[Zope-dev] getting request variables values

Steve Alexander steve@cat-box.net
Fri, 21 Jul 2000 08:04:14 +0100


Steve Alexander wrote:
> 
> However, looking in the code, it starts off by looking in "other", and
> doesn't look in "environ" at all.
> 
> I suggest a patch to go right after the method's docstring:
> 
>     def __getitem__(self,key,
>                     default=_marker, # Any special internal marker will
> do
>                     URLmatch=regex.compile('URL[0-9]+$').match,
>                     BASEmatch=regex.compile('BASE[0-9]+$').match,
>                     ):
>         """Get a variable value
> 
>         Return a value for the required variable name.
>         The value will be looked up from one of the request data
>         categories. The search order is environment variables,
>         other variables, form data, and then cookies.
> 
>         """ #"
> +       environ=self.environ
> +       if environ.has_key(key):
> +           return environ[key]
>         other=self.other
>         if other.has_key(key):
>             if key=='REQUEST': return self
>             return other[key]


Ok... I was wrong :-/

A bit later we have:

        if isCGI_NAME(key) or key[:5] == 'HTTP_':
            environ=self.environ
            if environ.has_key(key) and (not hide_key(key)):
                return environ[key]
            return ''

I was only sort-of wrong though :-)

The code certainly doesn't stick exactly to its docstring. The "other"
dictionary is seached first, then URLx where x is a number.
Then "environ" is searched, but *only* if the key begins with 'HTTP_' or
is in the following list:

SERVER_SOFTWARE, SERVER_NAME, GATEWAY_INTERFACE, SERVER_PROTOCOL,
SERVER_PORT, REQUEST_METHOD, PATH_INFO, PATH_TRANSLATED, SCRIPT_NAME,
QUERY_STRING, REMOTE_HOST, REMOTE_ADDR, AUTH_TYPE, REMOTE_USER,
REMOTE_IDENT, CONTENT_TYPE, CONTENT_LENGTH, SERVER_URL

Looking in Leonardo's sample environment, a posted to this list, there's
a lot of keys that won't get matched:

SSL_*
HTTPS_*
REMOTE_PORT
SERVER_ROOT
SERVER_SIGNATURE


My question is "why was __getitem__ of HTTPRequest.py designed this
way?".

Is there a good reason that it filters the keys according to membership
of a standard-cgi-keys list, or whether they start with 'HTTP_' ?
Would there be any disadvantage to altering __getitem__ so that it
behaves according to its docstring?

If so, the patch would probably be something like:

line 753.
         """ #"
 +       environ=self.environ
 +       if environ.has_key(key) and (not hide_key(key)):
 +           return environ[key]
         other=self.other
         if other.has_key(key):
             if key=='REQUEST': return self
             return other[key]

        if key[:1]=='U' and URLmatch(key) >= 0:
            path = self._script + self._steps
            n = len(path) - atoi(key[3:])
            if n < 0:
                raise KeyError, key
            URL=join([other['SERVER_URL']] + path[:n], '/')
            other[key]=URL
            self._urls = self._urls + (key,)
            return URL

-       if isCGI_NAME(key) or key[:5] == 'HTTP_':
-           environ=self.environ
-           if environ.has_key(key) and (not hide_key(key)):
-               return environ[key]
-           return ''

Comments?

--
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net