Clodoaldo Pinto Neto wrote:
> print 'The submited name was "' + name + '"'
Bzzt! Script injection security hole. See cgi.escape and use it (or a
similar function) for *all* text -> HTML output.
> open('files/' + fileitem.filename, 'w')
BZZT. filesystem overwriting security hole, possibly es
Jon Ribbens wrote:
> I'm sorry, that's not good enough. How, precisely, would it break
> "existing code"?
('owdo Mr. Ribbens!)
It's possible there could be software that relies on ' not being
escaped, for example:
# Auto-markup links to O'Reilly, everyone's favourite
# example name with
Christopher J. Bottaro wrote:
> When I make a post, it just hangs (in self.rfile.read()).
I don't know about BaseHTTPRequestHandler in particular, but in general
you don't want to call an unlimited read() on an HTTP request - it will
try to read the entire incoming stream, up until the stream is
Sion Arrowsmith wrote:
> I've never encountred a browser getting tripped up by it. I suppose you
> might need it if you've got parameters called quot or nbsp
There are many more entities than you can comfortably remember, and
browsers can interpret anything starting with one as being an entity
re
Istvan Albert wrote:
> But these new icons are too large, too blocky and too pastel.
Hooray! Glad to see *someone* doesn't like 'em, I'll expect a few more
when b1 hits. :-)
Although I can't really see 'large', 'blocky' or 'pastel'... they're
the same size and shape as other Windows document ico
John Salerno wrote:
> I love the new 'folder' icon, but how can I access it as an icon?
I've just given these are proper home, so here:
http://doxdesk.com/software/py/pyicons.html
cheers!
--
And Clover
mailto:[EMAIL PROTECTED]
http://www.doxdesk.com/
--
http://mail.python.org/mailman/list
Sullivan WxPyQtKinter wrote:
> 1. Are there any method (in python of course) to redirect to a web page
> without causing a "Back" button trap... rather than the redirection page
> with a "Location: url" head
What's wrong with the redirection page?
If there's really a necessary reason for not usi
AB wrote:
> I tried the following with the same result:
> myName = ulImage.filename
> newFile = file (os.path.join(upload_dir, os.path.basename(myName)), 'wb')
os.path is different on your system to the uploader's system. You are
using Unix pathnames, with a '/' separator - they are using Windows
Fredrik Lundh wrote:
> could you perhaps add an SVG version ?
Yes. I'll look at converting when I've used them a bit and am happy
with them. I think some of the higher-level Xara effects may not
convert easily to SVG but I'm sure there'll be workarounds of some
sort.
--
And Clover
mailto:[EMAIL
Luis M. González wrote:
> This is strange... I've been trying to access this site since
> yesterday, but I couldn't
Might it be possible you have malware installed? Since I do a bunch of
anti-spyware work, there are a few different bits of malware that try
to block doxdesk.com, usually using a Ho
Michael Tobis wrote:
> Besides the pleasant colors what do you like about it?
I like that whilst being a solid and easily-recognisable, it isn't
clever-clever.
I had personally been idly doodling some kind of swooshy thing before,
with a snake's head forming a P and its forked tongue a Y coming
John Salerno wrote:
> So as it turns out, Unicode and UTF-8 are not the same thing?
Well yes. UTF-8 is one scheme in which the whole Unicode character
repertoire can be represented as bytes.
Confusion arises because Windows uses the name 'Unicode' in character
encoding lists, to mean UTF-16_LE,
Scott David Daniels wrote:
> Maybe you could change the ink color to better distinguish
> the pycon and pyc icons.
Yeah, might do that... I'm thinking I might flip the pycon icon so that
the Windows shortcut badge doesn't obscure the Python logo, too. Maybe.
I'll let them stew on my desktop for
Personally, I *like* the new website look, and I'm glad to see Python
having a proper logo at last!
I've taken the opportunity to knock up some icons using it, finally
banishing the poor old standard-VGA-palette snake from my desktop. If
you like, you can grab them from:
http://www.doxdesk.com/
Akihiro KAYAMA wrote:
> As the character set is wider than UTF-16(U+10), I can't use
> Python's native unicode string class.
Have you tried using Python compiled in Wide Unicode mode
(--enable-unicode=ucs4)? You get native UTF-32/UCS-4 strings then,
which should be enough for most purposes.
-
Stuart wrote:
> I see that the 'Image' class has a 'palette' attribute which returns an
> object of type 'ImagePalette'. However, the documentation is a bit
> lacking regarding how to maniuplate the ImagePalette class to retrieve
> the palette entries' RGB values.
ImagePalette.getdata() should d
Uche Ogbuji <[EMAIL PROTECTED]> wrote:
> Andrew Clover also suggested an overly-legalistic argument that current
> minidom behavior is not a bug.
I stick by my language-law interpretation of spec. DOM 2 Core
specifically disclaims any responsibility for namespace fixup and
advises the application
Uche <[EMAIL PROTECTED]> wrote:
> Of course. Minidom implements level 2 (thus the "NS" at the end of the
> method name), which means that its APIs should all be namespace aware.
> The bug is that writexml() and thus toxml() are not so.
Not exactly a bug - DOM Level 2 Core 1.1.8p2 explicitly leav
[EMAIL PROTECTED] wrote:
> I looked at the PIL Image class but cannot see a posibility to retreive
> the image resolution dots per inch (or pixels per inch)
Not all formats provide a DPI value; since PIL doesn't do anything with
DPI it's not part of the main interface.
