On 30.11.2012 11:52, Ferran Jorba wrote:
Hello Ferran!
Now that I've isolated my bug, it is related to this:
def index(req, recid=''):
req.content_type = "text/html"
req.send_http_header()
script = os.path.basename(req.filename)
The «AttributeError: unreadable attribute» is this req.filename, because
if I replace it with a string, it works.
Is there an alternative for knowing the name of the script? If not,
I'll hardcode it, no problem.
Are you sure taht you want to execute a script based on the parameters
passed on in the req-object? I'm thinking here about how to prevent
malicious code, especially as you can pass parameters with the
executable. Thus for our use case where we call externals I really allow
only a defined set of strings to be passed and choose the associated
script from a hash based on this parameter. Some snippet reads:
#...
def index(req, f=None, doi=None, c=CFG_SITE_NAME, ln=CFG_SITE_LANG):
"""
This interface should get parameters by URL and return names
"""
uid = getUid(req)
docroot = req.subprocess_env['DOCUMENT_ROOT']
# TODO these configs shouldn't live here!
perl = '/usr/bin/perl'
scriptpath = docroot+'/cgi-bin/'
# define functions that are allowed for the f= parameter and give a
# full definition on how to call them. Surely, we don't want to
# allow a call of any system function ;)
functions = {
'GenMetadata.pl' : scriptpath + 'GenMetadata.pl',
'AUTISearch.pl' : scriptpath + 'AUTISearch.pl',
'GVKSearch.pl' : scriptpath + 'GVKSearch.pl'
}
# require a login, ie a uid > 0 to work
# TODO actually we'd like to check if we come from a submit and at
# the end of the day we'd like not to allow to many calls from a
# single submit either. We do not want to be a relay.
result = ''
if uid > 0:
# Extract the proper function path
fun = functions["" + req.form['f']]
# Call contains an array for Popen()
call = []
call.append(perl)
call.append(fun)
# add all parameters in proper syntax to POpen
for par in req.form:
if par != 'f':
call.append(par + '='+ req.form[par])
call.append('wwwhost=' + req.subprocess_env['HTTP_HOST'])
# Call the external and retrieve stdout as result
handle = sub.Popen(call, stdout=sub.PIPE, stderr=sub.PIPE)
result, err = handle.communicate()
return result
--
Kind regards,
Alexander Wagner
Subject Specialist
Central Library
52425 Juelich
mail : [email protected]
phone: +49 2461 61-1586
Fax : +49 2461 61-6103
www.fz-juelich.de/zb/DE/zb-fi
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
