[Zope] Creating files on server
Tino Wildenhain
tino@wildenhain.de
Tue, 24 Apr 2001 18:27:00 +0200
Hi Gitte,
the built in "open()" is a high security risk and therefore not
exposed to pythonmethods. For this you should stick to
Chris' solution with external method. However keep sure
your script cannot be tricked to write files anywhere on the filesystem!
Dont use + to concenat pathname parts. Use os.path.join() instead.
Try os.path.split(os.path.normpath(os.path.join(part,of,your,pathname)))
to see the result of the concenation and if its still in the directory
you want it to be. (someone could feed '../../name' into your script)
HTH
Tino
--On Dienstag, 24. April 2001 13:48 +0200 Gitte Wange <gitte@mmmanager.org>
wrote:
> On 24 Apr 2001 12:31:08 +0100, Chris Withers wrote:
>> Gitte Wange wrote:
>> >
>> > Okay maybe I didn't express myself very clear.
>> > Can anyone tell me how I - in somw way - create a file on the server
>> > through Zope ?
>>
>> On the filesystem? LocalFS might be right, read the documentation for it
>> (it can eb a bit tricky to find the useful bits from what I remember ;-)
>>
>> Failing that, use an external method:
>>
>> def write_stuff(self,path,stuff):
>> f = open(path,'w')
>> f.write(stuff)
>> f.close()
>>
>> cheers,
>>
>> Chris
>
>
> I have tried the following:
> I added a script(Python):
> argument list: server, mediafile, tcin, tcout, id, clipname
>
> The code looks like this:
> fil = open("/root/Real/Content/" + id + clipname + ".smil", 'w') #Open
> file
> text = "<smil>\n\t<body>\n\t\t<audio src=\"rtps://" + server + "/" +
> mediafile + " clip-begin=\"" + tcin + "\" clip-end=\"" + tcout +
> "\">\n\t</body>\n\n</smil>"
> fil.write(text)
> fil.close()
>
> Now when running this script I get a NameError on "open".
> What is wrong ?
>
> Regards,
> Gitte
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )