--- /dev/null
+#! /usr/local/bin/python\r
+\r
+# NOTE: the above "/usr/local/bin/python" is NOT a mistake. It is\r
+# intentionally NOT "/usr/bin/env python". On many systems\r
+# (e.g. Solaris), /usr/local/bin is not in $PATH as passed to CGI\r
+# scripts, and /usr/local/bin is the default directory where Python is\r
+# installed, so /usr/bin/env would be unable to find python. Granted,\r
+# binary installations by Linux vendors often install Python in\r
+# /usr/bin. So let those vendors patch cgi.py to match their choice\r
+# of installation.\r
+\r
+"""Support module for CGI (Common Gateway Interface) scripts.\r
+\r
+This module defines a number of utilities for use by CGI scripts\r
+written in Python.\r
+"""\r
+\r
+# XXX Perhaps there should be a slimmed version that doesn't contain\r
+# all those backwards compatible and debugging classes and functions?\r
+\r
+# History\r
+# -------\r
+#\r
+# Michael McLay started this module. Steve Majewski changed the\r
+# interface to SvFormContentDict and FormContentDict. The multipart\r
+# parsing was inspired by code submitted by Andreas Paepcke. Guido van\r
+# Rossum rewrote, reformatted and documented the module and is currently\r
+# responsible for its maintenance.\r
+#\r
+\r
+__version__ = "2.6"\r
+\r
+\r
+# Imports\r
+# =======\r
+\r
+from operator import attrgetter\r
+import sys\r
+import os\r
+import urllib\r
+import UserDict\r
+import urlparse\r
+\r
+from warnings import filterwarnings, catch_warnings, warn\r
+with catch_warnings():\r
+ if sys.py3kwarning:\r
+ filterwarnings("ignore", ".*mimetools has been removed",\r
+ DeprecationWarning)\r
+ filterwarnings("ignore", ".*rfc822 has been removed",\r
+ DeprecationWarning)\r
+ import mimetools\r
+ import rfc822\r
+\r
+try:\r
+ from cStringIO import StringIO\r
+except ImportError:\r
+ from StringIO import StringIO\r
+\r
+__all__ = ["MiniFieldStorage", "FieldStorage", "FormContentDict",\r
+ "SvFormContentDict", "InterpFormContentDict", "FormContent",\r
+ "parse", "parse_qs", "parse_qsl", "parse_multipart",\r
+ "parse_header", "print_exception", "print_environ",\r
+ "print_form", "print_directory", "print_arguments",\r
+ "print_environ_usage", "escape"]\r
+\r
+# Logging support\r
+# ===============\r
+\r
+logfile = "" # Filename to log to, if not empty\r
+logfp = None # File object to log to, if not None\r
+\r
+def initlog(*allargs):\r
+ """Write a log message, if there is a log file.\r
+\r
+ Even though this function is called initlog(), you should always\r
+ use log(); log is a variable that is set either to initlog\r
+ (initially), to dolog (once the log file has been opened), or to\r
+ nolog (when logging is disabled).\r
+\r
+ The first argument is a format string; the remaining arguments (if\r
+ any) are arguments to the % operator, so e.g.\r
+ log("%s: %s", "a", "b")\r
+ will write "a: b" to the log file, followed by a newline.\r
+\r
+ If the global logfp is not None, it should be a file object to\r
+ which log data is written.\r
+\r
+ If the global logfp is None, the global logfile may be a string\r
+ giving a filename to open, in append mode. This file should be\r
+ world writable!!! If the file can't be opened, logging is\r
+ silently disabled (since there is no safe place where we could\r
+ send an error message).\r
+\r
+ """\r
+ global logfp, log\r
+ if logfile and not logfp:\r
+ try:\r
+ logfp = open(logfile, "a")\r
+ except IOError:\r
+ pass\r
+ if not logfp:\r
+ log = nolog\r
+ else:\r
+ log = dolog\r
+ log(*allargs)\r
+\r
+def dolog(fmt, *args):\r
+ """Write a log message to the log file. See initlog() for docs."""\r
+ logfp.write(fmt%args + "\n")\r
+\r
+def nolog(*allargs):\r
+ """Dummy function, assigned to log when logging is disabled."""\r
+ pass\r
+\r
+log = initlog # The current logging function\r
+\r
+\r
+# Parsing functions\r
+# =================\r
+\r
+# Maximum input we will accept when REQUEST_METHOD is POST\r
+# 0 ==> unlimited input\r
