Make os.popen() available to scripts
I would like to make os.popen() available to python scripts added via the Zope management interface [1]. Following a previous posting, people pointed me to zope/lib/python/Products/PythonScripts/README.txt and Paul Winkler added to that a URL <http://www.zopelabs.com/cookbook/1074897091>. Following the README all I need do is create an __init__.py file with the content: from Products.PythonScripts.Utility import allow_module allow_module('os.popen') in an appropriate products folder. As this got me nowhere I dug around and found that "# These have been relocated, and should be imported from AccessControl" so I modified this to: from AccessControl import allow_module allow_module('os.popen') This I've done and indeed, I have the appropriate product listed in the Control Panel. When I call my testScript, it all works fine up to: return popen(cmd_str).read() Where cmd_str is a valid string which has been run in a standalone python environment. When I uncomment this line I get endless requests for a username:password pair from the browser. Quite obviously I'm doing something wrong. At this point in time I do not understand Zope at all and the more I read, the more confused I get :-( Can someone point me in the right direction? Many thanks Simon Forster _____________________________________________________ LDML Ltd, 62 Pall Mall, London, SW1Y 5HZ, UK Tel: +44 (0)70 9230 5244 Fax: +44 (0)70 9230 5247 _____________________________________________________ [1] Actually, I don't care where I call os.popen() from. I've played with external scripts and started down the road of futzing with a product to do this. However, the simplest approach seems to be the one I following at the moment. Once I can get this working, hopefully I can progress in other areas.
allow_module() is not a solution for all and everything. I strongly to recommend using an External Method instead. -aj --On Montag, 9. August 2004 15:55 Uhr +0100 Simon Forster <simon-lists@ldml.com> wrote:
I would like to make os.popen() available to python scripts added via the Zope management interface [1]. Following a previous posting, people pointed me to zope/lib/python/Products/PythonScripts/README.txt and Paul Winkler added to that a URL <http://www.zopelabs.com/cookbook/1074897091>.
Following the README all I need do is create an __init__.py file with the content:
from Products.PythonScripts.Utility import allow_module allow_module('os.popen')
in an appropriate products folder. As this got me nowhere I dug around and found that "# These have been relocated, and should be imported from AccessControl" so I modified this to:
from AccessControl import allow_module allow_module('os.popen')
This I've done and indeed, I have the appropriate product listed in the Control Panel. When I call my testScript, it all works fine up to:
return popen(cmd_str).read()
Where cmd_str is a valid string which has been run in a standalone python environment. When I uncomment this line I get endless requests for a username:password pair from the browser.
Quite obviously I'm doing something wrong. At this point in time I do not understand Zope at all and the more I read, the more confused I get :-(
Can someone point me in the right direction?
Many thanks
Simon Forster _____________________________________________________ LDML Ltd, 62 Pall Mall, London, SW1Y 5HZ, UK Tel: +44 (0)70 9230 5244 Fax: +44 (0)70 9230 5247 _____________________________________________________
[1] Actually, I don't care where I call os.popen() from. I've played with external scripts and started down the road of futzing with a product to do this. However, the simplest approach seems to be the one I following at the moment. Once I can get this working, hopefully I can progress in other areas.
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Hi, Am Mo, den 09.08.2004 schrieb Simon Forster um 16:55:
I would like to make os.popen() available to python scripts added via the Zope management interface [1]. Following a previous posting, people pointed me to zope/lib/python/Products/PythonScripts/README.txt and Paul Winkler added to that a URL <http://www.zopelabs.com/cookbook/1074897091>.
Following the README all I need do is create an __init__.py file with the content:
from Products.PythonScripts.Utility import allow_module allow_module('os.popen')
in an appropriate products folder. As this got me nowhere I dug around and found that "# These have been relocated, and should be imported from AccessControl" so I modified this to:
from AccessControl import allow_module allow_module('os.popen')
This I've done and indeed, I have the appropriate product listed in the Control Panel. When I call my testScript, it all works fine up to:
return popen(cmd_str).read()
Where cmd_str is a valid string which has been run in a standalone python environment. When I uncomment this line I get endless requests for a username:password pair from the browser.
Quite obviously I'm doing something wrong. At this point in time I do not understand Zope at all and the more I read, the more confused I get :-(
Can someone point me in the right direction?
First of all: you are about to open the biggest security hole one can imagine. If your zope protection fails somewhere or you pass not fully sanitized strings from forms to your popen call your system is fully open for the wild. For the rare cases you want to call another program, you should explicitely hardcode the call and make sure no raw arguments get passed. Be really sure you need to call the external program! The python library is rich and you can do almost everything with it. There are a lot of 3rd party python modules for a lot of purposes. Ok, if you still are sure, try to do the following: declare the popen call and declare its return value (which is a class) protected. Another handy solution is to write a small helper function directly into your __init__.py def mypopen(args): return popen(args).read() and just open this function for python scripts. (even import popen as orig_popen and use the name popen for your wrapper is possible)
Simon Forster wrote at 2004-8-9 15:55 +0100:
I would like to make os.popen() available to python scripts added via the Zope management interface [1]. Following a previous posting, people pointed me to zope/lib/python/Products/PythonScripts/README.txt and Paul Winkler added to that a URL <http://www.zopelabs.com/cookbook/1074897091>.
Following the README all I need do is create an __init__.py file with the content:
from Products.PythonScripts.Utility import allow_module allow_module('os.popen')
Most names in the Zope world are well chosen: the named objects do what their name suggests. In the example above, the name is "allow_module". When you take the name seriously, your recognize that it applies to a module. "os.popen" is a function (and not a module). And, as you observe: it does not work... Please take names seriously! There are a few badly chosen names but in general, you can trust them... -- Dieter
participants (4)
-
Andreas Jung -
Dieter Maurer -
Simon Forster -
Tino Wildenhain