<h3> The following name/value pairs ' \
'were entered in the form: </h3>'
print '<dl>'
1995-01-12 12:29:47 +00:00
for key in skeys:
1995-02-27 13:16:11 +00:00
print '<dt>', escape(key), ':',
print '<i>', escape(`type(form[key])`), '</i>',
1995-03-14 17:22:28 +00:00
print '<dd>', escape(`form[key]`)
1995-01-12 12:29:47 +00:00
print '</dl>'
def escape( s ):
1995-03-14 17:22:28 +00:00
s = regsub.gsub('&', '&amp;', s) # Must be done first
s = regsub.gsub('<', '&lt;', s)
s = regsub.gsub('>', '&gt;', s)
1995-02-27 13:16:11 +00:00
return s
1995-01-12 12:29:47 +00:00
def test( what ):
label = escape(str(what))
print 'Content-type: text/html\n\n'
print '<HEADER>\n<TITLE>' + label + '</TITLE>\n</HEADER>\n'
print '<BODY>\n'
print "<H1>" + label +"</H1>\n"
form = what()
print_form( form )
print_environ()
print_environ_usage()
print '</body>'
if __name__ == '__main__' :
test_classes = ( FormContent, FormContentDict, SvFormContentDict, InterpFormContentDict )
test( test_classes[0] ) # by default, test compatibility with
# old version, change index to test others.