[albatross-users] [Fwd: problem with static data members in templates ...]

Francis Meyvis francis.meyvis at sonycom.com
Fri Mar 28 01:51:03 EST 2003 

Hoi,

Seems I made a scripting error that caused
the error described in my previous email.

However my problems with the idea are not gone.
When the post request from the form arrives I get the error
in context.py NamespaceMixin::set_value() described below.

I patched the method by adding an exception catch
in which I evaluate a statement "name = `value`".
Is there a danger doing so?
There's a big change someone can execute arbitrary code this way?

try:
   original code
except:
   vsStatement = name + "=" + `value` + "\n"
   exec vsStatement in self.locals.__dict__

Kind regards,
francis

Template traceback (most recent call last):

Traceback (most recent call last):
   File "lib/albatross/app.py", line 145, in run
     self.merge_request(ctx)
   File "lib/albatross/app.py", line 219, in merge_request
     ctx.merge_request()
   File "lib/albatross/context.py", line 297, in merge_request
     self.set_value(name, value)
   File "lib/albatross/context.py", line 355, in set_value
     index = int(elem)
ValueError: invalid literal for int(): prj



-------- Original Message --------
Subject: problem with static data members in templates ...
Date: Thu, 27 Mar 2003 12:59:33 +0100
From: Francis Meyvis <francis.meyvis at sonycom.com>
To: albatross-users at object-craft.com.au

Hoi,

In a HTML form I present a database record/row data for editing.
The class cRow abstacts the db data.
The class in a simplified form is presented next:


class cRow():

    mFld = cField("table_name")

    def __init__(s, atData):
      mlData = list(atData)    # convert db query result tuple to list

    def __getitem__(s, i): return mlData[i]
    def __setitem__(s, i, v): mlData[i] = v

    def validate(): ... # validate the data in mlData
    def update(): ... # update database with changed mlData


cField is a static datamember to conserve memory
(it is the same for all rows of that specific table).
cField uses the DB API II ".description" to query the table format.
Using this information it adds datamembers to itself during __init__()
e.g.
mFld.mVal.NAME evaluates to a numberic index for
indexing the list "mlData" to find the value
corresponding to the column named 'NAME'


In the template I do something like this:

<al-input type="text" name="row[row.mFld.mVal.NAME]"/>

The idea was :-( that "row" is found in context.locals.
The advantage I saw, was that row's mlData is read and write
by albatross templating mechanism.
No need for me to start adding accessor functions.

But is does not work, I get the trace dump error below
(I use slight different variable names).

This could be a python 2.1 limitation however.
When I do a "dir(row)" I only see row's normal data members.
Not the static data member mFld.
In my python code (not template) itself this mechanism
for manipulating db data through cRow works.

Does someone on the list has a simple solution?

Many thanks,
francis




Template traceback (most recent call last):
    File "tmpl/prjAdd.html", line 34, in al-form
    <al-form method="post">
    File "tmpl/prjAdd.html", line 40, in al-input
          <td><al-input type="text" name="prjName"
expr="xprj[xprj.mFld.mVal.OWNERID]"/></th>

Traceback (most recent call last):
    File "/usr/lib/python2.1/site-packages/albatross/app.py", line 147,
in run
      self.display_response(ctx)
    File "/usr/lib/python2.1/site-packages/albatross/app.py", line 305,
in display_response
      func(ctx)
    File "page/prjAdd.py", line 58, in page_display
      aoCtx.run_template(mode.GetTmplName(aoCtx))
    File "/usr/lib/python2.1/site-packages/albatross/app.py", line 65, in
run_template
      templ.to_html(self)
    File "/usr/lib/python2.1/site-packages/albatross/template.py", line
358, in to_html
      self.content.to_html(ctx)
    File "/usr/lib/python2.1/site-packages/albatross/template.py", line
150, in to_html
      item.to_html(ctx)
    File "/usr/lib/python2.1/site-packages/albatross/tags.py", line 242,
in to_html
      EnclosingTag.to_html(self, ctx)
    File "/usr/lib/python2.1/site-packages/albatross/template.py", line
189, in to_html
      self.content.to_html(ctx)
    File "/usr/lib/python2.1/site-packages/albatross/template.py", line
150, in to_html
      item.to_html(ctx)
    File "/usr/lib/python2.1/site-packages/albatross/tags.py", line 117,
in to_html
      self.unbound_to_html(self, ctx)
    File "/usr/lib/python2.1/site-packages/albatross/tags.py", line 122,
in generic_to_html
      name, value = self.get_name_and_value(ctx)
    File "/usr/lib/python2.1/site-packages/albatross/tags.py", line 90,
in get_name_and_value
      return name, self.eval_expr(ctx)
    File "/usr/lib/python2.1/site-packages/albatross/tags.py", line 36,
in eval_expr
      return ctx.eval_expr(self.expr)
    File "/usr/lib/python2.1/site-packages/albatross/context.py", line
320, in eval_expr
      return eval(expr, self.__globals, self.locals.__dict__)
    File "<albatross>", line 0, in ?
AttributeError: mFld

More information about the Albatross-users mailing list