@@ -66,7 +66,29 @@ \subsection{Using the cgi module}
6666*} --- the module defines all sorts of names for its own use or for
6767backward compatibility that you don't want in your namespace.
6868
69- It's best to use the \class {FieldStorage} class. The other classes
69+ When you write a new script, consider adding the line:
70+
71+ \begin {verbatim }
72+ import cgitb; cgitb.enable()
73+ \end {verbatim }
74+
75+ This activates a special exception handler that will display detailed
76+ reports in the Web browser if any errors occur. If you'd rather not
77+ show the guts of your program to users of your script, you can have
78+ the reports saved to files instead, with a line like this:
79+
80+ \begin {verbatim }
81+ import cgitb; cgitb.enable(display=0, logdir="/tmp")
82+ \end {verbatim }
83+
84+ It's very helpful to use this feature during script development.
85+ The reports produced by \refmodule {cgitb} provide information that
86+ can save you a lot of time in tracking down bugs. You can always
87+ remove the \code {cgitb} line later when you have tested your script
88+ and are confident that it works correctly.
89+
90+ To get at submitted form data,
91+ it's best to use the \class {FieldStorage} class. The other classes
7092defined in this module are provided mostly for backward compatibility.
7193Instantiate it exactly once, without arguments. This reads the form
7294contents from standard input or the environment (depending on the
@@ -389,7 +411,9 @@ \subsection{Functions}
389411\end {funcdesc}
390412
391413
392- \subsection {Caring about security }
414+ \subsection {Caring about security \label {cgi-security } }
415+
416+ \indexii {CGI}{security}
393417
394418There's one important rule: if you invoke an external program (via the
395419\function {os.system()} or \function {os.popen()} functions. or others
@@ -466,7 +490,7 @@ \subsection{Testing your CGI script}
466490have no choice but to read the next section.
467491
468492
469- \subsection {Debugging CGI scripts }
493+ \subsection {Debugging CGI scripts } \indexii {CGI}{debugging}
470494
471495First of all, check for trivial installation errors --- reading the
472496section above on installing your CGI script carefully can save you a
@@ -508,51 +532,24 @@ \subsection{Debugging CGI scripts}
508532opened, etc.), the Python interpreter prints a nice traceback and
509533exits. While the Python interpreter will still do this when your CGI
510534script raises an exception, most likely the traceback will end up in
511- one of the HTTP server's log file , or be discarded altogether.
535+ one of the HTTP server's log files , or be discarded altogether.
512536
513537Fortunately, once you have managed to get your script to execute
514- \emph {some } code, it is easy to catch exceptions and cause a traceback
515- to be printed. The \function {test()} function below in this module is
516- an example. Here are the rules:
517-
518- \begin {enumerate }
519- \item Import the traceback module before entering the \keyword {try}
520- ... \keyword {except} statement
521-
522- \item Assign \code {sys.stderr} to be \code {sys.stdout}
523-
524- \item Make sure you finish printing the headers and the blank line
525- early
526-
527- \item Wrap all remaining code in a \keyword {try} ... \keyword {except}
528- statement
529-
530- \item In the except clause, call \function {traceback.print_exc()}
531- \end {enumerate }
532-
533- For example:
538+ \emph {some } code, you can easily send tracebacks to the Web browser
539+ using the \refmodule {cgitb} module. If you haven't done so already,
540+ just add the line:
534541
535542\begin {verbatim }
536- import sys
537- import traceback
538- print "Content-Type: text/html"
539- print
540- sys.stderr = sys.stdout
541- try:
542- ...your code here...
543- except:
544- print "\n\n<PRE>"
545- traceback.print_exc()
543+ import cgitb; cgitb.enable()
546544\end {verbatim }
547545
548- Notes: The assignment to \code {sys.stderr} is needed because the
549- traceback prints to \code {sys.stderr}.
550- The \code {print "{\e}n{\e}n<PRE>" } statement is necessary to
551- disable the word wrapping in HTML.
546+ to the top of your script. Then try running it again; when a
547+ problem occurs, you should see a detailed report that will
548+ likely make apparent the cause of the crash.
552549
553- If you suspect that there may be a problem in importing the traceback
554- module, you can use an even more robust approach (which only uses
555- built-in modules):
550+ If you suspect that there may be a problem in importing the
551+ \refmodule {cgitb} module, you can use an even more robust approach
552+ (which only uses built-in modules):
556553
557554\begin {verbatim }
558555import sys
@@ -567,7 +564,7 @@ \subsection{Debugging CGI scripts}
567564HTML processing. If your script works, the raw HTML will be displayed
568565by your client. If it raises an exception, most likely after the
569566first two lines have been printed, a traceback will be displayed.
570- Because no HTML interpretation is going on, the traceback will
567+ Because no HTML interpretation is going on, the traceback will be
571568readable.
572569
573570
@@ -586,8 +583,8 @@ \subsection{Common problems and solutions}
586583\item Always check a script for syntax errors first, by doing something
587584like \samp {python script.py}.
588585
589- \item When using any of the debugging techniques, don't forget to add
590- \samp {import sys } to the top of the script.
586+ \item If your script does not have any syntax errors, try adding
587+ \samp {import cgitb; cgitb.enable() } to the top of the script.
591588
592589\item When invoking external programs, make sure they can be found.
593590Usually, this means using absolute path names --- \envvar {PATH} is
0 commit comments