+maxlen = 0\r
+\r
+def parse(fp=None, environ=os.environ, keep_blank_values=0, strict_parsing=0):\r
+ """Parse a query in the environment or from a file (default stdin)\r
+\r
+ Arguments, all optional:\r
+\r
+ fp : file pointer; default: sys.stdin\r
+\r
+ environ : environment dictionary; default: os.environ\r
+\r
+ keep_blank_values: flag indicating whether blank values in\r
+ percent-encoded forms should be treated as blank strings.\r
+ A true value indicates that blanks should be retained as\r
+ blank strings. The default false value indicates that\r
+ blank values are to be ignored and treated as if they were\r
+ not included.\r
+\r
+ strict_parsing: flag indicating what to do with parsing errors.\r
+ If false (the default), errors are silently ignored.\r
+ If true, errors raise a ValueError exception.\r
+ """\r
+ if fp is None:\r
+ fp = sys.stdin\r
+ if not 'REQUEST_METHOD' in environ:\r
+ environ['REQUEST_METHOD'] = 'GET' # For testing stand-alone\r
+ if environ['REQUEST_METHOD'] == 'POST':\r
+ ctype, pdict = parse_header(environ['CONTENT_TYPE'])\r
+ if ctype == 'multipart/form-data':\r
+ return parse_multipart(fp, pdict)\r
+ elif ctype == 'application/x-www-form-urlencoded':\r
+ clength = int(environ['CONTENT_LENGTH'])\r
+ if maxlen and clength > maxlen:\r
+ raise ValueError, 'Maximum content length exceeded'\r
+ qs = fp.read(clength)\r
+ else:\r
+ qs = '' # Unknown content-type\r
+ if 'QUERY_STRING' in environ:\r
+ if qs: qs = qs + '&'\r
+ qs = qs + environ['QUERY_STRING']\r
+ elif sys.argv[1:]:\r
+ if qs: qs = qs + '&'\r
+ qs = qs + sys.argv[1]\r
+ environ['QUERY_STRING'] = qs # XXX Shouldn't, really\r
+ elif 'QUERY_STRING' in environ:\r
+ qs = environ['QUERY_STRING']\r
+ else:\r
+ if sys.argv[1:]:\r
+ qs = sys.argv[1]\r
+ else:\r
+ qs = ""\r
+ environ['QUERY_STRING'] = qs # XXX Shouldn't, really\r
+ return urlparse.parse_qs(qs, keep_blank_values, strict_parsing)\r
+\r
+\r
+# parse query string function called from urlparse,\r
+# this is done in order to maintain backward compatiblity.\r
+\r
+def parse_qs(qs, keep_blank_values=0, strict_parsing=0):\r
+ """Parse a query given as a string argument."""\r
+ warn("cgi.parse_qs is deprecated, use urlparse.parse_qs instead",\r
+ PendingDeprecationWarning, 2)\r
+ return urlparse.parse_qs(qs, keep_blank_values, strict_parsing)\r
+\r
+\r
+def parse_qsl(qs, keep_blank_values=0, strict_parsing=0):\r
+ """Parse a query given as a string argument."""\r
+ warn("cgi.parse_qsl is deprecated, use urlparse.parse_qsl instead",\r
+ PendingDeprecationWarning, 2)\r
+ return urlparse.parse_qsl(qs, keep_blank_values, strict_parsing)\r
+\r
+def parse_multipart(fp, pdict):\r
+ """Parse multipart input.\r
+\r
+ Arguments:\r
+ fp : input file\r
+ pdict: dictionary containing other parameters of content-type header\r
+\r
+ Returns a dictionary just like parse_qs(): keys are the field names, each\r
+ value is a list of values for that field. This is easy to use but not\r
+ much good if you are expecting megabytes to be uploaded -- in that case,\r
+ use the FieldStorage class instead which is much more flexible. Note\r
+ that content-type is the raw, unparsed contents of the content-type\r
+ header.\r
+\r
+ XXX This does not parse nested multipart parts -- use FieldStorage for\r
+ that.\r
+\r
+ XXX This should really be subsumed by FieldStorage altogether -- no\r
+ point in having two implementations of the same parsing algorithm.\r
+ Also, FieldStorage protects itself better against certain DoS attacks\r
+ by limiting the size of the data read in one chunk. The API here\r
+ does not support that kind of protection. This also affects parse()\r
+ since it can call parse_multipart().\r
+\r
+ """\r
+ boundary = ""\r
+ if 'boundary' in pdict:\r
+ boundary = pdict['boundary']\r
+ if not valid_boundary(boundary):\r
+ raise ValueError, ('Invalid boundary in multipart form: %r'\r
+ % (boundary,))\r
+\r
+ nextpart = "--" + boundary\r
