-
-
Save GadgetSteve/df344e517ec66c3a18f0f087b8ceec87 to your computer and use it in GitHub Desktop.
CGI Debugging - sometimes you have a web page that uses CGI and you need to see what data is being POSTed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
""" | |
This script is based on https://cgi.tutorial.codepoint.net/file-upload but with changes as needed. | |
To use: | |
- Download the web page to be debugged. | |
- Edit it to replace `action="/cgi-bin/cgi-post"` with `action="/cgi-bin/cgi-post.py"` (on Windows on Linux you can simply rename this file to not have .py at the end. | |
- place in a cgi-bin subdirectory of the one where you saved the web page | |
- start a simple web server with ` python -m http.server 8001 --bind localhost --cgi` | |
- browse to http://localhost:8001/factory_page.html or whatever the file is called. | |
- Fill in and submit the form. | |
""" | |
import cgi, os | |
# Enable browser based CGI debugging | |
import cgitb; | |
cgitb.enable() | |
try: # Windows needs stdio set for binary mode. | |
import msvcrt | |
msvcrt.setmode (0, os.O_BINARY) # stdin = 0 | |
msvcrt.setmode (1, os.O_BINARY) # stdout = 1 | |
except ImportError: | |
pass | |
form = cgi.FieldStorage() | |
message = "<H1>Form Submitted!</H1>" | |
message += "<P>Form Fields: " +", ".join(form.keys()) + "</P><UL>" | |
for k in form.keys(): | |
message += f"<LI>{k}:{form[k]}</LI>" | |
message += "</UL>" | |
# A nested FieldStorage instance holds the file - the name will depend on the form | |
if 'updatefilename' in form: | |
fileitem = form['updatefilename'] | |
# Test if the file was uploaded | |
if fileitem.filename: | |
# strip leading path from file name | |
# to avoid directory traversal attacks | |
fn = os.path.basename(fileitem.filename) | |
# Ucomment the following line if you would like to actually save the uploaded file | |
#open('files/' + fn, 'wb').write(fileitem.file.read()) | |
filelen = len(fileitem.file.read()) | |
message += f'<P>The file "{fn}" was uploaded successfully with {filelen} bytes.</P>' | |
else: | |
message = '<P>No file was uploaded</P>' | |
print ("""\ | |
Content-Type: text/html\n | |
<html><body> | |
%s | |
</body></html> | |
""" % (message,)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment