By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
444,089 Members | 2,159 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 444,089 IT Pros & Developers. It's quick & easy.

python/cgi/html bug

P: n/a
Hi.

I've written a cgi messageboard script in python, for an irc chan I happen
to frequent.

Bear with me, it's hard for me to describe what the bug is. So I've
divided this post into two sections: HOW MY SCRIPTS WORKS, and WHAT THE
BUG IS.

HOW MY SCRIPT WORKS

Basically, it's divided into two executable scripts......

One is the thread viewer, ppthread.py, which views threads. When someone
posts a new topic, for instance called "Generic new topic", it creates
a file called "Generic new topic.thread". It stores the post, and any
subsequent posts under in the thread in that file. Nice and simple I
figured.

The other executable script is the topic viewer, pptopic.py. All that does
is display the topics, by doing a "tops = os.popen('ls -c *.thread')" The
"ls -c" part reads the threads in the order in which they've been
modified, so the first item in the list is always the thread most recently
posted in.

It then creates an html link to each of the threads ... on the page the
html looks like....

<a href = ppthread.py?subject=foo>foo</a><br>

WHAT THE BUG IS ....

The problem is when someone posts a new topic, and that topic happens to
have "" double quotes, or any other strange character, some strange
glitches occur.

Best way to describe is to demonstrate it is go to the forum and try
it yourself. Try entering a topic with straight, ordindary characters, not
that you can re enter the thread any time you want and make new posts
under it. Then try entering a thread with new or whacky characters and see
how far you get.

http://funkmunch.net/~pirch/cgi-bin/...rum/pptopic.py

BTW, if you want to download the script, here it is in gzipped form
http://funkmunch.net/~pirch/pepperpot.tgz

Jul 18 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a

Dfenestr8 wrote:
Hi.

I've written a cgi messageboard script in python, for an irc chan I happen to frequent.

Bear with me, it's hard for me to describe what the bug is. So I've
divided this post into two sections: HOW MY SCRIPTS WORKS, and WHAT THE BUG IS.
...
The problem is when someone posts a new topic, and that topic happens to have "" double quotes, or any other strange character, some strange
glitches occur.


Use cgi.escape(topic, True) to convert HTML special characters to the
equivalent ampersand escape sequences.

Jul 18 '05 #2

P: n/a
On Tue, 18 Jan 2005 21:50:58 -0800, Dan Bishop wrote:

Dfenestr8 wrote:
Hi.

I've written a cgi messageboard script in python, for an irc chan I

happen
to frequent.

Bear with me, it's hard for me to describe what the bug is. So I've
divided this post into two sections: HOW MY SCRIPTS WORKS, and WHAT

THE
BUG IS.
...
The problem is when someone posts a new topic, and that topic happens

to
have "" double quotes, or any other strange character, some strange
glitches occur.


Use cgi.escape(topic, True) to convert HTML special characters to the
equivalent ampersand escape sequences.


Thanx.

Seems to work now. :)

Jul 18 '05 #3

P: n/a

Dfenestr8 wrote:
Hi.

I've written a cgi messageboard script in python, for an irc chan I happen to frequent.

This looks very good.
I've been looking for a python messageboard CGI for a long time.

If you wanted to add user accounts/login/admin etc. you could use
'Login Tools'. This is a python module built especially to do that. It
also provides a convenient way of saving user preferences etc.

http://www.voidspace.org.uk/python/logintools.html

If you want any help using it then feel free to ask.

Regards,

Fuzzy
http://www.voidspace.org.uk/python/index.shtml
Bear with me, it's hard for me to describe what the bug is. So I've
divided this post into two sections: HOW MY SCRIPTS WORKS, and WHAT THE BUG IS.

HOW MY SCRIPT WORKS

Basically, it's divided into two executable scripts......

One is the thread viewer, ppthread.py, which views threads. When someone posts a new topic, for instance called "Generic new topic", it creates a file called "Generic new topic.thread". It stores the post, and any
subsequent posts under in the thread in that file. Nice and simple I
figured.

The other executable script is the topic viewer, pptopic.py. All that does is display the topics, by doing a "tops = os.popen('ls -c *.thread')" The "ls -c" part reads the threads in the order in which they've been
modified, so the first item in the list is always the thread most recently posted in.

It then creates an html link to each of the threads ... on the page the html looks like....

<a href = ppthread.py?subject=foo>foo</a><br>

WHAT THE BUG IS ....

The problem is when someone posts a new topic, and that topic happens to have "" double quotes, or any other strange character, some strange
glitches occur.

Best way to describe is to demonstrate it is go to the forum and try
it yourself. Try entering a topic with straight, ordindary characters, not that you can re enter the thread any time you want and make new posts
under it. Then try entering a thread with new or whacky characters and see how far you get.

http://funkmunch.net/~pirch/cgi-bin/...rum/pptopic.py

BTW, if you want to download the script, here it is in gzipped form
http://funkmunch.net/~pirch/pepperpot.tgz


Jul 18 '05 #4

P: n/a
On Wed, 19 Jan 2005 04:32:04 -0800, Fuzzyman wrote:
This looks very good.
I've been looking for a python messageboard CGI for a long time.

Thanx!

No glaring security holes that you noticed? Other than being able to hide
things in html tags?
If you wanted to add user accounts/login/admin etc. you could use 'Login
Tools'. This is a python module built especially to do that. It also
provides a convenient way of saving user preferences etc.

http://www.voidspace.org.uk/python/logintools.html

If you want any help using it then feel free to ask.

Regards,


Jul 18 '05 #5

P: n/a
Dfenestr8 <ch**************@yahoo.com.au> writes:
No glaring security holes that you noticed? Other than being able to hide
things in html tags?


Looks like you can also embed arbitrary javascript (I just tried it).
I haven't looked at the script itself yet.
Jul 18 '05 #6

P: n/a
On Wed, 19 Jan 2005 12:15:18 -0800, Paul Rubin wrote:
Dfenestr8 <ch**************@yahoo.com.au> writes:
No glaring security holes that you noticed? Other than being able to
hide things in html tags?


Looks like you can also embed arbitrary javascript (I just tried it). I
haven't looked at the script itself yet.


fixed that.
try doing it now......

http://funkmunch.net/~pirch/cgi-bin/...rum/pptopic.py

Jul 18 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.