+ lastpart = "--" + boundary + "--"\r
+ partdict = {}\r
+ terminator = ""\r
+\r
+ while terminator != lastpart:\r
+ bytes = -1\r
+ data = None\r
+ if terminator:\r
+ # At start of next part. Read headers first.\r
+ headers = mimetools.Message(fp)\r
+ clength = headers.getheader('content-length')\r
+ if clength:\r
+ try:\r
+ bytes = int(clength)\r
+ except ValueError:\r
+ pass\r
+ if bytes > 0:\r
+ if maxlen and bytes > maxlen:\r
+ raise ValueError, 'Maximum content length exceeded'\r
+ data = fp.read(bytes)\r
+ else:\r
+ data = ""\r
+ # Read lines until end of part.\r
+ lines = []\r
+ while 1:\r
+ line = fp.readline()\r
+ if not line:\r
+ terminator = lastpart # End outer loop\r
+ break\r
+ if line[:2] == "--":\r
+ terminator = line.strip()\r
+ if terminator in (nextpart, lastpart):\r
+ break\r
+ lines.append(line)\r
+ # Done with part.\r
+ if data is None:\r
+ continue\r
+ if bytes < 0:\r
+ if lines:\r
+ # Strip final line terminator\r
+ line = lines[-1]\r
+ if line[-2:] == "\r\n":\r
+ line = line[:-2]\r
+ elif line[-1:] == "\n":\r
+ line = line[:-1]\r
+ lines[-1] = line\r
+ data = "".join(lines)\r
+ line = headers['content-disposition']\r
+ if not line:\r
+ continue\r
+ key, params = parse_header(line)\r
+ if key != 'form-data':\r
+ continue\r
+ if 'name' in params:\r
+ name = params['name']\r
+ else:\r
+ continue\r
+ if name in partdict:\r
+ partdict[name].append(data)\r
+ else:\r
+ partdict[name] = [data]\r
+\r
+ return partdict\r
+\r
+\r
+def _parseparam(s):\r
+ while s[:1] == ';':\r
+ s = s[1:]\r
+ end = s.find(';')\r
+ while end > 0 and s.count('"', 0, end) % 2:\r
+ end = s.find(';', end + 1)\r
+ if end < 0:\r
+ end = len(s)\r
+ f = s[:end]\r
+ yield f.strip()\r
+ s = s[end:]\r
+\r
+def parse_header(line):\r
+ """Parse a Content-type like header.\r
+\r
+ Return the main content-type and a dictionary of options.\r
+\r
+ """\r
+ parts = _parseparam(';' + line)\r
+ key = parts.next()\r
+ pdict = {}\r
+ for p in parts:\r
+ i = p.find('=')\r
+ if i >= 0:\r
+ name = p[:i].strip().lower()\r
+ value = p[i+1:].strip()\r
+ if len(value) >= 2 and value[0] == value[-1] == '"':\r
+ value = value[1:-1]\r
+ value = value.replace('\\\\', '\\').replace('\\"', '"')\r
+ pdict[name] = value\r
+ return key, pdict\r
+\r
+\r
+# Classes for field storage\r
+# =========================\r
+\r
+class MiniFieldStorage:\r
+\r
+ """Like FieldStorage, for use when no file uploads are possible."""\r
+\r
+ # Dummy attributes\r
+ filename = None\r
+ list = None\r
+ type = None\r
+ file = None\r
+ type_options = {}\r
+ disposition = None\r
+ disposition_options = {}\r
+ headers = {}\r
+\r
+ def __init__(self, name, value):\r
+ """Constructor from field name and value."""\r
+ self.name = name\r
+ self.value = value\r
+ # self.file = StringIO(value)\r
+\r
+ def __repr__(self):\r
+ """Return printable representation."""\r
+ return "MiniFieldStorage(%r, %r)" % (self.name, self.value)\r
+\r
+\r
+class FieldStorage:\r
+\r
+ """Store a sequence of fields, reading multipart/form-data.\r
+\r
+ This class provides naming, typing, files stored on disk, and\r
+ more. At the top level, it is accessible like a dictionary, whose\r
+ keys are the field names. (Note: None can occur as a field name.)\r
+ The items are either a Python list (if there's multiple values) or\r
+ another FieldStorage or MiniFieldStorage object. If it's a single\r
+ object, it has the following attributes:\r
+\r
+ name: the field name, if specified; otherwise None\r
+\r
+ filename: the filename, if specified; otherwise None; this is the\r
+ client side filename, *not* the file name on which it is\r
+ stored (that's a temporary file you don't deal with)\r
+\r
+ value: the value as a *string*; for file uploads, this\r
+ transparently reads the file every time you request the value\r
+\r
+ file: the file(-like) object from which you can read the data;\r
+ None if the data is stored a simple string\r
+\r
