[Zope] Redirect to a specific page, awstats for zope

Paul Winkler slinkp23@yahoo.com
Fri, 26 Oct 2001 10:53:55 -0400


On Fri, Oct 26, 2001 at 01:57:02PM +0300, Konstantinos Margaritis wrote:

Very cool!

About that URL checking:
> And I use the following Python script, and SQL methods:
> 
> cleanupQueryString:
> import string
> queries = string.split(queryString)
> return queries[0][1:]
> 
> (I know I have to build something more secure :-)

You could move this to an external method, and write a regexp that
matches only valid user names. Another approach would be to scan for
invalid characters. Obviously, how easy this is depends on how
restrictive you are with usernames.

# scan approach
bad_chars='!@#$%^&*()+-=`{}[]\|;:\'"\\<>,./'
for char in queries[0]:
    if char in bad_chars:
        raise SomeKindOfError
return queries[0], queries[:1]

# regexp approach
valid_regexp = re.compile('regexp goes here')
if valid_regexp.match(queries[0]):  # NOT regexp.search!
   return possible_username, queries[1:]
else:
   raise SomeKindOfError

-- 

paul winkler
home:  http://www.slinkp.com
music: http://www.reacharms.com
calendars: http://www.calendargalaxy.com