For PNG and JPEG at least
Walter Brunswick <[EMAIL PROTECTED]> wrote:
> I need to import modules with user-defined file extensions
> that differ from '.py', and also (if possible) redirect the
> bytecode output of the file to a file of a user-defined
> extension.
You shouldn't really need a PEP for that; you can take cont
Daniel Bickett wrote:
> Python using CGI, for example, was enough for him until he started
> getting 500 errors that he wasn't sure how to fix.
Every time you mention web applications on this list, there will
necessarily be a flood of My Favourite Framework Is X posts.
But you* sound like you do
Alex Gittens wrote:
> I'm getting an UnboundLocalError
> def fieldprint(widths,align,fields): [...]
> def cutbits(): [...]
> fields = fields[widths[i]:]
There's your problem. You are assigning 'fields' a completely new
value. Python doesn't allow you to rebind a variable from an oute
Florian Lindner wrote:
> sha = sha.new(f.read())
> this generates a traceback when sha.new() is called for the second time
You have reassigned the variable 'sha'.
First time around, sha is the sha module object as obtained by 'import
sha'. Second time around, sha is the SHA hashing obje
Lothat <[EMAIL PROTECTED]> wrote:
> No test with or without any " let the IIS execute python scrits as cgi.
> Http Error code is 404 (but i'm sure that the file exists in the
> requested path).
Have you checked the security restrictions? IIS6 has a new feature
whereby script mappings are disabled
Alain <[EMAIL PROTECTED]> wrote:
> I would expect a piece of XML to be read, parsed and written back
> without corruption [...]. It isn't however the case when it comes
> to CDATA handling.
This is not corruption, exactly. For most intents and purposes, CDATA
sections should behave identically to
BrianS wrote:
> File "/usr/share/printconf/util/printconf_conf.py", line 83, in ?
> from xml.utils import qp_xml
> ImportError: No module named utils
> It seems that the xml package have been changed.
Not exactly. xml.utils is part of the XML processing package PyXML -
you don't get it in
Doug Helm wrote:
> form = cgi.FieldStorage()
> if lobjUp.Save('filename', 'SomeFile.jpg'):
> class BLOB(staticobject.StaticObject):
> def Save(self, pstrFormFieldName, pstrFilePathAndName):
> form = cgi.FieldStorage()
You are instantiating cgi.FieldStorage twice. This won't work for POST
Skip Montanaro wrote:
> I use sets a lot in my Python 2.3 code at work and have been using
> this hideous import to make the future move to 2.4's set type
> transparent:
> try:
> x = set
(Surely just 'set' on its own is sufficient? This avoids the ugly else
clause.)
> __builtin_
Xah Lee <[EMAIL PROTECTED]> wrote:
> is it possible in Python to create a function that maintains a
> variable value?
Yes. There's no concept of a 'static' function variable as such, but
there are many other ways to achieve the same thing.
> globe=0;
> def myFun():
> globe=globe+1
> return g
Xah Lee <[EMAIL PROTECTED]> wrotE:
> i have a bunch of files encoded in GB18030. Is there a way to convert
> them to utf16 with python?
You will need CJKCodecs (http://cjkpython.i18n.org/), or Python 2.4,
which has them built in. Then just use them like any other codec. eg.
f= open(path, 'rb')
Frank Abel Cancio Bello <[EMAIL PROTECTED]> wrote:
> PrettyPrint or Print return the value to the console, and i need
> keep this value in a string variable to work with it, how can i
> do this?
The second parameter to either of these functions can be a stream
object, so you can use a StringIO t
Horst Gutmann wrote:
> I currently have quite a big problem with minidom and special chars
> (for example ü) in HTML.
Yes. Ignoring the issue of the wrong doctype, minidom is a pure XML
parser and knows nothing of XHTML and its doctype's entities 'uuml' and
the like. Only the built-in entities (
Dan Perl wrote:
> how is a multipart POST request parsed by CGIHTTPServer?
It isn't; the input stream containing the multipart/form-data content
is passed to the CGI script, which can choose to parse it or not using
any code it has to hand - which could be the 'cgi' module, but not
necessarily.
John Machin wrote:
> I regard continued usage of octal as a pox and a pestilence.
Quite agree. I was disappointed that it ever made it into Python.
Octal's only use is:
a) umasks
b) confusing the hell out of normal non-programmers for whom a
leading zero is in no way magic
(a) does not outweig
Grzegorz Adam Hankiewicz <[EMAIL PROTECTED]> wrote:
> I have looked at xml.minidom, elementtree and gnosis and haven't
> found any such features. Are there libs providing these?
pxdom (http://www.doxdesk.com/software/py/pxdom.html) has some of this,
but I think it's still way off what you're envi
Choe, Cheng-Dae wrote:
> example site is http://bbs.pythonworld.net:9080/pybbs.py
Since this seems quite happy to accept posted
Andreas Volz <[EMAIL PROTECTED]> schrieb:
> Ich hab mir schon überlegt einfach die letzten viel Stellen des
> strings "per Hand" auf die Zeichenfolge zu vergleichen und so
> regex zu umgehen. Aber ich muss es irgendwann ja doch mal nutzen
"Muss"? stimme nicht zu! Regexps sind ja fuer begrenzte Zw
37 matches
Mail list logo