+ type: the content-type, or None if not specified\r
+\r
+ type_options: dictionary of options specified on the content-type\r
+ line\r
+\r
+ disposition: content-disposition, or None if not specified\r
+\r
+ disposition_options: dictionary of corresponding options\r
+\r
+ headers: a dictionary(-like) object (sometimes rfc822.Message or a\r
+ subclass thereof) containing *all* headers\r
+\r
+ The class is subclassable, mostly for the purpose of overriding\r
+ the make_file() method, which is called internally to come up with\r
+ a file open for reading and writing. This makes it possible to\r
+ override the default choice of storing all files in a temporary\r
+ directory and unlinking them as soon as they have been opened.\r
+\r
+ """\r
+\r
+ def __init__(self, fp=None, headers=None, outerboundary="",\r
+ environ=os.environ, keep_blank_values=0, strict_parsing=0):\r
+ """Constructor. Read multipart/* until last part.\r
+\r
+ Arguments, all optional:\r
+\r
+ fp : file pointer; default: sys.stdin\r
+ (not used when the request method is GET)\r
+\r
+ headers : header dictionary-like object; default:\r
+ taken from environ as per CGI spec\r
+\r
+ outerboundary : terminating multipart boundary\r
+ (for internal use only)\r
+\r
+ environ : environment dictionary; default: os.environ\r
+\r
+ keep_blank_values: flag indicating whether blank values in\r
+ percent-encoded forms should be treated as blank strings.\r
+ A true value indicates that blanks should be retained as\r
+ blank strings. The default false value indicates that\r
+ blank values are to be ignored and treated as if they were\r
+ not included.\r
+\r
+ strict_parsing: flag indicating what to do with parsing errors.\r
+ If false (the default), errors are silently ignored.\r
+ If true, errors raise a ValueError exception.\r
+\r
+ """\r
+ method = 'GET'\r
+ self.keep_blank_values = keep_blank_values\r
+ self.strict_parsing = strict_parsing\r
+ if 'REQUEST_METHOD' in environ:\r
+ method = environ['REQUEST_METHOD'].upper()\r
+ self.qs_on_post = None\r
+ if method == 'GET' or method == 'HEAD':\r
+ if 'QUERY_STRING' in environ:\r
+ qs = environ['QUERY_STRING']\r
+ elif sys.argv[1:]:\r
+ qs = sys.argv[1]\r
+ else:\r
+ qs = ""\r
+ fp = StringIO(qs)\r
+ if headers is None:\r
+ headers = {'content-type':\r
+ "application/x-www-form-urlencoded"}\r
+ if headers is None:\r
+ headers = {}\r
+ if method == 'POST':\r
+ # Set default content-type for POST to what's traditional\r
+ headers['content-type'] = "application/x-www-form-urlencoded"\r
+ if 'CONTENT_TYPE' in environ:\r
+ headers['content-type'] = environ['CONTENT_TYPE']\r
+ if 'QUERY_STRING' in environ:\r
+ self.qs_on_post = environ['QUERY_STRING']\r
+ if 'CONTENT_LENGTH' in environ:\r
+ headers['content-length'] = environ['CONTENT_LENGTH']\r
+ self.fp = fp or sys.stdin\r
+ self.headers = headers\r
+ self.outerboundary = outerboundary\r
+\r
+ # Process content-disposition header\r
+ cdisp, pdict = "", {}\r
+ if 'content-disposition' in self.headers:\r
+ cdisp, pdict = parse_header(self.headers['content-disposition'])\r
+ self.disposition = cdisp\r
+ self.disposition_options = pdict\r
+ self.name = None\r
+ if 'name' in pdict:\r
+ self.name = pdict['name']\r
+ self.filename = None\r
+ if 'filename' in pdict:\r
+ self.filename = pdict['filename']\r
+\r
+ # Process content-type header\r
+ #\r
+ # Honor any existing content-type header. But if there is no\r
+ # content-type header, use some sensible defaults. Assume\r
+ # outerboundary is "" at the outer level, but something non-false\r
+ # inside a multi-part. The default for an inner part is text/plain,\r
+ # but for an outer part it should be urlencoded. This should catch\r
+ # bogus clients which erroneously forget to include a content-type\r
+ # header.\r
+ #\r
+ # See below for what we do if there does exist a content-type header,\r
+ # but it happens to be something we don't understand.\r
+ if 'content-type' in self.headers:\r
+ ctype, pdict = parse_header(self.headers['content-type'])\r
+ elif self.outerboundary or method != 'POST':\r
+ ctype, pdict = "text/plain", {}\r
+ else:\r
+ ctype, pdict = 'application/x-www-form-urlencoded', {}\r
+ self.type = ctype\r
+ self.type_options = pdict\r
+ self.innerboundary = ""\r
+ if 'boundary' in pdict:\r
+ self.innerboundary = pdict['boundary']\r
+ clen = -1\r
+ if 'content-length' in self.headers:\r
+ try:\r
+ clen = int(self.headers['content-length'])\r
+ except ValueError:\r
+ pass\r
+ if maxlen and clen > maxlen:\r
+ raise ValueError, 'Maximum content length exceeded'\r
+ self.length = clen\r
+\r
+ self.list = self.file = None\r
+ self.done = 0\r
+ if ctype == 'application/x-www-form-urlencoded':\r
+ self.read_urlencoded()\r
+ elif ctype[:10] == 'multipart/':\r
+ self.read_multi(environ, keep_blank_values, strict_parsing)\r
+ else:\r
+ self.read_single()\r
+\r
+ def __repr__(self):\r
+ """Return a printable representation."""\r
+ return "FieldStorage(%r, %r, %r)" % (\r
+ self.name, self.filename, self.value)\r
+\r
+ def __iter__(self):\r
+ return iter(self.keys())\r
+\r
+ def __getattr__(self, name):\r
+ if name != 'value':\r
+ raise AttributeError, name\r
+ if self.file:\r
+ self.file.seek(0)\r
+ value = self.file.read()\r
+ self.file.seek(0)\r
+ elif self.list is not None:\r
+ value = self.list\r
+ else:\r
+ value = None\r
+ return value\r
+\r
+ def __getitem__(self, key):\r
+ """Dictionary style indexing."""\r
+ if self.list is None:\r
+ raise TypeError, "not indexable"\r
+ found = []\r
+ for item in self.list:\r
+ if item.name == key: found.append(item)\r
+ if not found:\r
+ raise KeyError, key\r
+ if len(found) == 1:\r
+ return found[0]\r
+ else:\r
+ return found\r
+\r
+ def getvalue(self, key, default=None):\r
+ """Dictionary style get() method, including 'value' lookup."""\r
+ if key in self:\r
+ value = self[key]\r
+ if type(value) is type([]):\r
+ return map(attrgetter('value'), value)\r
+ else:\r
+ return value.value\r
+ else:\r
+ return default\r
+\r
+ def getfirst(self, key, default=None):\r
+ """ Return the first value received."""\r
+ if key in self:\r
+ value = self[key]\r
+ if type(value) is type([]):\r
+ return value[0].value\r
+ else:\r
+ return value.value\r
+ else:\r
+ return default\r
+\r
+ def getlist(self, key):\r
+ """ Return list of received values."""\r
+ if key in self:\r
+ value = self[key]\r
+ if type(value) is type([]):\r
+ return map(attrgetter('value'), value)\r
+ else:\r
+ return [value.value]\r
+ else:\r
+ return []\r
+\r
+ def keys(self):\r
+ """Dictionary style keys() method."""\r
+ if self.list is None:\r
+ raise TypeError, "not indexable"\r
+ return list(set(item.name for item in self.list))\r
+\r
+ def has_key(self, key):\r
+ """Dictionary style has_key() method."""\r
+ if self.list is None:\r
+ raise TypeError, "not indexable"\r
+ return any(item.name == key for item in self.list)\r
+\r
+ def __contains__(self, key):\r
+ """Dictionary style __contains__ method."""\r
+ if self.list is None:\r
+ raise TypeError, "not indexable"\r
+ return any(item.name == key for item in self.list)\r
+\r
+ def __len__(self):\r
+ """Dictionary style len(x) support."""\r
+ return len(self.keys())\r
+\r
+ def __nonzero__(self):\r
+ return bool(self.list)\r
+\r
+ def read_urlencoded(self):\r
+ """Internal: read data in query string format."""\r
+ qs = self.fp.read(self.length)\r
+ if self.qs_on_post:\r
+ qs += '&' + self.qs_on_post\r
+ self.list = list = []\r
+ for key, value in urlparse.parse_qsl(qs, self.keep_blank_values,\r
+ self.strict_parsing):\r
+ list.append(MiniFieldStorage(key, value))\r
+ self.skip_lines()\r
+\r
+ FieldStorageClass = None\r
+\r
+ def read_multi(self, environ, keep_blank_values, strict_parsing):\r
+ """Internal: read a part that is itself multipart."""\r
+ ib = self.innerboundary\r
+ if not valid_boundary(ib):\r
+ raise ValueError, 'Invalid boundary in multipart form: %r' % (ib,)\r
+ self.list = []\r
+ if self.qs_on_post:\r
+ for key, value in urlparse.parse_qsl(self.qs_on_post,\r
+ self.keep_blank_values, self.strict_parsing):\r
+ self.list.append(MiniFieldStorage(key, value))\r
+ FieldStorageClass = None\r
+\r
+ klass = self.FieldStorageClass or self.__class__\r
+ part = klass(self.fp, {}, ib,\r
+ environ, keep_blank_values, strict_parsing)\r
+ # Throw first part away\r
+ while not part.done:\r
+ headers = rfc822.Message(self.fp)\r
+ part = klass(self.fp, headers, ib,\r
+ environ, keep_blank_values, strict_parsing)\r
+ self.list.append(part)\r
+ self.skip_lines()\r
+\r
+ def read_single(self):\r
+ """Internal: read an atomic part."""\r
+ if self.length >= 0:\r
+ self.read_binary()\r
+ self.skip_lines()\r
+ else:\r
+ self.read_lines()\r
+ self.file.seek(0)\r
+\r
+ bufsize = 8*1024 # I/O buffering size for copy to file\r
+\r
+ def read_binary(self):\r
+ """Internal: read binary data."""\r
+ self.file = self.make_file('b')\r
+ todo = self.length\r
+ if todo >= 0:\r
+ while todo > 0:\r
+ data = self.fp.read(min(todo, self.bufsize))\r
+ if not data:\r
+ self.done = -1\r
+ break\r
+ self.file.write(data)\r
+ todo = todo - len(data)\r
+\r
+ def read_lines(self):\r
+ """Internal: read lines until EOF or outerboundary."""\r
+ self.file = self.__file = StringIO()\r
+ if self.outerboundary:\r
+ self.read_lines_to_outerboundary()\r
+ else:\r
+ self.read_lines_to_eof()\r
+\r
+ def __write(self, line):\r
+ if self.__file is not None:\r
+ if self.__file.tell() + len(line) > 1000:\r
+ self.file = self.make_file('')\r
+ self.file.write(self.__file.getvalue())\r
+ self.__file = None\r
+ self.file.write(line)\r
+\r
+ def read_lines_to_eof(self):\r
+ """Internal: read lines until EOF."""\r
+ while 1:\r
+ line = self.fp.readline(1<<16)\r
+ if not line:\r
+ self.done = -1\r
+ break\r
+ self.__write(line)\r
+\r
+ def read_lines_to_outerboundary(self):\r
+ """Internal: read lines until outerboundary."""\r
+ next = "--" + self.outerboundary\r
+ last = next + "--"\r
+ delim = ""\r
+ last_line_lfend = True\r
+ while 1:\r
+ line = self.fp.readline(1<<16)\r
+ if not line:\r
+ self.done = -1\r
+ break\r
+ if line[:2] == "--" and last_line_lfend:\r
+ strippedline = line.strip()\r
+ if strippedline == next:\r
+ break\r
+ if strippedline == last:\r
+ self.done = 1\r
+ break\r
+ odelim = delim\r
+ if line[-2:] == "\r\n":\r
+ delim = "\r\n"\r
+ line = line[:-2]\r
+ last_line_lfend = True\r
+ elif line[-1] == "\n":\r
+ delim = "\n"\r
+ line = line[:-1]\r
+ last_line_lfend = True\r
+ else:\r
+ delim = ""\r
+ last_line_lfend = False\r
+ self.__write(odelim + line)\r
+\r
+ def skip_lines(self):\r
+ """Internal: skip lines until outer boundary if defined."""\r
+ if not self.outerboundary or self.done:\r
+ return\r
+ next = "--" + self.outerboundary\r
+ last = next + "--"\r
+ last_line_lfend = True\r
+ while 1:\r
+ line = self.fp.readline(1<<16)\r
+ if not line:\r
+ self.done = -1\r
+ break\r
+ if line[:2] == "--" and last_line_lfend:\r
+ strippedline = line.strip()\r
+ if strippedline == next:\r
+ break\r
+ if strippedline == last:\r
+ self.done = 1\r
+ break\r
+ last_line_lfend = line.endswith('\n')\r
+\r
+ def make_file(self, binary=None):\r
+ """Overridable: return a readable & writable file.\r
+\r
+ The file will be used as follows:\r
+ - data is written to it\r
+ - seek(0)\r
+ - data is read from it\r
+\r
+ The 'binary' argument is unused -- the file is always opened\r
+ in binary mode.\r
+\r
+ This version opens a temporary file for reading and writing,\r
+ and immediately deletes (unlinks) it. The trick (on Unix!) is\r
+ that the file can still be used, but it can't be opened by\r
+ another process, and it will automatically be deleted when it\r
+ is closed or when the current process terminates.\r
+\r
+ If you want a more permanent file, you derive a class which\r
+ overrides this method. If you want a visible temporary file\r
+ that is nevertheless automatically deleted when the script\r
+ terminates, try defining a __del__ method in a derived class\r
+ which unlinks the temporary files you have created.\r
+\r
+ """\r
+ import tempfile\r
+ return tempfile.TemporaryFile("w+b")\r
+\r
+\r
+\r
+# Backwards Compatibility Classes\r
+# ===============================\r
+\r
+class FormContentDict(UserDict.UserDict):\r
+ """Form content as dictionary with a list of values per field.\r
+\r
+ form = FormContentDict()\r
+\r
+ form[key] -> [value, value, ...]\r
+ key in form -> Boolean\r
+ form.keys() -> [key, key, ...]\r
+ form.values() -> [[val, val, ...], [val, val, ...], ...]\r
+ form.items() -> [(key, [val, val, ...]), (key, [val, val, ...]), ...]\r
+ form.dict == {key: [val, val, ...], ...}\r
+\r
+ """\r
+ def __init__(self, environ=os.environ, keep_blank_values=0, strict_parsing=0):\r
+ self.dict = self.data = parse(environ=environ,\r
+ keep_blank_values=keep_blank_values,\r
+ strict_parsing=strict_parsing)\r
+ self.query_string = environ['QUERY_STRING']\r
+\r
+\r
+class SvFormContentDict(FormContentDict):\r
+ """Form content as dictionary expecting a single value per field.\r
+\r
+ If you only expect a single value for each field, then form[key]\r
+ will return that single value. It will raise an IndexError if\r
+ that expectation is not true. If you expect a field to have\r
+ possible multiple values, than you can use form.getlist(key) to\r
+ get all of the values. values() and items() are a compromise:\r
+ they return single strings where there is a single value, and\r
+ lists of strings otherwise.\r
+\r
+ """\r
+ def __getitem__(self, key):\r
+ if len(self.dict[key]) > 1:\r
+ raise IndexError, 'expecting a single value'\r
+ return self.dict[key][0]\r
+ def getlist(self, key):\r
+ return self.dict[key]\r
+ def values(self):\r
+ result = []\r
+ for value in self.dict.values():\r
+ if len(value) == 1:\r
+ result.append(value[0])\r
+ else: result.append(value)\r
+ return result\r
+ def items(self):\r
+ result = []\r
+ for key, value in self.dict.items():\r
+ if len(value) == 1:\r
+ result.append((key, value[0]))\r
+ else: result.append((key, value))\r
+ return result\r
+\r
+\r
+class InterpFormContentDict(SvFormContentDict):\r
+ """This class is present for backwards compatibility only."""\r
+ def __getitem__(self, key):\r
+ v = SvFormContentDict.__getitem__(self, key)\r
+ if v[0] in '0123456789+-.':\r
+ try: return int(v)\r
+ except ValueError:\r
+ try: return float(v)\r
+ except ValueError: pass\r
+ return v.strip()\r
+ def values(self):\r
+ result = []\r
+ for key in self.keys():\r
+ try:\r
+ result.append(self[key])\r
+ except IndexError:\r
+ result.append(self.dict[key])\r
+ return result\r
+ def items(self):\r
+ result = []\r
+ for key in self.keys():\r
+ try:\r
+ result.append((key, self[key]))\r
+ except IndexError:\r
+ result.append((key, self.dict[key]))\r
+ return result\r
+\r
+\r
+class FormContent(FormContentDict):\r
+ """This class is present for backwards compatibility only."""\r
+ def values(self, key):\r
+ if key in self.dict :return self.dict[key]\r
+ else: return None\r
+ def indexed_value(self, key, location):\r
+ if key in self.dict:\r
+ if len(self.dict[key]) > location:\r
+ return self.dict[key][location]\r
+ else: return None\r
+ else: return None\r
+ def value(self, key):\r
+ if key in self.dict: return self.dict[key][0]\r
+ else: return None\r
+ def length(self, key):\r
+ return len(self.dict[key])\r
+ def stripped(self, key):\r
+ if key in self.dict: return self.dict[key][0].strip()\r
+ else: return None\r
+ def pars(self):\r
+ return self.dict\r
+\r
+\r
+# Test/debug code\r
+# ===============\r
+\r
+def test(environ=os.environ):\r
+ """Robust test CGI script, usable as main program.\r
+\r
+ Write minimal HTTP headers and dump all information provided to\r
+ the script in HTML form.\r
+\r
+ """\r
+ print "Content-type: text/html"\r
+ print\r
+ sys.stderr = sys.stdout\r
+ try:\r
+ form = FieldStorage() # Replace with other classes to test those\r
+ print_directory()\r
+ print_arguments()\r
+ print_form(form)\r
+ print_environ(environ)\r
+ print_environ_usage()\r
+ def f():\r
+ exec "testing print_exception() -- <I>italics?</I>"\r
+ def g(f=f):\r
+ f()\r
+ print "<H3>What follows is a test, not an actual exception:</H3>"\r
+ g()\r
+ except:\r
+ print_exception()\r
+\r
+ print "<H1>Second try with a small maxlen...</H1>"\r
+\r
+ global maxlen\r
+ maxlen = 50\r
+ try:\r
+ form = FieldStorage() # Replace with other classes to test those\r
+ print_directory()\r
+ print_arguments()\r
+ print_form(form)\r
+ print_environ(environ)\r
+ except:\r
+ print_exception()\r
+\r
+def print_exception(type=None, value=None, tb=None, limit=None):\r
+ if type is None:\r
+ type, value, tb = sys.exc_info()\r
+ import traceback\r
+ print\r
+ print "<H3>Traceback (most recent call last):</H3>"\r
+ list = traceback.format_tb(tb, limit) + \\r
+ traceback.format_exception_only(type, value)\r
+ print "<PRE>%s<B>%s</B></PRE>" % (\r
+ escape("".join(list[:-1])),\r
+ escape(list[-1]),\r
+ )\r
+ del tb\r
+\r
+def print_environ(environ=os.environ):\r
+ """Dump the shell environment as HTML."""\r
+ keys = environ.keys()\r
+ keys.sort()\r
+ print\r
+ print "<H3>Shell Environment:</H3>"\r
+ print "<DL>"\r
+ for key in keys:\r
+ print "<DT>", escape(key), "<DD>", escape(environ[key])\r
+ print "</DL>"\r
+ print\r
+\r
+def print_form(form):\r
+ """Dump the contents of a form as HTML."""\r
+ keys = form.keys()\r
+ keys.sort()\r
+ print\r
+ print "<H3>Form Contents:</H3>"\r
+ if not keys:\r
+ print "<P>No form fields."\r
+ print "<DL>"\r
+ for key in keys:\r
+ print "<DT>" + escape(key) + ":",\r
+ value = form[key]\r
+ print "<i>" + escape(repr(type(value))) + "</i>"\r
+ print "<DD>" + escape(repr(value))\r
+ print "</DL>"\r
+ print\r
+\r
+def print_directory():\r
+ """Dump the current directory as HTML."""\r
+ print\r
+ print "<H3>Current Working Directory:</H3>"\r
+ try:\r
+ pwd = os.getcwd()\r
+ except os.error, msg:\r
+ print "os.error:", escape(str(msg))\r
+ else:\r
+ print escape(pwd)\r
+ print\r
+\r
+def print_arguments():\r
+ print\r
+ print "<H3>Command Line Arguments:</H3>"\r
+ print\r
+ print sys.argv\r
+ print\r
+\r
+def print_environ_usage():\r
+ """Dump a list of environment variables used by CGI as HTML."""\r
+ print """\r
+<H3>These environment variables could have been set:</H3>\r
+<UL>\r
+<LI>AUTH_TYPE\r
+<LI>CONTENT_LENGTH\r
+<LI>CONTENT_TYPE\r
+<LI>DATE_GMT\r
+<LI>DATE_LOCAL\r
+<LI>DOCUMENT_NAME\r
+<LI>DOCUMENT_ROOT\r
+<LI>DOCUMENT_URI\r
+<LI>GATEWAY_INTERFACE\r
+<LI>LAST_MODIFIED\r
+<LI>PATH\r
+<LI>PATH_INFO\r
+<LI>PATH_TRANSLATED\r
+<LI>QUERY_STRING\r
+<LI>REMOTE_ADDR\r
+<LI>REMOTE_HOST\r
+<LI>REMOTE_IDENT\r
+<LI>REMOTE_USER\r
+<LI>REQUEST_METHOD\r
+<LI>SCRIPT_NAME\r
+<LI>SERVER_NAME\r
+<LI>SERVER_PORT\r
+<LI>SERVER_PROTOCOL\r
+<LI>SERVER_ROOT\r
+<LI>SERVER_SOFTWARE\r
+</UL>\r
+In addition, HTTP headers sent by the server may be passed in the\r
+environment as well. Here are some common variable names:\r
+<UL>\r
+<LI>HTTP_ACCEPT\r
+<LI>HTTP_CONNECTION\r
+<LI>HTTP_HOST\r
+<LI>HTTP_PRAGMA\r
+<LI>HTTP_REFERER\r
+<LI>HTTP_USER_AGENT\r
+</UL>\r
+"""\r
+\r
+\r
+# Utilities\r
+# =========\r
+\r
+def escape(s, quote=None):\r
+ '''Replace special characters "&", "<" and ">" to HTML-safe sequences.\r
+ If the optional flag quote is true, the quotation mark character (")\r
+ is also translated.'''\r
+ s = s.replace("&", "&") # Must be done first!\r
+ s = s.replace("<", "<")\r
+ s = s.replace(">", ">")\r
+ if quote:\r
+ s = s.replace('"', """)\r
+ return s\r
+\r
+def valid_boundary(s, _vb_pattern="^[ -~]{0,200}[!-~]$"):\r
+ import re\r
+ return re.match(_vb_pattern, s)\r
+\r
+# Invoke mainline\r
+# ===============\r
+\r
+# Call test() when this file is run as a script (not imported as a module)\r
+if __name__ == '__main__':\r
+ test()\r